Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious url blocked.


  • Please log in to reply
6 replies to this topic

#1 tmorales509

tmorales509

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 January 2013 - 01:38 AM

Ok so trying to fix a friends computer and i have done everything under the sun and this message still pops up from Avast Antivirus.

Malicios Url Blocked
URL Http://3e2b312075.com:8081//main
Process Windows\system32\svchost.exe
Infection URL:Mal

Sometimes is says something else but similar, instead of svchost.exe sometimes it will be ieexplorer.exe

Things i have done so far..

Avast quick and full virus scan
Malwarebytes quick and full scan
spybot scan
superantispyware scan
Hijackthis
RKill
combofix
OTL
Farbar Service Scanner

BC AdBot (Login to Remove)

 


#2 medab1

medab1

  • Members
  • 757 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:earth
  • Local time:06:17 PM

Posted 21 January 2013 - 03:34 AM

Ok so trying to fix a friends computer and i have done everything under the sun and this message still pops up from Avast Antivirus.

Malicios Url Blocked
URL Http://3e2b312075.com:8081//main
Process Windows\system32\svchost.exe
Infection URL:Mal

Sometimes is says something else but similar, instead of svchost.exe sometimes it will be ieexplorer.exe

Things i have done so far..

Avast quick and full virus scan
Malwarebytes quick and full scan
spybot scan
superantispyware scan
Hijackthis
RKill
combofix
OTL
Farbar Service Scanner



Have you tried a Boot Time Scan ?

AVAST BOOT SCAN PICTURE


Posted Image

Edited by medab1, 21 January 2013 - 03:43 AM.

Learn to take screenshots & add them to your posts. :thumbup2:

https://www.bleepingcomputer.com/forums/t/43088/how-to-capture-and-edit-a-screen-shot/#entry4532851

Learn to use Google Search.  :busy:


#3 tmorales509

tmorales509
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 January 2013 - 06:32 AM

Yes, i just did it and message still appears.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 PM

Posted 21 January 2013 - 11:01 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 tmorales509

tmorales509
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 January 2013 - 04:55 PM

TDSSKiller

11:50:37.0062 3580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:50:37.0609 3580 ============================================================
11:50:37.0609 3580 Current date / time: 2013/01/21 11:50:37.0609
11:50:37.0609 3580 SystemInfo:
11:50:37.0609 3580
11:50:37.0609 3580 OS Version: 5.1.2600 ServicePack: 3.0
11:50:37.0609 3580 Product type: Workstation
11:50:37.0609 3580 ComputerName: DEBBIE-27D5956D
11:50:37.0609 3580 UserName: Debbie
11:50:37.0609 3580 Windows directory: C:\WINDOWS
11:50:37.0609 3580 System windows directory: C:\WINDOWS
11:50:37.0609 3580 Processor architecture: Intel x86
11:50:37.0609 3580 Number of processors: 1
11:50:37.0609 3580 Page size: 0x1000
11:50:37.0609 3580 Boot type: Normal boot
11:50:37.0609 3580 ============================================================
11:50:38.0546 3580 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:50:38.0562 3580 ============================================================
11:50:38.0562 3580 \Device\Harddisk0\DR0:
11:50:38.0562 3580 MBR partitions:
11:50:38.0562 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1006896, BlocksNum 0x1649366A
11:50:38.0562 3580 ============================================================
11:50:38.0593 3580 C: <-> \Device\Harddisk0\DR0\Partition1
11:50:38.0593 3580 ============================================================
11:50:38.0593 3580 Initialize success
11:50:38.0593 3580 ============================================================
11:51:10.0750 1876 ============================================================
11:51:10.0750 1876 Scan started
11:51:10.0750 1876 Mode: Manual; TDLFS;
11:51:10.0750 1876 ============================================================
11:51:11.0750 1876 ================ Scan system memory ========================
11:51:11.0765 1876 System memory - ok
11:51:11.0765 1876 ================ Scan services =============================
11:51:11.0968 1876 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:51:11.0968 1876 !SASCORE - ok
11:51:12.0093 1876 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:51:12.0093 1876 Aavmker4 - ok
11:51:12.0109 1876 Abiosdsk - ok
11:51:12.0109 1876 abp480n5 - ok
11:51:12.0156 1876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:51:12.0171 1876 ACPI - ok
11:51:12.0187 1876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:51:12.0187 1876 ACPIEC - ok
11:51:12.0203 1876 adpu160m - ok
11:51:12.0281 1876 [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:51:12.0281 1876 AdvancedSystemCareService6 - ok
11:51:12.0328 1876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:51:12.0328 1876 aec - ok
11:51:12.0375 1876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:51:12.0390 1876 AFD - ok
11:51:12.0390 1876 Aha154x - ok
11:51:12.0406 1876 aic78u2 - ok
11:51:12.0406 1876 aic78xx - ok
11:51:12.0421 1876 ALCXWDM - ok
11:51:12.0453 1876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:51:12.0453 1876 Alerter - ok
11:51:12.0484 1876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:51:12.0484 1876 ALG - ok
11:51:12.0500 1876 AliIde - ok
11:51:12.0500 1876 amsint - ok
11:51:12.0531 1876 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:51:12.0531 1876 AppMgmt - ok
11:51:12.0546 1876 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:51:12.0546 1876 Arp1394 - ok
11:51:12.0562 1876 asc - ok
11:51:12.0562 1876 asc3350p - ok
11:51:12.0578 1876 asc3550 - ok
11:51:12.0640 1876 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:51:12.0687 1876 aspnet_state - ok
11:51:12.0718 1876 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:51:12.0718 1876 aswFsBlk - ok
11:51:12.0750 1876 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:51:12.0750 1876 aswMon2 - ok
11:51:12.0781 1876 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
11:51:12.0781 1876 AswRdr - ok
11:51:12.0812 1876 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:51:12.0828 1876 aswSnx - ok
11:51:12.0859 1876 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:51:12.0859 1876 aswSP - ok
11:51:12.0875 1876 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:51:12.0875 1876 aswTdi - ok
11:51:12.0921 1876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:51:12.0921 1876 AsyncMac - ok
11:51:12.0953 1876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:51:12.0953 1876 atapi - ok
11:51:12.0953 1876 Atdisk - ok
11:51:13.0000 1876 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:51:13.0015 1876 Ati HotKey Poller - ok
11:51:13.0078 1876 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
11:51:13.0078 1876 ATI Smart - ok
11:51:13.0187 1876 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:51:13.0296 1876 ati2mtag - ok
11:51:13.0343 1876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:51:13.0359 1876 Atmarpc - ok
11:51:13.0375 1876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:51:13.0390 1876 AudioSrv - ok
11:51:13.0406 1876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:51:13.0406 1876 audstub - ok
11:51:13.0468 1876 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:51:13.0468 1876 avast! Antivirus - ok
11:51:13.0515 1876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:51:13.0515 1876 Beep - ok
11:51:13.0578 1876 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:51:13.0593 1876 BITS - ok
11:51:13.0609 1876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:51:13.0625 1876 Browser - ok
11:51:13.0718 1876 catchme - ok
11:51:13.0750 1876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:51:13.0750 1876 cbidf2k - ok
11:51:13.0765 1876 cd20xrnt - ok
11:51:13.0796 1876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:51:13.0796 1876 Cdaudio - ok
11:51:13.0843 1876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:51:13.0843 1876 Cdfs - ok
11:51:13.0890 1876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:51:13.0890 1876 Cdrom - ok
11:51:13.0906 1876 Changer - ok
11:51:13.0921 1876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:51:13.0921 1876 CiSvc - ok
11:51:13.0937 1876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:51:13.0937 1876 ClipSrv - ok
11:51:13.0984 1876 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:51:14.0000 1876 clr_optimization_v2.0.50727_32 - ok
11:51:14.0015 1876 CmdIde - ok
11:51:14.0015 1876 COMSysApp - ok
11:51:14.0031 1876 Cpqarray - ok
11:51:14.0078 1876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:51:14.0093 1876 CryptSvc - ok
11:51:14.0093 1876 dac2w2k - ok
11:51:14.0109 1876 dac960nt - ok
11:51:14.0140 1876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:51:14.0156 1876 DcomLaunch - ok
11:51:14.0187 1876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:51:14.0187 1876 Dhcp - ok
11:51:14.0203 1876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:51:14.0203 1876 Disk - ok
11:51:14.0203 1876 dmadmin - ok
11:51:14.0250 1876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:51:14.0265 1876 dmboot - ok
11:51:14.0265 1876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:51:14.0281 1876 dmio - ok
11:51:14.0296 1876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:51:14.0296 1876 dmload - ok
11:51:14.0296 1876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:51:14.0296 1876 dmserver - ok
11:51:14.0343 1876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:51:14.0343 1876 DMusic - ok
11:51:14.0390 1876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:51:14.0390 1876 Dnscache - ok
11:51:14.0421 1876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:51:14.0421 1876 Dot3svc - ok
11:51:14.0421 1876 dpti2o - ok
11:51:14.0437 1876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:51:14.0437 1876 drmkaud - ok
11:51:14.0453 1876 dwshd - ok
11:51:14.0468 1876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:51:14.0468 1876 EapHost - ok
11:51:14.0484 1876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:51:14.0484 1876 ERSvc - ok
11:51:14.0515 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:51:14.0531 1876 Eventlog - ok
11:51:14.0546 1876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:51:14.0562 1876 EventSystem - ok
11:51:14.0593 1876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:51:14.0593 1876 Fastfat - ok
11:51:14.0625 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:51:14.0640 1876 FastUserSwitchingCompatibility - ok
11:51:14.0656 1876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:51:14.0656 1876 Fdc - ok
11:51:14.0671 1876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:51:14.0671 1876 Fips - ok
11:51:14.0671 1876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:51:14.0671 1876 Flpydisk - ok
11:51:14.0718 1876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:51:14.0718 1876 FltMgr - ok
11:51:14.0781 1876 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:51:14.0781 1876 FontCache3.0.0.0 - ok
11:51:14.0796 1876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:51:14.0796 1876 Fs_Rec - ok
11:51:14.0828 1876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:51:14.0828 1876 Ftdisk - ok
11:51:14.0843 1876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:51:14.0843 1876 Gpc - ok
11:51:14.0906 1876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:51:14.0921 1876 helpsvc - ok
11:51:14.0937 1876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:51:14.0937 1876 HidServ - ok
11:51:14.0968 1876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:51:14.0968 1876 hidusb - ok
11:51:15.0000 1876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:51:15.0000 1876 hkmsvc - ok
11:51:15.0015 1876 hpn - ok
11:51:15.0046 1876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:51:15.0046 1876 HTTP - ok
11:51:15.0093 1876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:51:15.0093 1876 HTTPFilter - ok
11:51:15.0109 1876 i2omgmt - ok
11:51:15.0109 1876 i2omp - ok
11:51:15.0156 1876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
11:51:15.0156 1876 i8042prt - ok
11:51:15.0234 1876 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:51:15.0265 1876 idsvc - ok
11:51:15.0281 1876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:51:15.0281 1876 Imapi - ok
11:51:15.0328 1876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:51:15.0328 1876 ImapiService - ok
11:51:15.0343 1876 ini910u - ok
11:51:15.0359 1876 IntelIde - ok
11:51:15.0390 1876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:51:15.0390 1876 Ip6Fw - ok
11:51:15.0421 1876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:51:15.0421 1876 IpFilterDriver - ok
11:51:15.0421 1876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:51:15.0421 1876 IpInIp - ok
11:51:15.0453 1876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:51:15.0468 1876 IpNat - ok
11:51:15.0515 1876 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:51:15.0515 1876 IPSec - ok
11:51:15.0546 1876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:51:15.0546 1876 IRENUM - ok
11:51:15.0578 1876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:51:15.0578 1876 isapnp - ok
11:51:15.0656 1876 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:51:15.0671 1876 JavaQuickStarterService - ok
11:51:15.0687 1876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:51:15.0687 1876 Kbdclass - ok
11:51:15.0687 1876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:51:15.0703 1876 kbdhid - ok
11:51:15.0734 1876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:51:15.0734 1876 kmixer - ok
11:51:15.0765 1876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:51:15.0781 1876 KSecDD - ok
11:51:15.0812 1876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:51:15.0812 1876 LanmanServer - ok
11:51:15.0843 1876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:51:15.0859 1876 lanmanworkstation - ok
11:51:15.0875 1876 lbrtfdc - ok
11:51:15.0921 1876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:51:15.0921 1876 LmHosts - ok
11:51:16.0015 1876 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
11:51:16.0015 1876 McComponentHostService - ok
11:51:16.0046 1876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:51:16.0046 1876 Messenger - ok
11:51:16.0093 1876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:51:16.0093 1876 mnmdd - ok
11:51:16.0125 1876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:51:16.0125 1876 mnmsrvc - ok
11:51:16.0156 1876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:51:16.0156 1876 Modem - ok
11:51:16.0171 1876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:51:16.0171 1876 Mouclass - ok
11:51:16.0187 1876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:51:16.0187 1876 mouhid - ok
11:51:16.0203 1876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:51:16.0218 1876 MountMgr - ok
11:51:16.0218 1876 mraid35x - ok
11:51:16.0234 1876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:51:16.0234 1876 MRxDAV - ok
11:51:16.0375 1876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:51:16.0390 1876 MRxSmb - ok
11:51:16.0406 1876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:51:16.0500 1876 MSDTC - ok
11:51:16.0531 1876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:51:16.0531 1876 Msfs - ok
11:51:16.0531 1876 MSIServer - ok
11:51:16.0546 1876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:51:16.0546 1876 MSKSSRV - ok
11:51:16.0578 1876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:51:16.0578 1876 MSPCLOCK - ok
11:51:16.0593 1876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:51:16.0593 1876 MSPQM - ok
11:51:16.0625 1876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:51:16.0625 1876 mssmbios - ok
11:51:16.0656 1876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:51:16.0656 1876 Mup - ok
11:51:16.0687 1876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:51:16.0703 1876 napagent - ok
11:51:16.0734 1876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:51:16.0734 1876 NDIS - ok
11:51:16.0781 1876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:51:16.0781 1876 NdisTapi - ok
11:51:16.0812 1876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:51:16.0812 1876 Ndisuio - ok
11:51:16.0828 1876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:51:16.0828 1876 NdisWan - ok
11:51:16.0906 1876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:51:16.0921 1876 NDProxy - ok
11:51:16.0937 1876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:51:16.0937 1876 NetBIOS - ok
11:51:16.0953 1876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:51:16.0953 1876 NetBT - ok
11:51:16.0984 1876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:51:17.0000 1876 NetDDE - ok
11:51:17.0000 1876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:51:17.0015 1876 NetDDEdsdm - ok
11:51:17.0031 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:51:17.0031 1876 Netlogon - ok
11:51:17.0046 1876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:51:17.0062 1876 Netman - ok
11:51:17.0093 1876 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:51:17.0093 1876 NetTcpPortSharing - ok
11:51:17.0140 1876 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:51:17.0140 1876 NIC1394 - ok
11:51:17.0156 1876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:51:17.0156 1876 Nla - ok
11:51:17.0187 1876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:51:17.0187 1876 Npfs - ok
11:51:17.0203 1876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:51:17.0218 1876 Ntfs - ok
11:51:17.0218 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:51:17.0234 1876 NtLmSsp - ok
11:51:17.0265 1876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:51:17.0281 1876 NtmsSvc - ok
11:51:17.0296 1876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:51:17.0296 1876 Null - ok
11:51:17.0343 1876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:51:17.0343 1876 NwlnkFlt - ok
11:51:17.0359 1876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:51:17.0359 1876 NwlnkFwd - ok
11:51:17.0359 1876 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:51:17.0375 1876 ohci1394 - ok
11:51:17.0406 1876 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:51:17.0421 1876 ose - ok
11:51:17.0437 1876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:51:17.0453 1876 Parport - ok
11:51:17.0453 1876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:51:17.0453 1876 PartMgr - ok
11:51:17.0500 1876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:51:17.0500 1876 ParVdm - ok
11:51:17.0500 1876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:51:17.0515 1876 PCI - ok
11:51:17.0515 1876 PCIDump - ok
11:51:17.0546 1876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:51:17.0546 1876 PCIIde - ok
11:51:17.0578 1876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:51:17.0593 1876 Pcmcia - ok
11:51:17.0593 1876 PDCOMP - ok
11:51:17.0609 1876 PDFRAME - ok
11:51:17.0609 1876 PDRELI - ok
11:51:17.0625 1876 PDRFRAME - ok
11:51:17.0625 1876 perc2 - ok
11:51:17.0640 1876 perc2hib - ok
11:51:17.0671 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:51:17.0671 1876 PlugPlay - ok
11:51:17.0687 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:51:17.0687 1876 PolicyAgent - ok
11:51:17.0703 1876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:51:17.0703 1876 PptpMiniport - ok
11:51:17.0750 1876 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:51:17.0750 1876 Processor - ok
11:51:17.0750 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:51:17.0765 1876 ProtectedStorage - ok
11:51:17.0765 1876 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:51:17.0765 1876 PSched - ok
11:51:17.0781 1876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:51:17.0781 1876 Ptilink - ok
11:51:17.0781 1876 ql1080 - ok
11:51:17.0796 1876 Ql10wnt - ok
11:51:17.0796 1876 ql12160 - ok
11:51:17.0812 1876 ql1240 - ok
11:51:17.0812 1876 ql1280 - ok
11:51:17.0843 1876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:51:17.0843 1876 RasAcd - ok
11:51:17.0875 1876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:51:17.0875 1876 RasAuto - ok
11:51:17.0890 1876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:51:17.0890 1876 Rasl2tp - ok
11:51:17.0921 1876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:51:17.0921 1876 RasMan - ok
11:51:17.0937 1876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:51:17.0937 1876 RasPppoe - ok
11:51:17.0937 1876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:51:17.0953 1876 Raspti - ok
11:51:17.0968 1876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:51:17.0968 1876 Rdbss - ok
11:51:17.0984 1876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:51:17.0984 1876 RDPCDD - ok
11:51:18.0015 1876 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:51:18.0015 1876 rdpdr - ok
11:51:18.0062 1876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:51:18.0062 1876 RDPWD - ok
11:51:18.0093 1876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:51:18.0093 1876 RDSessMgr - ok
11:51:18.0125 1876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:51:18.0125 1876 redbook - ok
11:51:18.0171 1876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:51:18.0171 1876 RemoteAccess - ok
11:51:18.0187 1876 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:51:18.0203 1876 RemoteRegistry - ok
11:51:18.0234 1876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:51:18.0234 1876 RpcLocator - ok
11:51:18.0281 1876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:51:18.0281 1876 RpcSs - ok
11:51:18.0328 1876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:51:18.0343 1876 RSVP - ok
11:51:18.0359 1876 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:51:18.0375 1876 rtl8139 - ok
11:51:18.0375 1876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:51:18.0390 1876 SamSs - ok
11:51:18.0390 1876 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:51:18.0390 1876 SASDIFSV - ok
11:51:18.0437 1876 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:51:18.0437 1876 SASKUTIL - ok
11:51:18.0468 1876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:51:18.0484 1876 SCardSvr - ok
11:51:18.0515 1876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:51:18.0531 1876 Schedule - ok
11:51:18.0546 1876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:51:18.0546 1876 Secdrv - ok
11:51:18.0593 1876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:51:18.0593 1876 seclogon - ok
11:51:18.0609 1876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:51:18.0609 1876 SENS - ok
11:51:18.0625 1876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:51:18.0625 1876 Serial - ok
11:51:18.0656 1876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:51:18.0656 1876 Sfloppy - ok
11:51:18.0671 1876 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:51:18.0687 1876 SharedAccess - ok
11:51:18.0703 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:51:18.0703 1876 ShellHWDetection - ok
11:51:18.0718 1876 Simbad - ok
11:51:18.0734 1876 Sparrow - ok
11:51:18.0781 1876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:51:18.0781 1876 splitter - ok
11:51:18.0828 1876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:51:18.0828 1876 Spooler - ok
11:51:18.0875 1876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:51:18.0875 1876 sr - ok
11:51:18.0906 1876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:51:18.0906 1876 srservice - ok
11:51:18.0953 1876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:51:18.0953 1876 Srv - ok
11:51:18.0984 1876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:51:19.0000 1876 SSDPSRV - ok
11:51:19.0031 1876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:51:19.0046 1876 stisvc - ok
11:51:19.0078 1876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:51:19.0078 1876 swenum - ok
11:51:19.0109 1876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:51:19.0109 1876 swmidi - ok
11:51:19.0109 1876 SwPrv - ok
11:51:19.0125 1876 symc810 - ok
11:51:19.0140 1876 symc8xx - ok
11:51:19.0140 1876 sym_hi - ok
11:51:19.0156 1876 sym_u3 - ok
11:51:19.0171 1876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:51:19.0171 1876 sysaudio - ok
11:51:19.0203 1876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:51:19.0218 1876 SysmonLog - ok
11:51:19.0250 1876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:51:19.0250 1876 TapiSrv - ok
11:51:19.0296 1876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:51:19.0312 1876 Tcpip - ok
11:51:19.0359 1876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:51:19.0359 1876 TDPIPE - ok
11:51:19.0359 1876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:51:19.0375 1876 TDTCP - ok
11:51:19.0406 1876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:51:19.0406 1876 TermDD - ok
11:51:19.0437 1876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:51:19.0437 1876 TermService - ok
11:51:19.0453 1876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:51:19.0484 1876 Themes - ok
11:51:19.0515 1876 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:51:19.0531 1876 TlntSvr - ok
11:51:19.0531 1876 TosIde - ok
11:51:19.0562 1876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:51:19.0593 1876 TrkWks - ok
11:51:19.0609 1876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:51:19.0609 1876 Udfs - ok
11:51:19.0609 1876 ultra - ok
11:51:19.0656 1876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:51:19.0671 1876 Update - ok
11:51:19.0703 1876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:51:19.0718 1876 upnphost - ok
11:51:19.0734 1876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:51:19.0750 1876 UPS - ok
11:51:19.0796 1876 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:51:19.0796 1876 usbaudio - ok
11:51:19.0843 1876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:51:19.0843 1876 usbccgp - ok
11:51:19.0859 1876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:51:19.0859 1876 usbehci - ok
11:51:19.0875 1876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:51:19.0875 1876 usbhub - ok
11:51:19.0875 1876 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:51:19.0890 1876 usbohci - ok
11:51:19.0937 1876 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:51:19.0937 1876 usbprint - ok
11:51:19.0968 1876 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:51:19.0968 1876 usbscan - ok
11:51:20.0000 1876 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:51:20.0000 1876 USBSTOR - ok
11:51:20.0015 1876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:51:20.0015 1876 VgaSave - ok
11:51:20.0031 1876 ViaIde - ok
11:51:20.0062 1876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:51:20.0062 1876 VolSnap - ok
11:51:20.0093 1876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:51:20.0109 1876 VSS - ok
11:51:20.0156 1876 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:51:20.0171 1876 W32Time - ok
11:51:20.0218 1876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:51:20.0218 1876 Wanarp - ok
11:51:20.0234 1876 WDICA - ok
11:51:20.0281 1876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:51:20.0281 1876 wdmaud - ok
11:51:20.0312 1876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:51:20.0312 1876 WebClient - ok
11:51:20.0390 1876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:51:20.0406 1876 winmgmt - ok
11:51:20.0453 1876 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:51:20.0468 1876 WmdmPmSN - ok
11:51:20.0515 1876 [ 78D2ADD62062A7111E8906534F41EDFC ] Wmi C:\WINDOWS\System32\advapi32.dll
11:51:20.0531 1876 Wmi - ok
11:51:20.0578 1876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:51:20.0578 1876 WmiApSrv - ok
11:51:20.0609 1876 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:51:20.0609 1876 WS2IFSL - ok
11:51:20.0656 1876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:51:20.0671 1876 wscsvc - ok
11:51:20.0703 1876 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:51:20.0703 1876 wuauserv - ok
11:51:20.0734 1876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:51:20.0765 1876 WZCSVC - ok
11:51:20.0796 1876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:51:20.0796 1876 xmlprov - ok
11:51:20.0812 1876 ================ Scan global ===============================
11:51:20.0843 1876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:51:20.0875 1876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:51:20.0906 1876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:51:20.0921 1876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:51:20.0937 1876 [Global] - ok
11:51:20.0937 1876 ================ Scan MBR ==================================
11:51:20.0953 1876 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:51:21.0156 1876 \Device\Harddisk0\DR0 - ok
11:51:21.0156 1876 ================ Scan VBR ==================================
11:51:21.0156 1876 [ 369DC5A253756FCEB426298D732F86E1 ] \Device\Harddisk0\DR0\Partition1
11:51:21.0171 1876 \Device\Harddisk0\DR0\Partition1 - ok
11:51:21.0171 1876 ============================================================
11:51:21.0171 1876 Scan finished
11:51:21.0171 1876 ============================================================
11:51:21.0187 0236 Detected object count: 0
11:51:21.0187 0236 Actual detected object count: 0
11:51:25.0718 0172 Deinitialize success


ASWMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-21 00:33:37
-----------------------------
00:33:37.015 OS Version: Windows 5.1.2600 Service Pack 3
00:33:37.015 Number of processors: 1 586 0x2F02
00:33:37.015 ComputerName: DEBBIE-27D5956D UserName: Debbie
00:33:38.546 Initialize success
00:33:39.437 AVAST engine defs: 13012001
00:33:41.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:33:41.468 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
00:33:41.484 Disk 0 MBR read successfully
00:33:41.484 Disk 0 MBR scan
00:33:41.484 Disk 0 Windows XP default MBR code
00:33:41.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 182566 MB offset 16803990
00:33:41.500 Disk 0 scanning sectors +390700800
00:33:41.562 Disk 0 scanning C:\WINDOWS\system32\drivers
00:33:51.406 Service scanning
00:34:04.875 Modules scanning
00:34:11.140 Disk 0 trace - called modules:
00:34:11.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:34:11.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8596bab8]
00:34:11.156 3 CLASSPNP.SYS[f75d0fd7] -> nt!IofCallDriver -> \Device\00000065[0x8596d250]
00:34:11.156 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x859d2940]
00:34:11.546 AVAST engine scan C:\WINDOWS
00:34:15.375 AVAST engine scan C:\WINDOWS\system32
00:36:28.890 AVAST engine scan C:\WINDOWS\system32\drivers
00:36:45.421 AVAST engine scan C:\Documents and Settings\Debbie
00:41:22.187 AVAST engine scan C:\Documents and Settings\All Users
00:42:45.109 Scan finished successfully
00:43:00.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Debbie\Desktop\MBR.dat"
00:43:00.968 The log file has been saved successfully to "C:\Documents and Settings\Debbie\Desktop\aswMBR.txt"

ESET

C:\System Volume Information\_restore{79A1B0F0-95C5-4A5E-B682-0F83503A07C1}\RP421\A0048966.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{79A1B0F0-95C5-4A5E-B682-0F83503A07C1}\RP422\A0049729.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

#6 tmorales509

tmorales509
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 January 2013 - 05:12 PM

After running ESET and having it remove those two adware files. It seems as if the popup message is gone..It usually pops up every 5-10 minutes. Its been over 20 minutes and it hasnt popped up yet. Maybe that was the fix. Going to wait a bit longer and we will find out. Thanks.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 PM

Posted 21 January 2013 - 06:26 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users