Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect - recipe virus


  • Please log in to reply
29 replies to this topic

#1 Pere92

Pere92

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 30 November 2012 - 03:56 PM

HI - Definetly have some sort of virus on another computer in my home. I tried to access bleeping computer downloads from there and was redirected. My iolo system shield keeps popping up telling me it is blocking a threat. I ran a full system scan and there was nothing detected, but it says that my firewall is disabled and also that my definitions are outdated. When I click to correct that, it changes to the green check, like its fixed, but as soon as I close the box, those warnings are back.

I ran TDSS killer and nothing was found. I am going to download malwarebytes on a flash drive and bring it over and see what happens.

Any help that can be provided would be SERIOUSLY appreciated.
Thanks

Edited by Pere92, 30 November 2012 - 03:57 PM.


BC AdBot (Login to Remove)

 


#2 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 30 November 2012 - 04:18 PM

As I am running the malwarebytes (which already has 4 objects detected) the program blocked and quarantined an attack. I suppose bc whatever it is has shut down my firewall?

#3 kingnick42

kingnick42

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 30 November 2012 - 04:23 PM

Boot the infected computer into safe mode. Normally pressing and holding f8 during boot will give you this option. Download (on another computer), copy across (to the infected computer) and run rkill. Then, run an antivirus scan (what antivirus do you have?). Also, run CCleaner and clear out temp files,sometimes viruses/malware hide in the temp directory.

This is a start at least.

Edited by kingnick42, 30 November 2012 - 04:25 PM.


#4 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 30 November 2012 - 10:38 PM

I can't seem to enable the firewall

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 30 November 2012 - 10:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#6 kingnick42

kingnick42

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 01 December 2012 - 05:23 PM

I can't seem to enable the firewall


That'll be because you're infected. Stop trying to enable to firewall, concentrate on removing the infections. Then your firewall will work.

#7 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 December 2012 - 11:44 PM

Thank you. I have downloaded the recommended support processes onto a flash drive and tomorrow I will get to run the logs and post them.

#8 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 05 December 2012 - 04:39 PM

I am having a problem getting the askMBR to load the update. It sits idle after loading just a very little bit. 20 minutes no change. should I just go ahead and post the logs for the other things and do I run the MBR as is with no update?


no no never mind - I downloaded it over again onto the flash driv and it was fine now. log below and shows infected file. running eset scan now

Edited by Pere92, 05 December 2012 - 06:24 PM.


#9 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 05 December 2012 - 06:21 PM

16:51:04.0062 11128 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:51:04.0906 11128 ============================================================
16:51:04.0906 11128 Current date / time: 2012/12/05 16:51:04.0906
16:51:04.0906 11128 SystemInfo:
16:51:04.0906 11128
16:51:04.0906 11128 OS Version: 5.1.2600 ServicePack: 3.0
16:51:04.0906 11128 Product type: Workstation
16:51:04.0906 11128 ComputerName: KIDS
16:51:04.0906 11128 UserName: Owner
16:51:04.0906 11128 Windows directory: C:\WINNT
16:51:04.0906 11128 System windows directory: C:\WINNT
16:51:04.0906 11128 Processor architecture: Intel x86
16:51:04.0906 11128 Number of processors: 2
16:51:04.0906 11128 Page size: 0x1000
16:51:04.0906 11128 Boot type: Normal boot
16:51:04.0906 11128 ============================================================
16:51:08.0546 11128 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:51:08.0593 11128 Drive \Device\Harddisk5\DR10 - Size: 0x7A900000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:51:08.0593 11128 ============================================================
16:51:08.0593 11128 \Device\Harddisk0\DR0:
16:51:08.0593 11128 MBR partitions:
16:51:08.0593 11128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
16:51:08.0593 11128 \Device\Harddisk5\DR10:
16:51:08.0593 11128 MBR partitions:
16:51:08.0593 11128 \Device\Harddisk5\DR10\Partition1: MBR, Type 0x6, StartLBA 0x1F0, BlocksNum 0x3D4610
16:51:08.0593 11128 ============================================================
16:51:08.0625 11128 C: <-> \Device\Harddisk0\DR0\Partition1
16:51:08.0640 11128 ============================================================
16:51:08.0640 11128 Initialize success
16:51:08.0640 11128 ============================================================
16:51:10.0328 11312 ============================================================
16:51:10.0328 11312 Scan started
16:51:10.0328 11312 Mode: Manual;
16:51:10.0328 11312 ============================================================
16:51:12.0000 11312 ================ Scan system memory ========================
16:51:12.0000 11312 System memory - ok
16:51:12.0015 11312 ================ Scan services =============================
16:51:12.0187 11312 Abiosdsk - ok
16:51:12.0187 11312 abp480n5 - ok
16:51:12.0328 11312 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINNT\system32\drivers\ac97intc.sys
16:51:12.0437 11312 ac97intc - ok
16:51:12.0531 11312 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
16:51:12.0609 11312 ACPI - ok
16:51:12.0734 11312 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
16:51:12.0765 11312 ACPIEC - ok
16:51:12.0859 11312 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:12.0921 11312 AdobeFlashPlayerUpdateSvc - ok
16:51:12.0953 11312 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINNT\system32\DRIVERS\adpu160m.sys
16:51:12.0968 11312 adpu160m - ok
16:51:13.0031 11312 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINNT\system32\drivers\aeaudio.sys
16:51:13.0062 11312 aeaudio - ok
16:51:13.0093 11312 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys
16:51:13.0125 11312 aec - ok
16:51:13.0171 11312 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys
16:51:13.0203 11312 AFD - ok
16:51:13.0265 11312 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINNT\system32\DRIVERS\agp440.sys
16:51:13.0281 11312 agp440 - ok
16:51:13.0312 11312 Aha154x - ok
16:51:13.0343 11312 aic78u2 - ok
16:51:13.0375 11312 aic78xx - ok
16:51:13.0406 11312 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll
16:51:13.0437 11312 Alerter - ok
16:51:13.0468 11312 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe
16:51:13.0468 11312 ALG - ok
16:51:13.0484 11312 AliIde - ok
16:51:13.0562 11312 [ CB21D653FAF607A0509E80EDF3DFCB28 ] AMP C:\WINNT\system32\Drivers\amp.sys
16:51:13.0609 11312 AMP - ok
16:51:13.0687 11312 [ B63192B0CF2281DEFB8C1CAB0274C371 ] AMPSE C:\WINNT\system32\Drivers\ampse.sys
16:51:13.0843 11312 AMPSE - ok
16:51:13.0875 11312 amsint - ok
16:51:14.0031 11312 [ 73D675514F148B1E69429E1D95E22ADC ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
16:51:14.0093 11312 AOL ACS - ok
16:51:14.0281 11312 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
16:51:14.0296 11312 Apple Mobile Device - ok
16:51:14.0312 11312 AppMgmt - ok
16:51:14.0375 11312 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys
16:51:14.0390 11312 Arp1394 - ok
16:51:14.0421 11312 asc - ok
16:51:14.0437 11312 asc3350p - ok
16:51:14.0468 11312 asc3550 - ok
16:51:14.0515 11312 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINNT\system32\drivers\ASCTRM.sys
16:51:14.0546 11312 ASCTRM - ok
16:51:14.0671 11312 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
16:51:14.0718 11312 aspnet_state - ok
16:51:14.0750 11312 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
16:51:14.0765 11312 AsyncMac - ok
16:51:14.0796 11312 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
16:51:14.0796 11312 atapi - ok
16:51:14.0812 11312 Atdisk - ok
16:51:14.0906 11312 [ A2EAEB497CA29ECAEAF0DF66AD85C57D ] Ati HotKey Poller C:\WINNT\system32\Ati2evxx.exe
16:51:15.0468 11312 Ati HotKey Poller - ok
16:51:15.0546 11312 [ 312A17DFF710A0F4E6D4DD1D52EAD1A8 ] ATI Smart C:\WINNT\system32\ati2sgag.exe
16:51:16.0593 11312 ATI Smart - ok
16:51:16.0812 11312 [ 492BD2A5F65F218D4EDE5764A3BB67E9 ] ati2mtag C:\WINNT\system32\DRIVERS\ati2mtag.sys
16:51:16.0921 11312 ati2mtag - ok
16:51:17.0015 11312 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\WINNT\system32\DRIVERS\atksgt.sys
16:51:17.0062 11312 atksgt - ok
16:51:17.0109 11312 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
16:51:17.0156 11312 Atmarpc - ok
16:51:17.0218 11312 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll
16:51:17.0234 11312 AudioSrv - ok
16:51:17.0281 11312 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
16:51:17.0328 11312 audstub - ok
16:51:17.0421 11312 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
16:51:17.0421 11312 Beep - ok
16:51:17.0500 11312 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll
16:51:17.0531 11312 BITS - ok
16:51:17.0578 11312 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:51:18.0968 11312 Bonjour Service - ok
16:51:19.0031 11312 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll
16:51:19.0171 11312 Browser - ok
16:51:19.0343 11312 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
16:51:19.0375 11312 cbidf2k - ok
16:51:19.0406 11312 cd20xrnt - ok
16:51:19.0500 11312 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
16:51:19.0531 11312 Cdaudio - ok
16:51:19.0593 11312 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
16:51:19.0625 11312 Cdfs - ok
16:51:19.0703 11312 [ 8B68B071B2BFB89C71508D588049AC74 ] Cdr4_xp C:\WINNT\system32\drivers\Cdr4_xp.sys
16:51:19.0734 11312 Cdr4_xp - ok
16:51:19.0765 11312 [ A639398D54889DF9D5EED609849B2A4A ] Cdralw2k C:\WINNT\system32\drivers\Cdralw2k.sys
16:51:19.0796 11312 Cdralw2k - ok
16:51:19.0796 11312 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
16:51:19.0812 11312 Cdrom - ok
16:51:19.0828 11312 Changer - ok
16:51:19.0875 11312 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINNT\system32\cisvc.exe
16:51:19.0875 11312 CiSvc - ok
16:51:19.0890 11312 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe
16:51:19.0906 11312 ClipSrv - ok
16:51:19.0921 11312 CmdIde - ok
16:51:19.0937 11312 COMSysApp - ok
16:51:19.0984 11312 Cpqarray - ok
16:51:20.0046 11312 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll
16:51:20.0046 11312 CryptSvc - ok
16:51:20.0078 11312 dac2w2k - ok
16:51:20.0093 11312 dac960nt - ok
16:51:20.0171 11312 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll
16:51:20.0218 11312 DcomLaunch - ok
16:51:20.0296 11312 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
16:51:20.0296 11312 Dhcp - ok
16:51:20.0343 11312 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
16:51:20.0390 11312 Disk - ok
16:51:20.0406 11312 dmadmin - ok
16:51:20.0500 11312 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
16:51:21.0078 11312 dmboot - ok
16:51:21.0140 11312 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\drivers\dmio.sys
16:51:21.0156 11312 dmio - ok
16:51:21.0203 11312 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
16:51:21.0218 11312 dmload - ok
16:51:21.0296 11312 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll
16:51:21.0328 11312 dmserver - ok
16:51:21.0375 11312 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
16:51:21.0406 11312 DMusic - ok
16:51:21.0468 11312 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
16:51:21.0515 11312 Dnscache - ok
16:51:21.0562 11312 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll
16:51:21.0562 11312 Dot3svc - ok
16:51:21.0593 11312 dpti2o - ok
16:51:21.0609 11312 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
16:51:21.0640 11312 drmkaud - ok
16:51:21.0703 11312 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINNT\system32\DRIVERS\e100b325.sys
16:51:21.0750 11312 E100B - ok
16:51:21.0796 11312 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll
16:51:21.0796 11312 EapHost - ok
16:51:21.0843 11312 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll
16:51:21.0859 11312 ERSvc - ok
16:51:21.0906 11312 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe
16:51:21.0921 11312 Eventlog - ok
16:51:22.0000 11312 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\System32\es.dll
16:51:22.0031 11312 EventSystem - ok
16:51:22.0093 11312 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
16:51:22.0109 11312 Fastfat - ok
16:51:22.0187 11312 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
16:51:22.0250 11312 FastUserSwitchingCompatibility - ok
16:51:22.0312 11312 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\DRIVERS\fdc.sys
16:51:22.0328 11312 Fdc - ok
16:51:22.0359 11312 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys
16:51:22.0390 11312 Fips - ok
16:51:22.0421 11312 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\DRIVERS\flpydisk.sys
16:51:22.0453 11312 Flpydisk - ok
16:51:22.0531 11312 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
16:51:22.0593 11312 FltMgr - ok
16:51:22.0625 11312 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
16:51:22.0656 11312 Fs_Rec - ok
16:51:22.0687 11312 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
16:51:22.0703 11312 Ftdisk - ok
16:51:22.0750 11312 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
16:51:22.0796 11312 GEARAspiWDM - ok
16:51:22.0828 11312 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
16:51:22.0875 11312 Gpc - ok
16:51:22.0953 11312 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:51:22.0968 11312 helpsvc - ok
16:51:23.0015 11312 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINNT\System32\hidserv.dll
16:51:23.0046 11312 HidServ - ok
16:51:23.0078 11312 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINNT\system32\DRIVERS\hidusb.sys
16:51:23.0093 11312 HidUsb - ok
16:51:23.0140 11312 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll
16:51:23.0156 11312 hkmsvc - ok
16:51:23.0171 11312 hpn - ok
16:51:23.0250 11312 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINNT\system32\DRIVERS\HPZid412.sys
16:51:23.0296 11312 HPZid412 - ok
16:51:23.0312 11312 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINNT\system32\DRIVERS\HPZipr12.sys
16:51:23.0328 11312 HPZipr12 - ok
16:51:23.0375 11312 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINNT\system32\DRIVERS\HPZius12.sys
16:51:23.0406 11312 HPZius12 - ok
16:51:23.0468 11312 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
16:51:23.0484 11312 HTTP - ok
16:51:23.0546 11312 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
16:51:23.0578 11312 HTTPFilter - ok
16:51:23.0593 11312 i2omgmt - ok
16:51:23.0609 11312 i2omp - ok
16:51:23.0671 11312 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
16:51:23.0687 11312 i8042prt - ok
16:51:23.0734 11312 [ 537EFE2F9ADCD01073F59E9D3D24164E ] ialm C:\WINNT\system32\DRIVERS\ialmnt5.sys
16:51:23.0765 11312 ialm - ok
16:51:23.0812 11312 [ 50B56E7DE809BE4B8F4D24B3F0381520 ] iaStor C:\WINNT\system32\DRIVERS\iaStor.sys
16:51:23.0921 11312 iaStor - ok
16:51:24.0031 11312 iatmunin - ok
16:51:24.0109 11312 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:51:24.0109 11312 IDriverT - ok
16:51:24.0156 11312 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
16:51:24.0171 11312 Imapi - ok
16:51:24.0265 11312 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\System32\imapi.exe
16:51:24.0281 11312 ImapiService - ok
16:51:24.0312 11312 ini910u - ok
16:51:24.0718 11312 [ DD476200776D9BD8B693AD733D33CDFD ] IntelC51 C:\WINNT\system32\DRIVERS\IntelC51.sys
16:51:25.0140 11312 IntelC51 - ok
16:51:25.0343 11312 [ 633CE6C73ADD83B2CBD3D121978D74C4 ] IntelC52 C:\WINNT\system32\DRIVERS\IntelC52.sys
16:51:25.0593 11312 IntelC52 - ok
16:51:25.0656 11312 [ DDC319760DFC9F898682599F4AE025EA ] IntelC53 C:\WINNT\system32\DRIVERS\IntelC53.sys
16:51:25.0687 11312 IntelC53 - ok
16:51:25.0765 11312 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINNT\system32\DRIVERS\intelide.sys
16:51:25.0781 11312 IntelIde - ok
16:51:25.0828 11312 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
16:51:25.0859 11312 intelppm - ok
16:51:26.0015 11312 [ 440A02FA25BE8DCCD2103D820036EDA1 ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
16:51:26.0078 11312 ioloSystemService - ok
16:51:26.0125 11312 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINNT\system32\drivers\ip6fw.sys
16:51:26.0156 11312 ip6fw - ok
16:51:26.0203 11312 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
16:51:26.0250 11312 IpFilterDriver - ok
16:51:26.0281 11312 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
16:51:26.0312 11312 IpInIp - ok
16:51:26.0359 11312 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
16:51:26.0406 11312 IpNat - ok
16:51:26.0484 11312 [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:51:26.0500 11312 iPod Service - ok
16:51:26.0546 11312 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys
16:51:26.0578 11312 IPSec - ok
16:51:26.0625 11312 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
16:51:26.0671 11312 IRENUM - ok
16:51:26.0734 11312 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
16:51:26.0765 11312 isapnp - ok
16:51:26.0906 11312 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:51:26.0968 11312 JavaQuickStarterService - ok
16:51:26.0984 11312 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
16:51:27.0031 11312 Kbdclass - ok
16:51:27.0062 11312 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINNT\system32\DRIVERS\kbdhid.sys
16:51:27.0093 11312 kbdhid - ok
16:51:27.0171 11312 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys
16:51:27.0171 11312 kmixer - ok
16:51:27.0218 11312 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
16:51:27.0265 11312 KSecDD - ok
16:51:27.0328 11312 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll
16:51:27.0328 11312 lanmanserver - ok
16:51:27.0390 11312 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
16:51:27.0453 11312 lanmanworkstation - ok
16:51:27.0484 11312 lbrtfdc - ok
16:51:27.0562 11312 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINNT\system32\DRIVERS\lirsgt.sys
16:51:27.0593 11312 lirsgt - ok
16:51:27.0671 11312 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll
16:51:27.0687 11312 LmHosts - ok
16:51:27.0734 11312 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINNT\system32\drivers\mbam.sys
16:51:27.0781 11312 MBAMProtector - ok
16:51:27.0843 11312 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:51:27.0875 11312 MBAMScheduler - ok
16:51:27.0953 11312 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:28.0000 11312 MBAMService - ok
16:51:28.0046 11312 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll
16:51:28.0062 11312 Messenger - ok
16:51:28.0125 11312 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
16:51:28.0171 11312 mnmdd - ok
16:51:28.0218 11312 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\System32\mnmsrvc.exe
16:51:28.0234 11312 mnmsrvc - ok
16:51:28.0296 11312 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys
16:51:28.0296 11312 Modem - ok
16:51:28.0343 11312 [ B23378126AF4E02DC691E9F5880F2ACD ] mohfilt C:\WINNT\system32\DRIVERS\mohfilt.sys
16:51:28.0375 11312 mohfilt - ok
16:51:28.0406 11312 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
16:51:28.0453 11312 Mouclass - ok
16:51:28.0500 11312 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
16:51:28.0531 11312 mouhid - ok
16:51:28.0562 11312 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
16:51:28.0609 11312 MountMgr - ok
16:51:28.0671 11312 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:51:28.0750 11312 MozillaMaintenance - ok
16:51:28.0781 11312 mraid35x - ok
16:51:28.0859 11312 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
16:51:29.0015 11312 MRENDIS5 - ok
16:51:29.0062 11312 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
16:51:29.0109 11312 MRxDAV - ok
16:51:29.0203 11312 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
16:51:29.0281 11312 MRxSmb - ok
16:51:29.0312 11312 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\System32\msdtc.exe
16:51:29.0328 11312 MSDTC - ok
16:51:29.0359 11312 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
16:51:29.0390 11312 Msfs - ok
16:51:29.0421 11312 MSIServer - ok
16:51:29.0468 11312 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
16:51:29.0500 11312 MSKSSRV - ok
16:51:29.0531 11312 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
16:51:29.0562 11312 MSPCLOCK - ok
16:51:29.0593 11312 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
16:51:29.0625 11312 MSPQM - ok
16:51:29.0703 11312 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
16:51:29.0750 11312 mssmbios - ok
16:51:29.0796 11312 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys
16:51:29.0843 11312 Mup - ok
16:51:29.0906 11312 [ C6EEE2261681396E36F3D8A003582C9E ] MxlW2k C:\WINNT\system32\drivers\MxlW2k.sys
16:51:29.0937 11312 MxlW2k - ok
16:51:30.0000 11312 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll
16:51:30.0046 11312 napagent - ok
16:51:30.0109 11312 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys
16:51:30.0156 11312 NDIS - ok
16:51:30.0203 11312 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
16:51:30.0250 11312 NdisTapi - ok
16:51:30.0296 11312 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
16:51:30.0328 11312 Ndisuio - ok
16:51:30.0343 11312 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
16:51:30.0406 11312 NdisWan - ok
16:51:30.0453 11312 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
16:51:30.0500 11312 NDProxy - ok
16:51:30.0531 11312 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
16:51:30.0562 11312 NetBIOS - ok
16:51:30.0609 11312 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
16:51:30.0656 11312 NetBT - ok
16:51:30.0718 11312 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe
16:51:30.0734 11312 NetDDE - ok
16:51:30.0765 11312 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe
16:51:30.0765 11312 NetDDEdsdm - ok
16:51:30.0812 11312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\System32\lsass.exe
16:51:30.0812 11312 Netlogon - ok
16:51:30.0859 11312 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll
16:51:30.0875 11312 Netman - ok
16:51:30.0937 11312 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys
16:51:30.0968 11312 NIC1394 - ok
16:51:31.0046 11312 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll
16:51:31.0046 11312 Nla - ok
16:51:31.0078 11312 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys
16:51:31.0125 11312 Npfs - ok
16:51:31.0203 11312 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
16:51:31.0359 11312 Ntfs - ok
16:51:31.0421 11312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\System32\lsass.exe
16:51:31.0421 11312 NtLmSsp - ok
16:51:31.0515 11312 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
16:51:31.0562 11312 NtmsSvc - ok
16:51:31.0593 11312 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
16:51:31.0625 11312 Null - ok
16:51:31.0968 11312 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys
16:51:32.0781 11312 nv - ok
16:51:32.0812 11312 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINNT\system32\nvsvc32.exe
16:51:32.0906 11312 NVSvc - ok
16:51:32.0968 11312 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
16:51:32.0984 11312 NwlnkFlt - ok
16:51:33.0031 11312 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
16:51:33.0062 11312 NwlnkFwd - ok
16:51:33.0109 11312 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys
16:51:33.0156 11312 ohci1394 - ok
16:51:33.0250 11312 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:33.0312 11312 ose - ok
16:51:33.0609 11312 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:51:34.0718 11312 osppsvc - ok
16:51:34.0765 11312 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\DRIVERS\parport.sys
16:51:34.0796 11312 Parport - ok
16:51:34.0859 11312 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
16:51:34.0906 11312 PartMgr - ok
16:51:34.0968 11312 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
16:51:35.0000 11312 ParVdm - ok
16:51:35.0031 11312 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
16:51:35.0078 11312 PCI - ok
16:51:35.0109 11312 PCIDump - ok
16:51:35.0171 11312 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
16:51:35.0203 11312 PCIIde - ok
16:51:35.0250 11312 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
16:51:35.0328 11312 Pcmcia - ok
16:51:35.0359 11312 PDCOMP - ok
16:51:35.0406 11312 PDFRAME - ok
16:51:35.0421 11312 PDRELI - ok
16:51:35.0453 11312 PDRFRAME - ok
16:51:35.0468 11312 perc2 - ok
16:51:35.0500 11312 perc2hib - ok
16:51:35.0593 11312 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe
16:51:35.0609 11312 PlugPlay - ok
16:51:35.0687 11312 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINNT\system32\HPZipm12.exe
16:51:35.0750 11312 Pml Driver HPZ12 - ok
16:51:35.0781 11312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\System32\lsass.exe
16:51:35.0796 11312 PolicyAgent - ok
16:51:35.0828 11312 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
16:51:35.0875 11312 PptpMiniport - ok
16:51:35.0921 11312 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINNT\system32\DRIVERS\processr.sys
16:51:35.0984 11312 Processor - ok
16:51:36.0015 11312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe
16:51:36.0015 11312 ProtectedStorage - ok
16:51:36.0046 11312 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINNT\system32\DRIVERS\psched.sys
16:51:36.0093 11312 PSched - ok
16:51:36.0171 11312 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
16:51:36.0281 11312 Ptilink - ok
16:51:36.0296 11312 ql1080 - ok
16:51:36.0328 11312 Ql10wnt - ok
16:51:36.0343 11312 ql12160 - ok
16:51:36.0359 11312 ql1240 - ok
16:51:36.0390 11312 ql1280 - ok
16:51:36.0406 11312 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
16:51:36.0421 11312 RasAcd - ok
16:51:36.0484 11312 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll
16:51:36.0500 11312 RasAuto - ok
16:51:36.0531 11312 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
16:51:36.0562 11312 Rasl2tp - ok
16:51:36.0609 11312 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll
16:51:36.0625 11312 RasMan - ok
16:51:36.0656 11312 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
16:51:36.0671 11312 RasPppoe - ok
16:51:36.0703 11312 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
16:51:36.0718 11312 Raspti - ok
16:51:36.0765 11312 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
16:51:36.0796 11312 Rdbss - ok
16:51:36.0828 11312 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
16:51:36.0859 11312 RDPCDD - ok
16:51:36.0937 11312 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
16:51:36.0968 11312 RDPWD - ok
16:51:37.0015 11312 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe
16:51:37.0031 11312 RDSessMgr - ok
16:51:37.0078 11312 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
16:51:37.0109 11312 redbook - ok
16:51:37.0171 11312 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll
16:51:37.0171 11312 RemoteAccess - ok
16:51:37.0234 11312 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\System32\locator.exe
16:51:37.0250 11312 RpcLocator - ok
16:51:37.0312 11312 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll
16:51:37.0312 11312 RpcSs - ok
16:51:37.0390 11312 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\System32\rsvp.exe
16:51:37.0421 11312 RSVP - ok
16:51:37.0484 11312 [ 918CC067FFF88A3C063A79952B82C1C7 ] RT2500USB C:\WINNT\system32\DRIVERS\rt2500usb.sys
16:51:37.0671 11312 RT2500USB - ok
16:51:37.0703 11312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe
16:51:37.0718 11312 SamSs - ok
16:51:37.0765 11312 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
16:51:37.0796 11312 SCardSvr - ok
16:51:37.0843 11312 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll
16:51:37.0875 11312 Schedule - ok
16:51:37.0937 11312 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
16:51:37.0968 11312 Secdrv - ok
16:51:38.0015 11312 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll
16:51:38.0015 11312 seclogon - ok
16:51:38.0046 11312 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll
16:51:38.0046 11312 SENS - ok
16:51:38.0093 11312 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
16:51:38.0093 11312 serenum - ok
16:51:38.0125 11312 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
16:51:38.0156 11312 Serial - ok
16:51:38.0203 11312 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
16:51:38.0218 11312 Sfloppy - ok
16:51:38.0281 11312 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
16:51:38.0281 11312 ShellHWDetection - ok
16:51:38.0312 11312 Simbad - ok
16:51:38.0406 11312 [ EBA50C8F7EFD8178E8C4BDE6B74E744C ] smwdm C:\WINNT\system32\drivers\smwdm.sys
16:51:38.0734 11312 smwdm - ok
16:51:38.0765 11312 Sparrow - ok
16:51:38.0812 11312 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys
16:51:38.0843 11312 splitter - ok
16:51:38.0890 11312 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe
16:51:38.0953 11312 Spooler - ok
16:51:39.0000 11312 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys
16:51:39.0000 11312 sr - ok
16:51:39.0062 11312 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\System32\srsvc.dll
16:51:39.0093 11312 srservice - ok
16:51:39.0156 11312 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
16:51:39.0250 11312 Srv - ok
16:51:39.0312 11312 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
16:51:39.0312 11312 SSDPSRV - ok
16:51:39.0343 11312 Steam Client Service - ok
16:51:39.0406 11312 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINNT\system32\wiaservc.dll
16:51:39.0421 11312 stisvc - ok
16:51:39.0468 11312 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
16:51:39.0500 11312 swenum - ok
16:51:39.0531 11312 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys
16:51:39.0843 11312 swmidi - ok
16:51:39.0875 11312 SwPrv - ok
16:51:39.0921 11312 symc810 - ok
16:51:39.0953 11312 symc8xx - ok
16:51:39.0984 11312 sym_hi - ok
16:51:40.0000 11312 sym_u3 - ok
16:51:40.0046 11312 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
16:51:40.0078 11312 sysaudio - ok
16:51:40.0140 11312 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
16:51:40.0171 11312 SysmonLog - ok
16:51:40.0234 11312 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll
16:51:40.0265 11312 TapiSrv - ok
16:51:40.0343 11312 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
16:51:40.0406 11312 Tcpip - ok
16:51:40.0468 11312 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
16:51:40.0500 11312 TDPIPE - ok
16:51:40.0531 11312 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
16:51:40.0546 11312 TDTCP - ok
16:51:40.0593 11312 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
16:51:40.0609 11312 TermDD - ok
16:51:40.0656 11312 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll
16:51:40.0687 11312 TermService - ok
16:51:40.0718 11312 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll
16:51:40.0734 11312 Themes - ok
16:51:40.0750 11312 TosIde - ok
16:51:40.0812 11312 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll
16:51:40.0828 11312 TrkWks - ok
16:51:40.0875 11312 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
16:51:40.0906 11312 Udfs - ok
16:51:40.0937 11312 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINNT\system32\DRIVERS\ultra.sys
16:51:40.0953 11312 ultra - ok
16:51:41.0031 11312 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys
16:51:41.0093 11312 Update - ok
16:51:41.0156 11312 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll
16:51:41.0171 11312 upnphost - ok
16:51:41.0218 11312 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe
16:51:41.0234 11312 UPS - ok
16:51:41.0296 11312 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys
16:51:41.0312 11312 usbccgp - ok
16:51:41.0359 11312 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
16:51:41.0390 11312 usbehci - ok
16:51:41.0421 11312 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
16:51:41.0453 11312 usbhub - ok
16:51:41.0500 11312 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
16:51:41.0531 11312 usbprint - ok
16:51:41.0578 11312 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys
16:51:41.0593 11312 usbscan - ok
16:51:41.0625 11312 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINNT\system32\DRIVERS\USBSTOR.SYS
16:51:41.0656 11312 USBSTOR - ok
16:51:41.0687 11312 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
16:51:41.0703 11312 usbuhci - ok
16:51:41.0734 11312 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys
16:51:41.0765 11312 VgaSave - ok
16:51:41.0781 11312 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINNT\system32\DRIVERS\viaide.sys
16:51:41.0796 11312 ViaIde - ok
16:51:41.0828 11312 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
16:51:41.0859 11312 VolSnap - ok
16:51:41.0968 11312 [ D11118370126A38CC3D85FFCE1B2516C ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
16:51:41.0984 11312 vseamps - ok
16:51:42.0046 11312 [ CE01EB176A51EAE90A57857A718A55D3 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
16:51:42.0062 11312 vsedsps - ok
16:51:42.0140 11312 [ 90BFACE50A1C308423023AB9BA69AF4F ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
16:51:43.0312 11312 vseqrts - ok
16:51:43.0375 11312 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe
16:51:43.0421 11312 VSS - ok
16:51:43.0468 11312 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\System32\w32time.dll
16:51:43.0500 11312 W32Time - ok
16:51:43.0578 11312 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
16:51:43.0625 11312 Wanarp - ok
16:51:43.0687 11312 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINNT\system32\DRIVERS\wanatw4.sys
16:51:43.0734 11312 wanatw - ok
16:51:43.0750 11312 [ 909F2DC0DA7F57D229A05EE90647B2C3 ] WANMiniportService C:\WINNT\wanmpsvc.exe
16:51:43.0921 11312 WANMiniportService - ok
16:51:43.0953 11312 WDICA - ok
16:51:43.0984 11312 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
16:51:44.0015 11312 wdmaud - ok
16:51:44.0046 11312 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll
16:51:44.0062 11312 WebClient - ok
16:51:44.0218 11312 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
16:51:44.0250 11312 winmgmt - ok
16:51:44.0343 11312 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINNT\system32\drivers\WmBEnum.sys
16:51:44.0375 11312 WmBEnum - ok
16:51:44.0437 11312 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINNT\system32\mspmsnsv.dll
16:51:44.0453 11312 WmdmPmSN - ok
16:51:44.0531 11312 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINNT\system32\drivers\WmFilter.sys
16:51:44.0578 11312 WmFilter - ok
16:51:44.0640 11312 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\System32\wbem\wmiapsrv.exe
16:51:44.0703 11312 WmiApSrv - ok
16:51:44.0750 11312 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINNT\system32\drivers\WmVirHid.sys
16:51:44.0750 11312 WmVirHid - ok
16:51:44.0812 11312 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINNT\system32\drivers\WmXlCore.sys
16:51:44.0843 11312 WmXlCore - ok
16:51:44.0890 11312 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
16:51:44.0890 11312 WS2IFSL - ok
16:51:44.0968 11312 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll
16:51:44.0984 11312 wuauserv - ok
16:51:45.0078 11312 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll
16:51:45.0078 11312 WZCSVC - ok
16:51:45.0140 11312 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll
16:51:45.0171 11312 xmlprov - ok
16:51:45.0265 11312 [ E6C22D34BAEF5196E1B23A4492C275B7 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINNT\system32\drivers\ialmsbw.sys
16:51:45.0296 11312 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:51:45.0375 11312 [ 6E53BD96B0EBAD721CDD6320DBFC3F5F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINNT\system32\drivers\ialmkchw.sys
16:51:45.0390 11312 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:51:45.0406 11312 ================ Scan global ===============================
16:51:45.0453 11312 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll
16:51:45.0515 11312 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
16:51:45.0625 11312 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
16:51:45.0640 11312 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe
16:51:45.0640 11312 [Global] - ok
16:51:45.0640 11312 ================ Scan MBR ==================================
16:51:45.0687 11312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:51:46.0250 11312 \Device\Harddisk0\DR0 - ok
16:51:46.0265 11312 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk5\DR10
16:51:46.0265 11312 \Device\Harddisk5\DR10 - ok
16:51:46.0265 11312 ================ Scan VBR ==================================
16:51:46.0281 11312 [ D32C8C556711F1AF10DE3552FF84B144 ] \Device\Harddisk0\DR0\Partition1
16:51:46.0281 11312 \Device\Harddisk0\DR0\Partition1 - ok
16:51:46.0312 11312 [ 2CFA23083C510C758F1B30710988524A ] \Device\Harddisk5\DR10\Partition1
16:51:46.0312 11312 \Device\Harddisk5\DR10\Partition1 - ok
16:51:46.0312 11312 ============================================================
16:51:46.0312 11312 Scan finished
16:51:46.0312 11312 ============================================================
16:51:46.0359 8812 Detected object count: 0
16:51:46.0359 8812 Actual detected object count: 0


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-05 16:53:42
-----------------------------
16:53:42.406 OS Version: Windows 5.1.2600 Service Pack 3
16:53:42.406 Number of processors: 2 586 0x303
16:53:42.406 ComputerName: KIDS UserName:
16:53:44.843 Initialize success
17:27:03.218 AVAST engine defs: 12120501
17:56:04.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:56:04.312 Disk 0 Vendor: WDC_WD1200BB-22DWA0 15.05R15 Size: 114473MB BusType: 3
17:56:04.312 Disk 5 \Device\Harddisk5\DR10 -> \Device\00000085
17:56:04.312 Disk 5 Vendor: Size: 114473MB BusType: 0
17:56:04.343 Disk 0 MBR read successfully
17:56:04.343 Disk 0 MBR scan
17:56:04.390 Disk 0 Windows XP default MBR code
17:56:04.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
17:56:04.406 Disk 0 scanning sectors +234436545
17:56:04.468 Disk 0 scanning C:\WINNT\system32\drivers
17:56:26.109 Service scanning
17:57:01.750 Modules scanning
17:57:11.984 Disk 0 trace - called modules:
17:57:12.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:57:12.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b88ab8]
17:57:12.000 3 CLASSPNP.SYS[f7643fd7] -> nt!IofCallDriver -> \Device\0000006b[0x86b63f18]
17:57:12.000 5 ACPI.sys[f75aa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b62d98]
17:57:13.015 AVAST engine scan C:\WINNT
17:57:47.875 AVAST engine scan C:\WINNT\system32
18:02:14.421 File: C:\WINNT\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:02:45.718 AVAST engine scan C:\WINNT\system32\drivers
18:03:12.875 AVAST engine scan C:\Documents and Settings\Owner
18:04:37.546 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
18:04:37.578 The log file has been saved successfully to "J:\aswMBR.txt"

#10 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 05 December 2012 - 11:48 PM

ESET list of found threats

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BYQZNK2R\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage\Identities\wcgso.dll a variant of Win32/Kryptik.APHW trojan cleaned by deleting (after the next restart) - quarantined
C:\WINNT\wt\backup\1.6.0.037\wcmdmgrl.exe Win32/Adware.WildTangent application cleaned by deleting - quarantined
C:\WINNT\wt\updater\wcmdmgrl.exe Win32/Adware.WildTangent application cleaned by deleting - quarantined

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 06 December 2012 - 12:39 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#12 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 06 December 2012 - 11:21 AM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KIDS [administrator]

Protection: Enabled

12/6/2012 6:44:49 AM
mbam-log-2012-12-06 (06-44-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 509751
Time elapsed: 3 hour(s), 43 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
MiniToolBox by Farbar Version: 25-11-2012
Ran by Owner (administrator) on 06-12-2012 at 10:33:53
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
# 38.25.63.10 x.acme.com # x client host

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Wireless USB Card = Wireless Network Connection 7 (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 7"

set address name="Wireless Network Connection 7" source=dhcp
set dns name="Wireless Network Connection 7" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 7" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : KIDS

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : launchmodem.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-E0-75-3B



Ethernet adapter Wireless Network Connection 7:



Connection-specific DNS Suffix . : launchmodem.com

Description . . . . . . . . . . . : Wireless USB Card #7

Physical Address. . . . . . . . . : 00-D0-41-A7-89-2E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.92

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

192.168.1.254

Lease Obtained. . . . . . . . . . : Thursday, December 06, 2012 6:34:20 AM

Lease Expires . . . . . . . . . . : Friday, December 07, 2012 6:34:20 AM

Server: dslrouter
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.37.105, 173.194.37.110, 173.194.37.96, 173.194.37.97
173.194.37.98, 173.194.37.99, 173.194.37.100, 173.194.37.101, 173.194.37.102
173.194.37.103, 173.194.37.104



Pinging google.com [173.194.37.105] with 32 bytes of data:



Reply from 173.194.37.105: bytes=32 time=29ms TTL=53

Reply from 173.194.37.105: bytes=32 time=81ms TTL=53



Ping statistics for 173.194.37.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 81ms, Average = 55ms

Server: dslrouter
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=110ms TTL=42

Reply from 98.139.183.24: bytes=32 time=538ms TTL=42



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 110ms, Maximum = 538ms, Average = 324ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 e0 75 3b ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x10004 ...00 d0 41 a7 89 2e ...... Wireless USB Card #7 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.92 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.92 192.168.1.92 20
192.168.1.0 255.255.255.0 192.168.1.92 192.168.1.92 25
192.168.1.92 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.92 192.168.1.92 25
224.0.0.0 240.0.0.0 192.168.1.92 192.168.1.92 25
255.255.255.255 255.255.255.255 192.168.1.92 2 1
255.255.255.255 255.255.255.255 192.168.1.92 192.168.1.92 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 05 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 16 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 17 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 18 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 19 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 21 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 22 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 23 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 24 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 25 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 26 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 27 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 28 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 29 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 30 C:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 31 C:\Windows\system32\rsvpsp.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/05/2012 07:09:24 AM) (Source: Application Error) (User: )
Description: Fault bucket -1024335966.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/05/2012 07:09:20 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module wcgso.dll, version 1.28.3.0, fault address 0x00001230.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/05/2012 07:08:03 AM) (Source: Application Error) (User: )
Description: Fault bucket -1024335966.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/05/2012 07:07:58 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module wcgso.dll, version 1.28.3.0, fault address 0x00001230.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/05/2012 07:03:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/30/2012 10:18:49 PM) (Source: Application Error) (User: )
Description: Fault bucket -1024335966.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/30/2012 10:18:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module wcgso.dll, version 1.28.3.0, fault address 0x00001230.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/30/2012 05:12:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1447338164.

Error: (11/30/2012 05:12:41 PM) (Source: Application Hang) (User: )
Description: Hanging application SystemMechanic.tmp, version 51.1052.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/30/2012 04:13:06 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/14/2012 07:30:41 AM) (Source: WinDefend) (User: )
Description: %%%82527 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %%%82524

Error Code: 0x8050a001

Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.

Signatures loading: %%825

Loading signature version: 1.139.1681.0

Loading engine version: %%%825270

Error: (10/21/2012 11:04:35 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).

Error: (09/28/2012 06:02:18 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (09/28/2012 06:02:18 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (12/05/2012 07:09:24 AM) (Source: Application Error)(User: )
Description: -1024335966

Error: (12/05/2012 07:09:20 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702wcgso.dll1.28.3.000001230

Error: (12/05/2012 07:08:03 AM) (Source: Application Error)(User: )
Description: -1024335966

Error: (12/05/2012 07:07:58 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702wcgso.dll1.28.3.000001230

Error: (12/05/2012 07:03:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/30/2012 10:18:49 PM) (Source: Application Error)(User: )
Description: -1024335966

Error: (11/30/2012 10:18:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702wcgso.dll1.28.3.000001230

Error: (11/30/2012 05:12:46 PM) (Source: Application Hang)(User: )
Description: -1447338164

Error: (11/30/2012 05:12:41 PM) (Source: Application Hang)(User: )
Description: SystemMechanic.tmp51.1052.0.0hungapp0.0.0.000000000

Error: (11/30/2012 04:13:06 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000


=========================== Installed Programs ============================

2600 (Version: 43.0.217.000)
2600_Help (Version: 43.0.217.000)
2600Trb (Version: 43.0.217.000)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.5.1 (Version: 9.5.1)
Age of Empires III (Version: 1.00.0000)
Age of Mythology
Age of Mythology - The Titans Expansion
Ahead Nero BurnRights
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Apple Application Support (Version: 1.1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2314.20337)
ATI Display Driver (Version: 8.252-060503a-038185C-ATI)
AVSDK5 (Version: 5.3.3)
BellSouth Wireless Connection Tool
BIG-IP Edge Client Components (All Users) (Version: 70.2011.0622.1118)
Blackhawk Striker from Gateway (remove only)
Blasterball 2 from Gateway (remove only)
Bonjour (Version: 1.0.106)
Bounce Symphony from Gateway (remove only)
BufferChm (Version: 43.1.5.000)
Carnival Cruise Lines Tycoon 2005 - Island Hopping
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Cypress USB Mass Storage Driver Installation
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
Disney Pirates of the Caribbean Online (Version: )
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
DoMore (Version: 1)
DVD
EA Download Manager (Version: 5.1.0.4)
Emperor's New Groove - Groove Center
ESET Online Scanner v3
Excavation from Gateway (remove only)
Fax (Version: 43.0.217.000)
Five Card Frenzy from Gateway (remove only)
Frogger2
GameSpy Arcade
Gateway Ink Monitor (Version: 1.2.0.0)
GWCares (Version: 1.10.0000)
Harley-Davidson® - Race Around The World
Harry Potter
Hoyle Board Games
Hoyle Card Games
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
Intel® 537EP Data Fax Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iolo technologies' System Mechanic (Version: 10.8.5)
iolo technologies' System Shield (Version: 4.2.11)
iTunes (Version: 9.0.3.15)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
JumpStart Explorers
KODAK Share Button App (Version: 2.02.0000.0000)
Learn2 Player (Uninstall Only)
Lock On: Modern Air Combat (Version: 1.00.000)
LockOn Flaming Cliffs 2
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mass Effect (Version: 1.00)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Age of Empires II
Microsoft CART Precision Racing Trial
Microsoft Combat Flight Simulator 3.1
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004)
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0)
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files (Version: 2003)
Microsoft Midtown Madness
Microsoft Midtown Madness 2
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft Monster Truck Madness 2
Microsoft Motocross Madness
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Picture It! Express 7.0 (Version: 7.0.0.0000)
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Streets and Trips 2004 (Version: 11.00.18.1900)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000)
Monster Jam (Version: 1.00.000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN Internet Software
MSN Messenger 5.0 (Version: 5.0.0527)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
MUSICMATCH® Jukebox
My Disney Kitchen
Napster
NASCAR SimRacing
Nero OEM
Network Play System (Patching)
NVIDIA Drivers
Orbital from Gateway (remove only)
Otto from Gateway (remove only)
Overball from Gateway (remove only)
Overland (Version: 2.1.5)
ParaWorld (Version: 1.00)
PC-Doctor for Windows
Pearl Harbor
PhotoGallery (Version: 43.1.5.000)
Polar Bowler from Gateway (remove only)
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
Quicken 2004 (Version: 13.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.65.17.80)
Readme (Version: 43.0.217.000)
RealPlayer Basic
Rise of Nations Gold (Version: 1.0)
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister (Version: 1.00.000)
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3 (Version: 1.00.000)
Roxio Burn Engine (Version: 1.2.0000)
Scan (Version: 4.1.0.0)
Scratches
Shockwave
Sierra Utilities
SimCoaster
SkinsHP1 (Version: 43.1.5.000)
Slyder from Gateway (remove only)
SPORE™ (Version: 1.05.0001)
SPORE™ Creepy & Cute Parts Pack (Version: 1.00.0000)
SPORE™ Galactic Adventures (Version: 1.01.0001)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
System Checkup 3.3 (Version: 3.3.2.9)
System Requirements Lab
Tarzan Activity Center
The Office
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims Superstar
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Thomas & Friends - The Great Festival Adventure
Toy Story 2
Toy Story 2 Activity Center
TrayApp (Version: 43.1.5.000)
Ultimate Ride Disney Coaster
Uninstall Best Reading Program
Unload (Version: 4.0.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Storage Adapter FX (SM1)
Virtools 3D Life Player (Version: 4.0.0.x)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 43.1.5.000)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! BrowserPlus 2.9.8
Zoo Tycoon 2 (Version: 1.0)
Zoo Tycoon Expanded

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 1006.73 MB
Available physical RAM: 407.57 MB
Total Pagefile: 1658.75 MB
Available Pagefile: 1219.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:21.98 GB) NTFS
8 Drive j: (USB DISK) (Removable) (Total:1.91 GB) (Free:1.9 GB) FAT

========================= Users: ========================================

User accounts for \\KIDS

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Restore Points ==================================

07-09-2012 17:36:05 Software Distribution Service 3.0
12-09-2012 15:44:31 Software Distribution Service 3.0
12-09-2012 18:28:52 Software Distribution Service 3.0
14-09-2012 17:59:08 Software Distribution Service 3.0
17-09-2012 22:23:49 System Checkpoint
18-09-2012 23:10:46 Software Distribution Service 3.0
21-09-2012 11:07:20 Software Distribution Service 3.0
25-09-2012 17:07:34 Software Distribution Service 3.0
26-09-2012 15:49:58 Software Distribution Service 3.0
28-09-2012 11:04:50 Software Distribution Service 3.0
29-09-2012 23:54:49 System Checkpoint
01-10-2012 00:03:25 System Checkpoint
02-10-2012 22:55:23 Software Distribution Service 3.0
05-10-2012 01:21:13 System Checkpoint
05-10-2012 11:12:44 Software Distribution Service 3.0
07-10-2012 18:16:36 System Checkpoint
09-10-2012 01:07:08 System Checkpoint
09-10-2012 19:50:50 Software Distribution Service 3.0
11-10-2012 23:11:41 Software Distribution Service 3.0
13-10-2012 16:53:40 Software Distribution Service 3.0
17-10-2012 18:17:05 Software Distribution Service 3.0
21-10-2012 16:03:03 Software Distribution Service 3.0
24-10-2012 11:36:30 Software Distribution Service 3.0
27-10-2012 15:58:33 Software Distribution Service 3.0
01-11-2012 11:40:58 Software Distribution Service 3.0
02-11-2012 16:13:13 Software Distribution Service 3.0
04-11-2012 19:54:46 System Checkpoint
06-11-2012 12:13:04 Software Distribution Service 3.0
08-11-2012 19:28:54 System Checkpoint
09-11-2012 23:56:11 Software Distribution Service 3.0
13-11-2012 12:03:52 Software Distribution Service 3.0
14-11-2012 12:26:54 Restore Operation
14-11-2012 12:35:02 Software Distribution Service 3.0
15-11-2012 20:55:39 Software Distribution Service 3.0
16-11-2012 12:16:53 Software Distribution Service 3.0
16-11-2012 16:25:48 Software Distribution Service 3.0
17-11-2012 02:41:32 Installed Steam
21-11-2012 12:33:07 Software Distribution Service 3.0
23-11-2012 17:21:08 Software Distribution Service 3.0
26-11-2012 03:03:55 System Checkpoint
27-11-2012 17:46:45 System Checkpoint
30-11-2012 20:39:45 System Checkpoint
01-12-2012 03:04:49 Installed Microsoft Fix it 50203
01-12-2012 03:24:15 Installed Microsoft Fix it 50687
05-12-2012 18:21:08 System Checkpoint
06-12-2012 11:41:48 Removed Steam

**** End of log ****

Farbar Service Scanner Version: 04-12-2012
Ran by Owner (administrator) on 06-12-2012 at 10:47:15
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINNT\system32\dhcpcsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\afd.sys => MD5 is legit
C:\WINNT\system32\Drivers\netbt.sys => MD5 is legit
C:\WINNT\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINNT\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINNT\system32\dnsrslvr.dll => MD5 is legit
C:\WINNT\system32\ipnathlp.dll => MD5 is legit
C:\WINNT\system32\netman.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\srsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\sr.sys => MD5 is legit
C:\WINNT\system32\wscsvc.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\wuauserv.dll => MD5 is legit
C:\WINNT\system32\qmgr.dll => MD5 is legit
C:\WINNT\system32\es.dll => MD5 is legit
C:\WINNT\system32\cryptsvc.dll => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll => MD5 is legit
C:\WINNT\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(7) IPSec(4) NetBT(5) PSched(6) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 10:48:17
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - KIDS
# Boot Mode : Normal
# Running from : J:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3zo23txi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2228 octets] - [06/12/2012 10:48:17]

########## EOF - C:\AdwCleaner[S1].txt - [2288 octets] ##########

#13 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 06 December 2012 - 11:37 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.9.2 (12.06.2012:3)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 12/06/2012 at 11:23:16.35
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
Identities REG_SZ rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage\Identities\wcgso.dll",DllRegisterServerW




~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINNT\tasks\ISP signup reminder 2.job
Successfully deleted: [File] C:\WINNT\tasks\ISP signup reminder 3.job



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/06/2012 at 11:36:33.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 06 December 2012 - 04:28 PM

to ad insult to injury now when I turn on the computer I get a rundll error re: wcgso.dll

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 06 December 2012 - 07:31 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users