Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strongvault infection on xp pro


  • Please log in to reply
12 replies to this topic

#1 jerseydevil

jerseydevil

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 30 December 2012 - 10:57 PM

I'm running xp pro, and recently picked up a program called Strongvauld online back up. I don't know where it came from. So, noticed the icons on my desktop and tried to delet the program from my c drive. The. I emptied the recycle bin. That's about when things went from bad to worse. Now I can't open explorer, security essentials, can't system restore., etc. What to do? I looked around online and I'm not sure if its a virus or what?
Thanks for any help.

Edited by jerseydevil, 30 December 2012 - 10:59 PM.


BC AdBot (Login to Remove)

 


#2 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 02 January 2013 - 07:12 AM

Any ideas?

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 04 January 2013 - 03:07 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 04 January 2013 - 11:25 PM

22:47:02.0000 1676 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:47:03.0781 1676 ============================================================
22:47:03.0781 1676 Current date / time: 2013/01/04 22:47:03.0781
22:47:03.0781 1676 SystemInfo:
22:47:03.0781 1676
22:47:03.0781 1676 OS Version: 5.1.2600 ServicePack: 3.0
22:47:03.0781 1676 Product type: Workstation
22:47:03.0781 1676 ComputerName: IU-611DF5E7B7E7
22:47:03.0781 1676 UserName: Administrator
22:47:03.0781 1676 Windows directory: C:\WINDOWS
22:47:03.0781 1676 System windows directory: C:\WINDOWS
22:47:03.0781 1676 Processor architecture: Intel x86
22:47:03.0781 1676 Number of processors: 2
22:47:03.0781 1676 Page size: 0x1000
22:47:03.0781 1676 Boot type: Safe boot with network
22:47:03.0781 1676 ============================================================
22:47:05.0046 1676 Drive \Device\Harddisk0\DR0 - Size: 0x7DFD8A000 (31.50 Gb), SectorSize: 0x200, Cylinders: 0x3FFE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000054
22:47:05.0062 1676 Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:47:05.0078 1676 Drive \Device\Harddisk6\DR12 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:47:05.0078 1676 ============================================================
22:47:05.0078 1676 \Device\Harddisk0\DR0:
22:47:05.0078 1676 MBR partitions:
22:47:05.0078 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3EFEC11
22:47:05.0078 1676 \Device\Harddisk1\DR1:
22:47:05.0078 1676 MBR partitions:
22:47:05.0078 1676 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
22:47:05.0078 1676 \Device\Harddisk6\DR12:
22:47:05.0078 1676 MBR partitions:
22:47:05.0078 1676 \Device\Harddisk6\DR12\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E07E0
22:47:05.0078 1676 ============================================================
22:47:05.0093 1676 C: <-> \Device\Harddisk1\DR1\Partition0
22:47:05.0109 1676 D: <-> \Device\Harddisk0\DR0\Partition0
22:47:05.0125 1676 ============================================================
22:47:05.0125 1676 Initialize success
22:47:05.0125 1676 ============================================================
22:47:41.0718 1860 ============================================================
22:47:41.0718 1860 Scan started
22:47:41.0718 1860 Mode: Manual; TDLFS;
22:47:41.0718 1860 ============================================================
22:47:42.0468 1860 Abiosdsk - ok
22:47:42.0484 1860 abp480n5 - ok
22:47:42.0531 1860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:42.0531 1860 ACPI - ok
22:47:42.0562 1860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:47:42.0562 1860 ACPIEC - ok
22:47:42.0562 1860 adpu160m - ok
22:47:42.0593 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:47:42.0593 1860 aec - ok
22:47:42.0625 1860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:47:42.0625 1860 AFD - ok
22:47:42.0625 1860 Aha154x - ok
22:47:42.0656 1860 aic78u2 - ok
22:47:42.0671 1860 aic78xx - ok
22:47:42.0687 1860 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:47:42.0687 1860 Alerter - ok
22:47:42.0703 1860 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:47:42.0703 1860 ALG - ok
22:47:42.0718 1860 AliIde - ok
22:47:42.0734 1860 amsint - ok
22:47:42.0796 1860 Apple Mobile Device (a5299d04ed225d64cf07a568a3e1bf8c) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:47:42.0812 1860 Apple Mobile Device - ok
22:47:42.0828 1860 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:47:42.0828 1860 AppMgmt - ok
22:47:42.0859 1860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:47:42.0859 1860 Arp1394 - ok
22:47:42.0875 1860 asc - ok
22:47:42.0890 1860 asc3350p - ok
22:47:42.0906 1860 asc3550 - ok
22:47:42.0921 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:42.0921 1860 AsyncMac - ok
22:47:42.0953 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:42.0953 1860 atapi - ok
22:47:42.0968 1860 Atdisk - ok
22:47:42.0984 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:42.0984 1860 Atmarpc - ok
22:47:43.0015 1860 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:47:43.0015 1860 AudioSrv - ok
22:47:43.0031 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:43.0031 1860 audstub - ok
22:47:43.0062 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:47:43.0062 1860 Beep - ok
22:47:43.0093 1860 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:47:43.0109 1860 BITS - ok
22:47:43.0156 1860 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:47:43.0171 1860 Bonjour Service - ok
22:47:43.0187 1860 Browser (cfd4e51402da9838b5a04ae680af54a0) C:\WINDOWS\System32\browser.dll
22:47:43.0187 1860 Browser - ok
22:47:43.0203 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:43.0203 1860 cbidf2k - ok
22:47:43.0218 1860 cd20xrnt - ok
22:47:43.0250 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:43.0250 1860 Cdaudio - ok
22:47:43.0265 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:43.0265 1860 Cdfs - ok
22:47:43.0296 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:43.0296 1860 Cdrom - ok
22:47:43.0296 1860 Changer - ok
22:47:43.0328 1860 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:47:43.0328 1860 CiSvc - ok
22:47:43.0328 1860 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:47:43.0343 1860 ClipSrv - ok
22:47:43.0406 1860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:43.0406 1860 clr_optimization_v4.0.30319_32 - ok
22:47:43.0421 1860 CmdIde - ok
22:47:43.0437 1860 COMSysApp - ok
22:47:43.0468 1860 Cpqarray - ok
22:47:43.0484 1860 cpudrv - ok
22:47:43.0515 1860 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:47:43.0515 1860 CryptSvc - ok
22:47:43.0515 1860 dac2w2k - ok
22:47:43.0531 1860 dac960nt - ok
22:47:43.0578 1860 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:47:43.0578 1860 DcomLaunch - ok
22:47:43.0671 1860 DefaultTabUpdate (34ae0dfa3ee3b5b9975042d87332d0b7) C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
22:47:43.0671 1860 DefaultTabUpdate - ok
22:47:43.0765 1860 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:47:43.0765 1860 Dhcp - ok
22:47:43.0796 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:43.0796 1860 Disk - ok
22:47:43.0796 1860 dmadmin - ok
22:47:43.0859 1860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:47:43.0859 1860 dmboot - ok
22:47:43.0875 1860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:47:43.0875 1860 dmio - ok
22:47:43.0890 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:47:43.0890 1860 dmload - ok
22:47:43.0921 1860 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:47:43.0921 1860 dmserver - ok
22:47:43.0937 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:47:43.0937 1860 DMusic - ok
22:47:43.0953 1860 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:47:43.0953 1860 Dnscache - ok
22:47:43.0984 1860 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:47:43.0984 1860 Dot3svc - ok
22:47:44.0000 1860 dpti2o - ok
22:47:44.0015 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:44.0015 1860 drmkaud - ok
22:47:44.0046 1860 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:47:44.0046 1860 e1express - ok
22:47:44.0062 1860 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:47:44.0062 1860 EapHost - ok
22:47:44.0078 1860 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:47:44.0093 1860 ERSvc - ok
22:47:44.0125 1860 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:47:44.0125 1860 Eventlog - ok
22:47:44.0140 1860 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:47:44.0140 1860 EventSystem - ok
22:47:44.0171 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:44.0171 1860 Fastfat - ok
22:47:44.0187 1860 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:47:44.0203 1860 FastUserSwitchingCompatibility - ok
22:47:44.0218 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:47:44.0218 1860 Fdc - ok
22:47:44.0234 1860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:47:44.0234 1860 Fips - ok
22:47:44.0234 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:47:44.0234 1860 Flpydisk - ok
22:47:44.0265 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:47:44.0265 1860 FltMgr - ok
22:47:44.0281 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:44.0281 1860 Fs_Rec - ok
22:47:44.0296 1860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:44.0296 1860 Ftdisk - ok
22:47:44.0328 1860 GEARAspiWDM (185ada973b5020655cee342059a86cbb) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:47:44.0328 1860 GEARAspiWDM - ok
22:47:44.0343 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:44.0343 1860 Gpc - ok
22:47:44.0359 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:47:44.0359 1860 HDAudBus - ok
22:47:44.0406 1860 HECI (77ffc30aed2a09bc5dabdd9bc3f392d5) C:\WINDOWS\system32\DRIVERS\HECI.sys
22:47:44.0406 1860 HECI - ok
22:47:44.0453 1860 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:47:44.0453 1860 helpsvc - ok
22:47:44.0468 1860 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:47:44.0468 1860 HidServ - ok
22:47:44.0500 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:44.0500 1860 HidUsb - ok
22:47:44.0515 1860 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:47:44.0515 1860 hkmsvc - ok
22:47:44.0531 1860 hpn - ok
22:47:44.0562 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:44.0562 1860 HTTP - ok
22:47:44.0593 1860 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:47:44.0593 1860 HTTPFilter - ok
22:47:44.0593 1860 i2omgmt - ok
22:47:44.0609 1860 i2omp - ok
22:47:44.0640 1860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:44.0640 1860 i8042prt - ok
22:47:44.0875 1860 ialm (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:47:45.0000 1860 ialm - ok
22:47:45.0078 1860 igfx - ok
22:47:45.0093 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:45.0093 1860 Imapi - ok
22:47:45.0125 1860 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:47:45.0125 1860 ImapiService - ok
22:47:45.0140 1860 ini910u - ok
22:47:45.0171 1860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:47:45.0171 1860 IntelIde - ok
22:47:45.0187 1860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:47:45.0187 1860 intelppm - ok
22:47:45.0218 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:47:45.0218 1860 Ip6Fw - ok
22:47:45.0234 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:45.0234 1860 IpFilterDriver - ok
22:47:45.0250 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:45.0250 1860 IpInIp - ok
22:47:45.0281 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:45.0281 1860 IpNat - ok
22:47:45.0359 1860 iPod Service (e8a39d41474be42fd8830ced32932d6c) C:\Program Files\iPod\bin\iPodService.exe
22:47:45.0359 1860 iPod Service - ok
22:47:45.0375 1860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:45.0390 1860 IPSec - ok
22:47:45.0406 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:45.0406 1860 IRENUM - ok
22:47:45.0437 1860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:45.0437 1860 isapnp - ok
22:47:45.0484 1860 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:47:45.0484 1860 JavaQuickStarterService - ok
22:47:45.0500 1860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:45.0500 1860 Kbdclass - ok
22:47:45.0531 1860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:45.0531 1860 kbdhid - ok
22:47:45.0562 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:47:45.0562 1860 kmixer - ok
22:47:45.0593 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:45.0593 1860 KSecDD - ok
22:47:45.0625 1860 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:47:45.0625 1860 LanmanServer - ok
22:47:45.0640 1860 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:47:45.0640 1860 lanmanworkstation - ok
22:47:45.0656 1860 lbrtfdc - ok
22:47:45.0703 1860 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:47:45.0703 1860 LmHosts - ok
22:47:45.0718 1860 LMS (1dfd22357216bdfeb627f5f96cf839ed) C:\Program Files\Intel\AMT\LMS.exe
22:47:45.0718 1860 LMS - ok
22:47:45.0750 1860 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:47:45.0750 1860 Messenger - ok
22:47:45.0765 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:45.0765 1860 mnmdd - ok
22:47:45.0796 1860 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:47:45.0796 1860 mnmsrvc - ok
22:47:45.0812 1860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:47:45.0812 1860 Modem - ok
22:47:45.0828 1860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:45.0828 1860 Mouclass - ok
22:47:45.0843 1860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:45.0843 1860 mouhid - ok
22:47:45.0859 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:45.0875 1860 MountMgr - ok
22:47:45.0890 1860 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:47:45.0890 1860 MpFilter - ok
22:47:45.0921 1860 MpKslf7c42b8e - ok
22:47:45.0937 1860 mraid35x - ok
22:47:45.0968 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:47:45.0968 1860 MRxDAV - ok
22:47:46.0015 1860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:47:46.0015 1860 MRxSmb - ok
22:47:46.0046 1860 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:47:46.0046 1860 MSDTC - ok
22:47:46.0078 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:47:46.0078 1860 Msfs - ok
22:47:46.0093 1860 MSIServer - ok
22:47:46.0125 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:47:46.0125 1860 MSKSSRV - ok
22:47:46.0171 1860 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:47:46.0171 1860 MsMpSvc - ok
22:47:46.0187 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:47:46.0187 1860 MSPCLOCK - ok
22:47:46.0203 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:47:46.0203 1860 MSPQM - ok
22:47:46.0218 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:47:46.0218 1860 mssmbios - ok
22:47:46.0250 1860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:47:46.0250 1860 Mup - ok
22:47:46.0281 1860 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:47:46.0296 1860 napagent - ok
22:47:46.0312 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:47:46.0328 1860 NDIS - ok
22:47:46.0328 1860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:47:46.0328 1860 NdisTapi - ok
22:47:46.0343 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:47:46.0343 1860 Ndisuio - ok
22:47:46.0375 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:47:46.0375 1860 NdisWan - ok
22:47:46.0390 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:47:46.0390 1860 NDProxy - ok
22:47:46.0406 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:47:46.0406 1860 NetBIOS - ok
22:47:46.0437 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:47:46.0437 1860 NetBT - ok
22:47:46.0468 1860 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:47:46.0468 1860 NetDDE - ok
22:47:46.0484 1860 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:47:46.0484 1860 NetDDEdsdm - ok
22:47:46.0500 1860 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:47:46.0500 1860 Netlogon - ok
22:47:46.0531 1860 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:47:46.0531 1860 Netman - ok
22:47:46.0546 1860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:47:46.0546 1860 NIC1394 - ok
22:47:46.0578 1860 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:47:46.0578 1860 Nla - ok
22:47:46.0593 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:47:46.0593 1860 Npfs - ok
22:47:46.0625 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:47:46.0625 1860 Ntfs - ok
22:47:46.0640 1860 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:47:46.0640 1860 NtLmSsp - ok
22:47:46.0687 1860 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:47:46.0703 1860 NtmsSvc - ok
22:47:46.0734 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:47:46.0734 1860 Null - ok
22:47:46.0750 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:47:46.0750 1860 NwlnkFlt - ok
22:47:46.0750 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:47:46.0750 1860 NwlnkFwd - ok
22:47:46.0781 1860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:47:46.0781 1860 ohci1394 - ok
22:47:46.0796 1860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:47:46.0796 1860 Parport - ok
22:47:46.0812 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:47:46.0828 1860 PartMgr - ok
22:47:46.0843 1860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:47:46.0843 1860 ParVdm - ok
22:47:46.0859 1860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:47:46.0859 1860 PCI - ok
22:47:46.0875 1860 PCIDump - ok
22:47:46.0890 1860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:47:46.0890 1860 PCIIde - ok
22:47:46.0921 1860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:47:46.0921 1860 Pcmcia - ok
22:47:46.0921 1860 PDCOMP - ok
22:47:46.0937 1860 PDFRAME - ok
22:47:46.0953 1860 PDRELI - ok
22:47:46.0968 1860 PDRFRAME - ok
22:47:46.0984 1860 perc2 - ok
22:47:47.0015 1860 perc2hib - ok
22:47:47.0062 1860 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:47:47.0078 1860 PlugPlay - ok
22:47:47.0078 1860 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:47:47.0078 1860 PolicyAgent - ok
22:47:47.0109 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:47:47.0109 1860 PptpMiniport - ok
22:47:47.0109 1860 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:47:47.0109 1860 ProtectedStorage - ok
22:47:47.0140 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:47:47.0140 1860 PSched - ok
22:47:47.0156 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:47:47.0156 1860 Ptilink - ok
22:47:47.0171 1860 ql1080 - ok
22:47:47.0187 1860 Ql10wnt - ok
22:47:47.0203 1860 ql12160 - ok
22:47:47.0218 1860 ql1240 - ok
22:47:47.0234 1860 ql1280 - ok
22:47:47.0250 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:47:47.0250 1860 RasAcd - ok
22:47:47.0281 1860 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:47:47.0296 1860 RasAuto - ok
22:47:47.0296 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:47:47.0296 1860 Rasl2tp - ok
22:47:47.0328 1860 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:47:47.0328 1860 RasMan - ok
22:47:47.0343 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:47:47.0343 1860 RasPppoe - ok
22:47:47.0359 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:47:47.0359 1860 Raspti - ok
22:47:47.0390 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:47:47.0390 1860 Rdbss - ok
22:47:47.0390 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:47:47.0390 1860 RDPCDD - ok
22:47:47.0437 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:47:47.0453 1860 rdpdr - ok
22:47:47.0484 1860 RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
22:47:47.0484 1860 RDPWD - ok
22:47:47.0500 1860 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:47:47.0515 1860 RDSessMgr - ok
22:47:47.0515 1860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:47:47.0531 1860 redbook - ok
22:47:47.0562 1860 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:47:47.0562 1860 RemoteAccess - ok
22:47:47.0578 1860 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:47:47.0593 1860 RemoteRegistry - ok
22:47:47.0609 1860 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:47:47.0609 1860 RpcLocator - ok
22:47:47.0640 1860 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:47:47.0640 1860 RpcSs - ok
22:47:47.0671 1860 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:47:47.0671 1860 RSVP - ok
22:47:47.0687 1860 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:47:47.0687 1860 SamSs - ok
22:47:47.0718 1860 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:47:47.0718 1860 SCardSvr - ok
22:47:47.0750 1860 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:47:47.0750 1860 Schedule - ok
22:47:47.0765 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:47:47.0765 1860 Secdrv - ok
22:47:47.0781 1860 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:47:47.0781 1860 seclogon - ok
22:47:47.0796 1860 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:47:47.0812 1860 SENS - ok
22:47:47.0828 1860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:47:47.0828 1860 serenum - ok
22:47:47.0828 1860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:47:47.0828 1860 Serial - ok
22:47:47.0890 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:47:47.0890 1860 Sfloppy - ok
22:47:47.0906 1860 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:47:47.0906 1860 SharedAccess - ok
22:47:47.0937 1860 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:47:47.0937 1860 ShellHWDetection - ok
22:47:47.0953 1860 Simbad - ok
22:47:47.0968 1860 Sparrow - ok
22:47:48.0000 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:47:48.0000 1860 splitter - ok
22:47:48.0015 1860 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:47:48.0015 1860 Spooler - ok
22:47:48.0046 1860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:47:48.0046 1860 sr - ok
22:47:48.0062 1860 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:47:48.0062 1860 srservice - ok
22:47:48.0078 1860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:47:48.0093 1860 Srv - ok
22:47:48.0109 1860 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:47:48.0109 1860 SSDPSRV - ok
22:47:48.0140 1860 STacSV - ok
22:47:48.0218 1860 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
22:47:48.0218 1860 STHDA - ok
22:47:48.0265 1860 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:47:48.0265 1860 stisvc - ok
22:47:48.0281 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:47:48.0281 1860 swenum - ok
22:47:48.0312 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:47:48.0312 1860 swmidi - ok
22:47:48.0312 1860 SwPrv - ok
22:47:48.0328 1860 symc810 - ok
22:47:48.0343 1860 symc8xx - ok
22:47:48.0359 1860 sym_hi - ok
22:47:48.0375 1860 sym_u3 - ok
22:47:48.0406 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:47:48.0406 1860 sysaudio - ok
22:47:48.0421 1860 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:47:48.0437 1860 SysmonLog - ok
22:47:48.0453 1860 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:47:48.0453 1860 TapiSrv - ok
22:47:48.0484 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:47:48.0500 1860 Tcpip - ok
22:47:48.0515 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:47:48.0515 1860 TDPIPE - ok
22:47:48.0531 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:47:48.0531 1860 TDTCP - ok
22:47:48.0562 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:47:48.0562 1860 TermDD - ok
22:47:48.0578 1860 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:47:48.0593 1860 TermService - ok
22:47:48.0609 1860 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:47:48.0609 1860 Themes - ok
22:47:48.0625 1860 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:47:48.0625 1860 TlntSvr - ok
22:47:48.0640 1860 TosIde - ok
22:47:48.0671 1860 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:47:48.0671 1860 TrkWks - ok
22:47:48.0703 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:47:48.0703 1860 Udfs - ok
22:47:48.0703 1860 ultra - ok
22:47:48.0750 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:47:48.0750 1860 Update - ok
22:47:48.0765 1860 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:47:48.0781 1860 upnphost - ok
22:47:48.0781 1860 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:47:48.0781 1860 UPS - ok
22:47:48.0828 1860 USBAAPL (8bf5d980cdce35fb26f05047144bb57e) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:47:48.0828 1860 USBAAPL - ok
22:47:48.0859 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:47:48.0859 1860 usbccgp - ok
22:47:48.0875 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:47:48.0875 1860 usbehci - ok
22:47:48.0890 1860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:47:48.0890 1860 usbhub - ok
22:47:48.0921 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:47:48.0921 1860 usbprint - ok
22:47:48.0953 1860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:47:48.0953 1860 usbscan - ok
22:47:48.0968 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:47:48.0968 1860 USBSTOR - ok
22:47:48.0984 1860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:47:48.0984 1860 usbuhci - ok
22:47:49.0015 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:47:49.0015 1860 VgaSave - ok
22:47:49.0015 1860 ViaIde - ok
22:47:49.0046 1860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:47:49.0046 1860 VolSnap - ok
22:47:49.0078 1860 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:47:49.0078 1860 VSS - ok
22:47:49.0109 1860 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:47:49.0125 1860 W32Time - ok
22:47:49.0140 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:47:49.0140 1860 Wanarp - ok
22:47:49.0156 1860 WDICA - ok
22:47:49.0171 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:47:49.0171 1860 wdmaud - ok
22:47:49.0203 1860 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:47:49.0203 1860 WebClient - ok
22:47:49.0234 1860 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:47:49.0234 1860 winmgmt - ok
22:47:49.0281 1860 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
22:47:49.0281 1860 WmdmPmSN - ok
22:47:49.0328 1860 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:47:49.0328 1860 Wmi - ok
22:47:49.0359 1860 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:47:49.0359 1860 WmiApSrv - ok
22:47:49.0421 1860 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:47:49.0437 1860 WPFFontCache_v0400 - ok
22:47:49.0468 1860 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:47:49.0468 1860 wscsvc - ok
22:47:49.0484 1860 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:47:49.0500 1860 wuauserv - ok
22:47:49.0531 1860 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:47:49.0531 1860 WZCSVC - ok
22:47:49.0562 1860 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:47:49.0562 1860 xmlprov - ok
22:47:49.0656 1860 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:47:49.0671 1860 YahooAUService - ok
22:47:49.0703 1860 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
22:47:52.0593 1860 \Device\Harddisk0\DR0 - ok
22:47:52.0593 1860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:47:52.0937 1860 \Device\Harddisk1\DR1 - ok
22:47:52.0953 1860 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR12
22:47:53.0390 1860 \Device\Harddisk6\DR12 - ok
22:47:53.0406 1860 Boot (0x1200) (a83abb6393568db05ef5867c68e0c788) \Device\Harddisk0\DR0\Partition0
22:47:53.0406 1860 \Device\Harddisk0\DR0\Partition0 - ok
22:47:53.0421 1860 Boot (0x1200) (6a822167427efa74a74b86bb4bea0c90) \Device\Harddisk1\DR1\Partition0
22:47:53.0421 1860 \Device\Harddisk1\DR1\Partition0 - ok
22:47:53.0437 1860 Boot (0x1200) (451b198eadee80b73ec2096deb90a8a5) \Device\Harddisk6\DR12\Partition0
22:47:53.0437 1860 \Device\Harddisk6\DR12\Partition0 - ok
22:47:53.0437 1860 ============================================================
22:47:53.0437 1860 Scan finished
22:47:53.0437 1860 ============================================================
22:47:53.0468 1804 Detected object count: 0
22:47:53.0468 1804 Actual detected object count: 0
22:48:07.0531 1660 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2013-01-04 22:48:15
-----------------------------
22:48:15.312 OS Version: Windows 5.1.2600 Service Pack 3
22:48:15.312 Number of processors: 2 586 0xF06
22:48:15.312 ComputerName: IU-611DF5E7B7E7 UserName: Administrator
22:48:15.703 Initialize success
22:49:43.421 AVAST engine defs: 13010401
22:49:49.171 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
22:49:49.171 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 32253MB BusType: 3
22:49:49.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1a
22:49:49.203 Disk 1 Vendor: Hitachi_HDS721616PLA380 P22OAB3A Size: 157066MB BusType: 3
22:49:49.218 Disk 1 MBR read successfully
22:49:49.234 Disk 1 MBR scan
22:49:49.250 Disk 1 Windows XP default MBR code
22:49:49.250 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 157065 MB offset 63
22:49:49.265 Disk 1 scanning sectors +321669495
22:49:49.359 Disk 1 scanning C:\WINDOWS\system32\drivers
22:49:53.234 Service scanning
22:50:02.906 Modules scanning
22:50:05.921 Disk 1 trace - called modules:
22:50:05.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:50:06.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89b78ab8]
22:50:06.046 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000061[0x89b7d990]
22:50:06.078 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1a[0x89b58d98]
22:50:06.453 AVAST engine scan C:\WINDOWS
22:50:13.750 AVAST engine scan C:\WINDOWS\system32
22:51:11.437 AVAST engine scan C:\WINDOWS\system32\drivers
22:51:16.718 AVAST engine scan C:\Documents and Settings\Administrator
22:51:19.000 AVAST engine scan C:\Documents and Settings\All Users
22:51:59.890 Disk 1 MBR has been saved successfully to "C:\MBR.dat"
22:51:59.921 The log file has been saved successfully to "C:\aswMBR.txt"


C:\Documents and Settings\Owner\Application Data\bsade.exe Win32/Ainslot.AB worm cleaned by deleting - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 05 January 2013 - 03:29 AM

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 05 January 2013 - 07:36 PM

Ok, I hope this is right. The junkware removal tool would not allow me to run as admin, because I don't have/know the passcode. I ran it as owner.
Here we go...
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2013-01-04 22:48:15
-----------------------------
22:48:15.312 OS Version: Windows 5.1.2600 Service Pack 3
22:48:15.312 Number of processors: 2 586 0xF06
22:48:15.312 ComputerName: IU-611DF5E7B7E7 UserName: Administrator
22:48:15.703 Initialize success
22:49:43.421 AVAST engine defs: 13010401
22:49:49.171 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
22:49:49.171 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 32253MB BusType: 3
22:49:49.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1a
22:49:49.203 Disk 1 Vendor: Hitachi_HDS721616PLA380 P22OAB3A Size: 157066MB BusType: 3
22:49:49.218 Disk 1 MBR read successfully
22:49:49.234 Disk 1 MBR scan
22:49:49.250 Disk 1 Windows XP default MBR code
22:49:49.250 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 157065 MB offset 63
22:49:49.265 Disk 1 scanning sectors +321669495
22:49:49.359 Disk 1 scanning C:\WINDOWS\system32\drivers
22:49:53.234 Service scanning
22:50:02.906 Modules scanning
22:50:05.921 Disk 1 trace - called modules:
22:50:05.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:50:06.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89b78ab8]
22:50:06.046 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000061[0x89b7d990]
22:50:06.078 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1a[0x89b58d98]
22:50:06.453 AVAST engine scan C:\WINDOWS
22:50:13.750 AVAST engine scan C:\WINDOWS\system32
22:51:11.437 AVAST engine scan C:\WINDOWS\system32\drivers
22:51:16.718 AVAST engine scan C:\Documents and Settings\Administrator
22:51:19.000 AVAST engine scan C:\Documents and Settings\All Users
22:51:59.890 Disk 1 MBR has been saved successfully to "C:\MBR.dat"
22:51:59.921 The log file has been saved successfully to "C:\aswMBR.txt"


MiniToolBox by Farbar Version: 25-11-2012
Ran by Owner (administrator) on 05-01-2013 at 17:20:54
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DM Gigabit Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : iu-611df5e7b7e7

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel® 82566DM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-19-D1-83-54-03

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.242.0.12

Lease Obtained. . . . . . . . . . : Saturday, January 05, 2013 4:57:54 PM

Lease Expires . . . . . . . . . . : Sunday, January 06, 2013 4:57:54 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.66, 74.125.228.64, 74.125.228.65, 74.125.228.71
74.125.228.78, 74.125.228.73, 74.125.228.69, 74.125.228.67, 74.125.228.72
74.125.228.70, 74.125.228.68



Pinging google.com [74.125.228.64] with 32 bytes of data:



Reply from 74.125.228.64: bytes=32 time=17ms TTL=252

Reply from 74.125.228.64: bytes=32 time=20ms TTL=252



Ping statistics for 74.125.228.64:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 20ms, Average = 18ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=140ms TTL=250

Reply from 72.30.38.140: bytes=32 time=113ms TTL=250



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 140ms, Average = 126ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 83 54 03 ...... Intel® 82566DM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.6 20
192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20
224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20
255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2013 10:55:21 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/01/2013 08:28:52 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:52:19 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:49:42 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:37:30 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:25:11 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:12:56 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:00:45 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 06:48:29 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 06:36:15 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed


System errors:
=============
Error: (01/05/2013 04:20:53 PM) (Source: Service Control Manager) (User: )
Description: The Audio Service service failed to start due to the following error:
%%3

Error: (01/04/2013 11:11:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/04/2013 11:07:50 PM) (Source: DCOM) (User: IU-611DF5E7B7E7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/04/2013 11:05:36 PM) (Source: DCOM) (User: IU-611DF5E7B7E7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/04/2013 11:05:31 PM) (Source: DCOM) (User: IU-611DF5E7B7E7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/04/2013 10:55:21 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.3039.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/04/2013 10:55:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/04/2013 10:55:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/04/2013 10:51:42 PM) (Source: DCOM) (User: IU-611DF5E7B7E7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/04/2013 10:46:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter


Microsoft Office Sessions:
=========================
Error: (01/04/2013 10:55:21 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/01/2013 08:28:52 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:52:19 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:49:42 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:37:30 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:25:11 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:12:56 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 07:00:45 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 06:48:29 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/01/2013 06:36:15 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
DefaultTab (Version: 1.3.1.0)
ESET Online Scanner v3
Intel® Active Management Technology LMS Service and SOL Driver
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
NetAssistant (Version: 3.8.3)
NVIDIA Drivers
QuickTime (Version: 7.71.80.42)
Qwiklinx (Version: 1.0.0.686)
Shop To Win (Version: 1.1.0.0)
Strongvault Online Backup (Version: 1.0.1.0)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
W3i NetAssistant (Version: 3.8.3)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 2021.51 MB
Available physical RAM: 1582.34 MB
Total Pagefile: 3918.14 MB
Available Pagefile: 3646.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:153.38 GB) (Free:125.21 GB) NTFS
2 Drive d: (music stuff) (Fixed) (Total:31.5 GB) (Free:5.6 GB) NTFS
7 Drive j: () (Removable) (Total:0.94 GB) (Free:0.01 GB) FAT

========================= Users: ========================================

User accounts for \\IU-611DF5E7B7E7

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0

========================= Restore Points ==================================

28-12-2012 03:40:38 Software Distribution Service 3.0
29-12-2012 03:34:53 Software Distribution Service 3.0
30-12-2012 03:34:52 Software Distribution Service 3.0
30-12-2012 06:59:48 Software Distribution Service 3.0
31-12-2012 05:02:08 Software Distribution Service 3.0
31-12-2012 07:15:36 Software Distribution Service 3.0
01-01-2013 07:32:35 Software Distribution Service 3.0
01-01-2013 07:44:57 Software Distribution Service 3.0
01-01-2013 07:57:13 Software Distribution Service 3.0
01-01-2013 08:09:29 Software Distribution Service 3.0
01-01-2013 09:59:25 Software Distribution Service 3.0
01-01-2013 11:25:04 Software Distribution Service 3.0
01-01-2013 11:37:16 Software Distribution Service 3.0
01-01-2013 13:39:34 Software Distribution Service 3.0
01-01-2013 13:51:50 Software Distribution Service 3.0
01-01-2013 14:04:03 Software Distribution Service 3.0
01-01-2013 14:16:17 Software Distribution Service 3.0
01-01-2013 15:05:07 Software Distribution Service 3.0
01-01-2013 15:17:27 Software Distribution Service 3.0
01-01-2013 15:29:38 Software Distribution Service 3.0
01-01-2013 15:41:57 Software Distribution Service 3.0
01-01-2013 16:06:26 Software Distribution Service 3.0
01-01-2013 16:18:35 Software Distribution Service 3.0
01-01-2013 16:55:16 Software Distribution Service 3.0
01-01-2013 17:07:30 Software Distribution Service 3.0
01-01-2013 17:19:48 Software Distribution Service 3.0
01-01-2013 17:44:13 Software Distribution Service 3.0
01-01-2013 17:56:33 Software Distribution Service 3.0
01-01-2013 18:08:42 Software Distribution Service 3.0
01-01-2013 18:33:07 Software Distribution Service 3.0
01-01-2013 18:45:27 Software Distribution Service 3.0
01-01-2013 19:42:14 Software Distribution Service 3.0
01-01-2013 19:54:23 Software Distribution Service 3.0
01-01-2013 20:06:44 Software Distribution Service 3.0
01-01-2013 20:31:07 Software Distribution Service 3.0
01-01-2013 21:07:56 Software Distribution Service 3.0
01-01-2013 21:20:07 Software Distribution Service 3.0
01-01-2013 21:32:22 Software Distribution Service 3.0
01-01-2013 21:44:40 Software Distribution Service 3.0
01-01-2013 21:56:56 Software Distribution Service 3.0
01-01-2013 22:09:09 Software Distribution Service 3.0
01-01-2013 22:21:27 Software Distribution Service 3.0
01-01-2013 22:45:53 Software Distribution Service 3.0
01-01-2013 22:58:07 Software Distribution Service 3.0
01-01-2013 23:10:28 Software Distribution Service 3.0
01-01-2013 23:22:41 Software Distribution Service 3.0
01-01-2013 23:47:08 Software Distribution Service 3.0
01-01-2013 23:59:25 Software Distribution Service 3.0
02-01-2013 00:11:40 Software Distribution Service 3.0
02-01-2013 00:36:05 Software Distribution Service 3.0
02-01-2013 01:43:48 Software Distribution Service 3.0
02-01-2013 02:20:46 Software Distribution Service 3.0
02-01-2013 02:45:14 Software Distribution Service 3.0
02-01-2013 02:57:33 Software Distribution Service 3.0
02-01-2013 03:09:48 Software Distribution Service 3.0
02-01-2013 03:21:58 Software Distribution Service 3.0
02-01-2013 03:34:18 Software Distribution Service 3.0
02-01-2013 03:46:30 Software Distribution Service 3.0
02-01-2013 04:11:07 Software Distribution Service 3.0
02-01-2013 04:23:17 Software Distribution Service 3.0
02-01-2013 04:47:54 Software Distribution Service 3.0
02-01-2013 05:24:38 Software Distribution Service 3.0
02-01-2013 06:25:48 Software Distribution Service 3.0
02-01-2013 08:00:13 Software Distribution Service 3.0
02-01-2013 10:06:01 Software Distribution Service 3.0
02-01-2013 10:18:19 Software Distribution Service 3.0
02-01-2013 11:31:39 Software Distribution Service 3.0
02-01-2013 12:08:28 Software Distribution Service 3.0
02-01-2013 13:21:53 Software Distribution Service 3.0
02-01-2013 13:34:08 Software Distribution Service 3.0
02-01-2013 13:46:26 Software Distribution Service 3.0
02-01-2013 14:59:51 Software Distribution Service 3.0
02-01-2013 15:48:53 Software Distribution Service 3.0
02-01-2013 16:13:21 Software Distribution Service 3.0
02-01-2013 17:02:18 Software Distribution Service 3.0
02-01-2013 17:14:38 Software Distribution Service 3.0
02-01-2013 17:26:54 Software Distribution Service 3.0
02-01-2013 17:39:09 Software Distribution Service 3.0
02-01-2013 17:51:28 Software Distribution Service 3.0
02-01-2013 18:40:26 Software Distribution Service 3.0
02-01-2013 19:04:57 Software Distribution Service 3.0
02-01-2013 19:17:12 Software Distribution Service 3.0
02-01-2013 19:41:41 Software Distribution Service 3.0
02-01-2013 20:18:25 Software Distribution Service 3.0
02-01-2013 20:55:03 Software Distribution Service 3.0
02-01-2013 21:07:25 Software Distribution Service 3.0
02-01-2013 21:19:42 Software Distribution Service 3.0
02-01-2013 21:31:54 Software Distribution Service 3.0
02-01-2013 21:56:28 Software Distribution Service 3.0
02-01-2013 22:21:03 Software Distribution Service 3.0
02-01-2013 23:10:05 Software Distribution Service 3.0
02-01-2013 23:22:20 Software Distribution Service 3.0
02-01-2013 23:46:51 Software Distribution Service 3.0
02-01-2013 23:59:05 Software Distribution Service 3.0
03-01-2013 00:11:17 Software Distribution Service 3.0
03-01-2013 01:00:19 Software Distribution Service 3.0
03-01-2013 01:24:53 Software Distribution Service 3.0
03-01-2013 01:37:06 Software Distribution Service 3.0
03-01-2013 02:01:40 Software Distribution Service 3.0
03-01-2013 02:13:55 Software Distribution Service 3.0
03-01-2013 03:51:44 Software Distribution Service 3.0
03-01-2013 04:03:59 Software Distribution Service 3.0
03-01-2013 04:28:28 Software Distribution Service 3.0
03-01-2013 05:29:44 Software Distribution Service 3.0
03-01-2013 06:06:28 Software Distribution Service 3.0
03-01-2013 07:07:45 Software Distribution Service 3.0
03-01-2013 08:21:12 Software Distribution Service 3.0
03-01-2013 09:46:53 Software Distribution Service 3.0
03-01-2013 10:10:55 Software Distribution Service 3.0
05-01-2013 21:22:01 Software Distribution Service 3.0
05-01-2013 21:32:05 Software Distribution Service 3.0
05-01-2013 22:09:33 Malwarebytes Anti-Rootkit Restore Point

**** End of log ****

Farbar Service Scanner Version: 05-01-2013
Ran by Owner (administrator) on 05-01-2013 at 17:22:05
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


# AdwCleaner v2.104 - Logfile created 01/05/2013 at 17:22:47
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - IU-611DF5E7B7E7
# Boot Mode : Normal
# Running from : J:\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabUpdate

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Owner\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Owner\Application Data\Qwiklinx
Folder Found : C:\Documents and Settings\Owner\My Documents\ShopToWin
Folder Found : C:\Program Files\Qwiklinx
Folder Found : C:\Program Files\Shop To Win

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\FCTB000100565
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\ShopToWin
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\FCTB000100565
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3747 octets] - [05/01/2013 17:22:47]

########## EOF - C:\AdwCleaner[R1].txt - [3807 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.8 (01.03.2013:2)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 01/05/2013 at 19:06:21.18
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\messenger
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\shop to win
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\qwiklinx
Successfully deleted: [Registry Key] hkey_current_user\software\shoptowin
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecause
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\qwiklinxbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\qwiklinxbho.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.FCTB000100565Pos
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.FCTB000100565Pos.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.IEToolbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.IEToolbar.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.JSOptionsImpl
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100565.JSOptionsImpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3e7c8b5a-96ab-438f-bf9b-782400655440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3e7c8b5a-96ab-438f-bf9b-782400655440}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\FCTB000100565
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\qwiklinx"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Program Files\qwiklinx"
Successfully deleted: [Folder] "C:\Program Files\shop to win"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\start menu\programs\netassistant"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/05/2013 at 19:12:33.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


THANKS ALOT!

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 06 January 2013 - 09:51 AM

Any current issues?

Launch Adware cleaner and select DELETE.You have selected search option

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 07 January 2013 - 10:35 PM

Saddly, yes, still cant open explorer. It pops up, but then shuts down within seconds. I am able to run security essentials now, but it can't find any malware. I see strongvault and netassistant in my program files, but I can't remove either of them. I believe these are maalware. Here are the logs. Thanks again!

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2013 08:59:08 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/07/2013 08:59:36 PM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "UIUCU" "" "" "File not found: C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "StrongVaultApp.exe.lnk" "" "" "c:\documents and settings\all users\start menu\programs\startup\strongvaultapp.exe.lnk"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "windows" "" "" "File not found: C:\Documents and Settings\Owner\Application Data\bsade.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "" "" "File not found: C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "" "" "File not found: C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "FCToolbarURLSearchHook Class" "" "" "c:\program files\shop to win 27\helper.dll"
+ "YTNavAssistPlugin Class" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "MP Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LMS" "Local Manageability Service" "Intel" "c:\program files\intel\amt\lms.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\msmpeng.exe"
+ "STacSV" "Manages audio jack configurations." "" "File not found: c:\docume~1\owner\locals~1\temp\cdm\{c2db5841-b484-42f9-a6db-8b6035648b9c}\STacSV.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cpudrv" "" "" "File not found: C:\Program Files\SystemRequirementsLab\cpudrv.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e5132.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "igfx" "" "" "File not found: system32\DRIVERS\igdkmd32.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 08 January 2013 - 07:47 AM

Go to

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Delete this file StrongVaultApp.exe.lnk

Restart the PC,any changes?

Saddly, yes, still cant open explorer. It pops up, but then shuts down within seconds.


Can you explain? Does this happen in safemode?

#10 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 08 January 2013 - 08:10 AM

Yes, it does the same thing in safe mode. I click on explorer, a window opens but before any graphics can load up, the window shuts down within two seconds of me clicking the explorer icon. I removed strongvault from the start menu, but it didnt fix it. I can not use system restore, as that won't open either. Blah!
Btw,I am getting this error when I try to run ms fixit center: "unable to find the runtime to run this application"
Thank you for your continuing service. You're the best!

Edited by jerseydevil, 08 January 2013 - 08:30 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 09 January 2013 - 08:15 AM

.The shutdown issue could be a hardware problem.To confirm that We need to have a deeper look

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here with logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#12 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 11 January 2013 - 09:44 PM

Thank you.You have been very helpful.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:01 PM

Posted 11 January 2013 - 11:32 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users