Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think and Autorun Virus has infected everything!


  • Please log in to reply
26 replies to this topic

#1 lippysyd

lippysyd

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 04 April 2013 - 06:09 PM

Hi there.  I'm fairly certain I have made a bad thing much, much worse by waiting a year to do anything.

 

It would appear that my home computer has been infected by the recycler virus, or something like it.  I believe it came from a usb flash drive that I used in a laptop from work.  (We have a bunch of laptops and many seem to be infected)

 

At first, all the folders on the flash drive turned into shortcuts.  At this point I didn't realize anything was wrong, so I kept using it.  Then the folders in my external hard drive all turned into shortcuts.  Now I started thinking something was up, but didn't know how to fix it, so I just stopped using any usb's.  In the meantime, my EVO 4g didn't seem to be affected, so I started using it as a file storage device.  Now, it (or the sd card) is infected.

 

I haven't even run a virus program because I'm afraid it will quarentine all the files on my ext HD, and that's 5 years worth of photos.  I'm afraid I might loose them- there's no other back up.

 

Please help!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 04 April 2013 - 10:38 PM

Hello lippysid what is your operating system?

 

We probably can also clean that USB too.

 

Lets just run these first.

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

 

Please download Rkill by Grinler and save it to your desktop.

Link 1
Link 2

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.

 

 

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 07 April 2013 - 06:52 AM

Thanks for responding! What I'm most worried about is my external HD and my phone, but I know I can't really fix those until I fix my computer.

 

Here's the Mini Tool Box results:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Linda (administrator) on 07-04-2013 at 07:45:35
Running from "C:\Documents and Settings\Linda\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 14393 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NETGEAR WNA1100 N150 Wireless USB Adapter = Wireless Network Connection 8 (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 8"

set address name="Wireless Network Connection 8" source=dhcp
set dns name="Wireless Network Connection 8" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 8" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : dell

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-12-3F-C1-75-2E



Ethernet adapter Wireless Network Connection 8:



        Connection-specific DNS Suffix  . : gateway.2wire.net

        Description . . . . . . . . . . . : NETGEAR WNA1100 N150 Wireless USB Adapter

        Physical Address. . . . . . . . . : 00-8E-F2-86-63-A6

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.64

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Sunday, April 07, 2013 7:38:01 AM

        Lease Expires . . . . . . . . . . : Monday, April 08, 2013 7:38:01 AM

Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.225.110, 74.125.225.96, 74.125.225.97, 74.125.225.98
      74.125.225.99, 74.125.225.100, 74.125.225.101, 74.125.225.102, 74.125.225.103
      74.125.225.104, 74.125.225.105



Pinging google.com [74.125.225.102] with 32 bytes of data:



Reply from 74.125.225.102: bytes=32 time=34ms TTL=54

Reply from 74.125.225.102: bytes=32 time=31ms TTL=54



Ping statistics for 74.125.225.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 31ms, Maximum = 34ms, Average = 32ms

Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=101ms TTL=49

Reply from 98.138.253.109: bytes=32 time=157ms TTL=49



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 101ms, Maximum = 157ms, Average = 129ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f c1 75 2e ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x10004 ...00 8e f2 86 63 a6 ...... NETGEAR WNA1100 N150 Wireless USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.64      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.64    192.168.1.64      25
     192.168.1.64  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.1.255  255.255.255.255     192.168.1.64    192.168.1.64      25
        224.0.0.0        240.0.0.0     192.168.1.64    192.168.1.64      25
  255.255.255.255  255.255.255.255     192.168.1.64               2      1
  255.255.255.255  255.255.255.255     192.168.1.64    192.168.1.64      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/01/2013 02:38:31 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6557.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/01/2013 02:38:31 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6557.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2013 01:33:04 PM) (Source: Application Error) (User: )
Description: Faulting application autorun.exe, version 0.0.0.0, faulting module autorun.exe, version 0.0.0.0, fault address 0x00037fe1.
Processing media-specific event for [autorun.exe!ws!]

Error: (03/01/2013 11:16:42 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 18.0.2.4780, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2013 08:15:00 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application asuswspanel.exe, version 1.0.0.0, stamp 4f14dcb4, faulting module mscorwks.dll, version 2.0.50727.3620, stamp 4d352dce, debug? 0, fault address 0x0000236c.

Error: (02/16/2013 08:14:51 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3620 - Fatal Execution Engine Error (7A097772) (80131506)

Error: (02/07/2013 00:52:18 PM) (Source: Application Hang) (User: )
Description: Hanging application Acrobat.exe, version 8.2.6.262, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/07/2013 00:52:15 PM) (Source: Application Hang) (User: )
Description: Hanging application Acrobat.exe, version 8.2.6.262, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/07/2013 11:26:49 AM) (Source: Application Hang) (User: )
Description: Hanging application Acrobat.exe, version 8.2.6.262, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/07/2013 10:53:37 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\DENNIS\RECENT\LIFETOUCH.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (04/07/2013 07:37:47 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.64 on the
Network Card with network address 008EF28663A6.

Error: (03/29/2013 09:27:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (03/29/2013 09:27:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (03/25/2013 03:27:02 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/25/2013 03:27:01 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/24/2013 10:27:02 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/24/2013 10:27:01 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/24/2013 05:27:12 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/24/2013 05:27:05 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (03/24/2013 05:27:04 PM) (Source: 0) (User: )
Description: \Device\CdRom0


Microsoft Office Sessions:
=========================
Error: (07/29/2009 06:13:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/29/2009 06:13:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/29/2009 06:12:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2009 10:09:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2009 10:09:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2009 10:09:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/29/2009 10:49:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/24/2009 10:40:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 81911 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/23/2009 11:55:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1764 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/23/2009 11:25:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

Active@ UNDELETE (Version: 7.3.3)
Active@ UNDELETE 7
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.2.6)
Adobe Acrobat 8.2.6 - CPSID_83708
Adobe Acrobat 8.2.6 Professional (Version: 8.2.6)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 3.3.0.3650)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Encore CS3 (Version: 3)
Adobe Encore CS3 Codecs (Version: 3)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader XI (Version: 11.0.00)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5)
Adobe SING CS3 (Version: 0.1)
Adobe Soundbooth CS3 (Version: 1)
Adobe Soundbooth CS3 Codecs (Version: 3)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Manager Deluxe 4.1
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Airport Mania (Version: 1.0)
Airport Mania: First Flight
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.2.120)
Ask Toolbar (Version: 4.1.0.2)
ASUS Android USB Drivers (Version: 1.0.6351)
ASUS Sync (Version: 1.0.83)
ASUS WebStorage (Version: 3.0.130.270)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Parental Control (Version: 1.0.0.1)
avast! Free Antivirus (Version: 7.0.1474.0)
AviSynth 2.5
AVS Audio Converter version 5.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Big Fish Games Client (Version: 1.2.5.17)
BitTorrent
Bonjour (Version: 2.0.3.0)
BookSmart® 3.1.0 3.1.0
Canon iP2600 series
CDDRV_Installer (Version: 4.60)
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2009 (Version: 17.04)
Dell CinePlayer (Version: 3.0)
Dell Resource CD (Version: 1.00.0000)
DVD Shrink 3.2
DVDFab Platinum 4.1.2.0
dvdSanta 4.00
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD (Version: 1.30.000)
EPSON Printer Software
erLT (Version: 1.20.137.31)
ESPR320 Reference Guide
Facebook Plug-In
ffdshow [rev 2734] [2009-03-01] (Version: 1.0)
File Uploader (Version: 1.2.2)
Google Chrome (Version: 26.0.1410.43)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.135)
Google Updater (Version: 2.4.2432.1652)
H&R Block Deluxe + Efile + State 2009 (Version: 09.04.6001)
H&R Block Deluxe + Efile + State 2010 (Version: 10.04.6301)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.6203)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7301)
H&R Block Michigan 2009 (Version: 1.09.3501)
H&R Block Michigan 2010 (Version: 1.10.3201)
H&R Block Michigan 2011 (Version: 1.11.5301)
H&R Block Michigan 2012 (Version: 1.12.5501)
HandBrake 0.9.8 (Version: 0.9.8)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.018)
HTC Sync (Version: 3.0.5617)
Hugin 2009.4.0 (Version: 2009.4.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
iTunes (Version: 10.0.0.68)
J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 7 (Version: 1.6.0.70)
KhalInstallWrapper (Version: 4.60.122)
Knitware Sweaters 2.50
Logitech SetPoint (Version: 4.60)
Logitech Updater (Version: 1.70)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Security Scan Plus (Version: 3.0.285.6)
Memeo AutoBackup (Version: 2.50.2985)
Memeo AutoSync (Version: 2.50.2922)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006 (Version: 15)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft Streets and Trips 2005 (Version: 12.00.07.1200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WinUsb 1.0
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 20.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mystery Case Files Huntsville
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Message Center 2 (Version: 2.0.1)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.5.0)
OpenMG AAC Add-on Module 1.0.00 (Version: 1.0.00.04270)
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01 (Version: 4.5.01.04270)
Otto
PC Inspector smart recovery (Version: 4.50)
PDF Manual NW-E000 Series (Version: 1.0)
PDF Settings (Version: 1.0)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Pen Tablet
PHOTOfunSTUDIO HD Edition (Version: 3.00.126)
Picture Control Utility (Version: 1.2.2)
PrintKey2000
PS3 Video 9 6 (Version: 6)
QuickTime (Version: 7.68.75.0)
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3 Demo (Version: 1.00.000)
RollerCoaster Tycoon® 3 (Version: 1.00.000)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
SigmaTel Audio (Version: 5.10.4600.0)
Skype™ 5.10 (Version: 5.10.116)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
SonicStage 4.0 (Version: 4.0)
Splashtop Software Updater (Version: 1.5.6.10)
Splashtop Streamer (Version: 2.2.5.1)
Spybot - Search & Destroy (Version: 1.6.2)
SSC Service Utility v4.30
TaxCut Michigan 2008 (Version: 1.08.4101)
TaxCut Premium + State + Efile 2008 (Version: 08.07.6201)
Ulead FantasyWarp.Plugin 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updater Service (Version: 14,1,1,3)
UploadExpress (Version: 1.0.0)
USB 2.0 Wireless LAN Card Utility (Version: 8.1.55)
VCRedistSetup (Version: 1.0.0)
ViewNX 2 (Version: 2.1.1)
virtualPhotographer 1.5.6
VLC media player 1.1.10 (Version: 1.1.10)
vReveal 3
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.1.0.3900)
Window Shopper
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
X-Fonter 6.2 (Version: 6.2)
Yahoo! Detect
Yahoo! Messenger
YouTube Downloader App 3.00 (Version: 3.00)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1014.07 MB
Available physical RAM: 513.5 MB
Total Pagefile: 2440.5 MB
Available Pagefile: 1598.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.42 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:10.41 GB) NTFS
2 Drive e: (My Book) (Fixed) (Total:298.02 GB) (Free:49.71 GB) FAT32

========================= Users: ========================================

User accounts for \\DELL

Administrator            ASPNET                   Dennis                   
Guest                    HelpAssistant            Linda                    
SUPPORT_388945a0         Sydney                   


**** End of log ****
 



#4 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 07 April 2013 - 06:59 AM

Here's the results from Rkill:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/07/2013 07:54:53 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\PRISMSVC.EXE (PID: 1720) [WD-HEUR]
 * C:\WINDOWS\system32\PRISMSVR.EXE (PID: 3008) [WD-HEUR]
 * C:\WINDOWS\stsystra.exe (PID: 2116) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * wuauserv [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com

  20 out of 14413 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 04/07/2013 07:55:48 AM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)
 



#5 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 07 April 2013 - 07:03 AM

And here's TDSSkiller:

 

08:01:09.0202 1740  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:01:09.0671 1740  ============================================================
08:01:09.0671 1740  Current date / time: 2013/04/07 08:01:09.0671
08:01:09.0671 1740  SystemInfo:
08:01:09.0671 1740  
08:01:09.0671 1740  OS Version: 5.1.2600 ServicePack: 3.0
08:01:09.0671 1740  Product type: Workstation
08:01:09.0671 1740  ComputerName: DELL
08:01:09.0671 1740  UserName: Linda
08:01:09.0671 1740  Windows directory: C:\WINDOWS
08:01:09.0671 1740  System windows directory: C:\WINDOWS
08:01:09.0671 1740  Processor architecture: Intel x86
08:01:09.0671 1740  Number of processors: 2
08:01:09.0671 1740  Page size: 0x1000
08:01:09.0671 1740  Boot type: Normal boot
08:01:09.0671 1740  ============================================================
08:01:10.0374 1740  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:01:10.0421 1740  Drive \Device\Harddisk1\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:01:10.0437 1740  ============================================================
08:01:10.0437 1740  \Device\Harddisk0\DR0:
08:01:10.0437 1740  MBR partitions:
08:01:10.0437 1740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
08:01:10.0437 1740  \Device\Harddisk1\DR2:
08:01:10.0437 1740  MBR partitions:
08:01:10.0437 1740  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
08:01:10.0437 1740  ============================================================
08:01:10.0483 1740  C: <-> \Device\Harddisk0\DR0\Partition1
08:01:10.0499 1740  E: <-> \Device\Harddisk1\DR2\Partition1
08:01:10.0499 1740  ============================================================
08:01:10.0499 1740  Initialize success
08:01:10.0499 1740  ============================================================
08:01:13.0968 2956  ============================================================
08:01:13.0968 2956  Scan started
08:01:13.0968 2956  Mode: Manual;
08:01:13.0968 2956  ============================================================
08:01:14.0999 2956  ================ Scan system memory ========================
08:01:14.0999 2956  System memory - ok
08:01:14.0999 2956  ================ Scan services =============================
08:01:15.0140 2956  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
08:01:15.0156 2956  Aavmker4 - ok
08:01:15.0156 2956  Abiosdsk - ok
08:01:15.0156 2956  abp480n5 - ok
08:01:15.0203 2956  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:01:15.0203 2956  ACPI - ok
08:01:15.0265 2956  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:01:15.0265 2956  ACPIEC - ok
08:01:15.0500 2956  [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:01:15.0500 2956  Adobe LM Service - ok
08:01:15.0578 2956  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:01:15.0578 2956  AdobeFlashPlayerUpdateSvc - ok
08:01:15.0578 2956  adpu160m - ok
08:01:15.0640 2956  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:01:15.0640 2956  aec - ok
08:01:15.0703 2956  [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:01:15.0703 2956  AegisP - ok
08:01:15.0718 2956  [ 7618D5218F2A614672EC61A80D854A37 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:01:15.0718 2956  AFD - ok
08:01:15.0734 2956  Aha154x - ok
08:01:15.0750 2956  aic78u2 - ok
08:01:15.0750 2956  aic78xx - ok
08:01:15.0796 2956  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:01:15.0796 2956  Alerter - ok
08:01:15.0843 2956  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
08:01:15.0843 2956  ALG - ok
08:01:15.0859 2956  AliIde - ok
08:01:15.0859 2956  amsint - ok
08:01:15.0953 2956  [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:01:15.0953 2956  Apple Mobile Device - ok
08:01:16.0000 2956  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:01:16.0000 2956  AppMgmt - ok
08:01:16.0109 2956  [ 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5 ] AR9271          C:\WINDOWS\system32\DRIVERS\athuw.sys
08:01:16.0187 2956  AR9271 - ok
08:01:16.0234 2956  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:01:16.0250 2956  Arp1394 - ok
08:01:16.0250 2956  asc - ok
08:01:16.0265 2956  asc3350p - ok
08:01:16.0265 2956  asc3550 - ok
08:01:16.0390 2956  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:01:16.0453 2956  aspnet_state - ok
08:01:16.0500 2956  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:01:16.0500 2956  aswFsBlk - ok
08:01:16.0500 2956  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
08:01:16.0515 2956  aswMon2 - ok
08:01:16.0531 2956  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
08:01:16.0547 2956  AswRdr - ok
08:01:16.0578 2956  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
08:01:16.0593 2956  aswSnx - ok
08:01:16.0640 2956  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
08:01:16.0640 2956  aswSP - ok
08:01:16.0672 2956  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
08:01:16.0672 2956  aswTdi - ok
08:01:16.0703 2956  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:01:16.0703 2956  AsyncMac - ok
08:01:16.0734 2956  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:01:16.0734 2956  atapi - ok
08:01:16.0750 2956  Atdisk - ok
08:01:16.0797 2956  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:01:16.0797 2956  Atmarpc - ok
08:01:16.0843 2956  [ 523CA82A8810F4354E6425406AFBC130 ] ATMsrvc         C:\WINDOWS\System32\ATMsrvc.exe
08:01:16.0843 2956  ATMsrvc - ok
08:01:16.0875 2956  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:01:16.0875 2956  AudioSrv - ok
08:01:16.0937 2956  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:01:16.0937 2956  audstub - ok
08:01:17.0000 2956  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:01:17.0000 2956  avast! Antivirus - ok
08:01:17.0062 2956  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:01:17.0062 2956  Beep - ok
08:01:17.0093 2956  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\WINDOWS\system32\bgsvcgen.exe
08:01:17.0093 2956  bgsvcgen - ok
08:01:17.0140 2956  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:01:17.0156 2956  BITS - ok
08:01:17.0250 2956  [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:01:17.0250 2956  Bonjour Service - ok
08:01:17.0297 2956  [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge          C:\WINDOWS\system32\DRIVERS\bridge.sys
08:01:17.0312 2956  Bridge - ok
08:01:17.0312 2956  [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP        C:\WINDOWS\system32\DRIVERS\bridge.sys
08:01:17.0312 2956  BridgeMP - ok
08:01:17.0359 2956  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
08:01:17.0359 2956  Browser - ok
08:01:17.0422 2956  [ CD29C842BF4E06AF1F088E718948FBC1 ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
08:01:17.0437 2956  btaudio - ok
08:01:17.0468 2956  [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
08:01:17.0468 2956  BTDriver - ok
08:01:17.0515 2956  [ CE3FD44D049740CE2BD2425996CCA7D7 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:01:17.0531 2956  BTKRNL - ok
08:01:17.0625 2956  [ B12DFBCC0E6221DA27AC9894D1B2DC5D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:01:17.0640 2956  btwdins - ok
08:01:17.0656 2956  [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
08:01:17.0672 2956  BTWDNDIS - ok
08:01:17.0718 2956  [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
08:01:17.0734 2956  btwhid - ok
08:01:17.0750 2956  [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
08:01:17.0750 2956  BTWUSB - ok
08:01:17.0797 2956  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:01:17.0812 2956  cbidf2k - ok
08:01:17.0812 2956  cd20xrnt - ok
08:01:17.0859 2956  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:01:17.0859 2956  Cdaudio - ok
08:01:17.0906 2956  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:01:17.0906 2956  Cdfs - ok
08:01:17.0937 2956  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
08:01:17.0937 2956  cdrbsdrv - ok
08:01:17.0953 2956  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:01:17.0953 2956  Cdrom - ok
08:01:18.0000 2956  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
08:01:18.0000 2956  cercsr6 - ok
08:01:18.0015 2956  Changer - ok
08:01:18.0047 2956  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:01:18.0047 2956  CiSvc - ok
08:01:18.0062 2956  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:01:18.0062 2956  ClipSrv - ok
08:01:18.0094 2956  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:18.0281 2956  clr_optimization_v2.0.50727_32 - ok
08:01:18.0344 2956  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:01:18.0344 2956  clr_optimization_v4.0.30319_32 - ok
08:01:18.0359 2956  CmdIde - ok
08:01:18.0359 2956  COMSysApp - ok
08:01:18.0375 2956  Cpqarray - ok
08:01:18.0422 2956  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:01:18.0422 2956  CryptSvc - ok
08:01:18.0562 2956  cusbohcn - ok
08:01:18.0562 2956  dac2w2k - ok
08:01:18.0578 2956  dac960nt - ok
08:01:18.0625 2956  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:01:18.0640 2956  DcomLaunch - ok
08:01:18.0672 2956  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:01:18.0672 2956  Dhcp - ok
08:01:18.0687 2956  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:01:18.0687 2956  Disk - ok
08:01:18.0750 2956  [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:01:18.0750 2956  DLABOIOM - ok
08:01:18.0781 2956  [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:01:18.0781 2956  DLACDBHM - ok
08:01:18.0797 2956  [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
08:01:18.0797 2956  DLADResN - ok
08:01:18.0812 2956  [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:01:18.0812 2956  DLAIFS_M - ok
08:01:18.0828 2956  [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:01:18.0828 2956  DLAOPIOM - ok
08:01:18.0828 2956  [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:01:18.0828 2956  DLAPoolM - ok
08:01:18.0844 2956  [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:01:18.0844 2956  DLARTL_N - ok
08:01:18.0859 2956  [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:01:18.0859 2956  DLAUDFAM - ok
08:01:18.0859 2956  [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:01:18.0859 2956  DLAUDF_M - ok
08:01:18.0875 2956  dmadmin - ok
08:01:18.0906 2956  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:01:18.0906 2956  dmboot - ok
08:01:18.0937 2956  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:01:18.0937 2956  dmio - ok
08:01:18.0969 2956  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:01:18.0969 2956  dmload - ok
08:01:19.0016 2956  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:01:19.0016 2956  dmserver - ok
08:01:19.0031 2956  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:01:19.0031 2956  DMusic - ok
08:01:19.0047 2956  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:01:19.0047 2956  Dnscache - ok
08:01:19.0094 2956  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:01:19.0094 2956  Dot3svc - ok
08:01:19.0094 2956  dpti2o - ok
08:01:19.0125 2956  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:01:19.0125 2956  drmkaud - ok
08:01:19.0156 2956  [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:01:19.0156 2956  DRVMCDB - ok
08:01:19.0172 2956  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:01:19.0172 2956  DRVNDDM - ok
08:01:19.0219 2956  [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:01:19.0234 2956  E100B - ok
08:01:19.0266 2956  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:01:19.0266 2956  EapHost - ok
08:01:19.0328 2956  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
08:01:19.0328 2956  ehRecvr - ok
08:01:19.0391 2956  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
08:01:19.0391 2956  ehSched - ok
08:01:19.0422 2956  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:01:19.0422 2956  ERSvc - ok
08:01:19.0453 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
08:01:19.0469 2956  Eventlog - ok
08:01:19.0500 2956  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
08:01:19.0500 2956  EventSystem - ok
08:01:19.0531 2956  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:01:19.0531 2956  Fastfat - ok
08:01:19.0578 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:01:19.0594 2956  FastUserSwitchingCompatibility - ok
08:01:19.0609 2956  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
08:01:19.0609 2956  Fdc - ok
08:01:19.0641 2956  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:01:19.0641 2956  Fips - ok
08:01:19.0703 2956  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:01:19.0719 2956  FLEXnet Licensing Service - ok
08:01:19.0750 2956  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:01:19.0750 2956  Flpydisk - ok
08:01:19.0781 2956  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:01:19.0781 2956  FltMgr - ok
08:01:19.0891 2956  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:01:19.0891 2956  FontCache3.0.0.0 - ok
08:01:19.0922 2956  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:01:19.0922 2956  Fs_Rec - ok
08:01:19.0937 2956  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:01:19.0937 2956  Ftdisk - ok
08:01:19.0984 2956  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:01:19.0984 2956  GEARAspiWDM - ok
08:01:20.0031 2956  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:01:20.0031 2956  Gpc - ok
08:01:20.0141 2956  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:01:20.0141 2956  gupdate - ok
08:01:20.0156 2956  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:01:20.0156 2956  gupdatem - ok
08:01:20.0219 2956  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:01:20.0219 2956  gusvc - ok
08:01:20.0250 2956  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:01:20.0250 2956  HDAudBus - ok
08:01:20.0391 2956  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:01:20.0391 2956  helpsvc - ok
08:01:20.0422 2956  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:01:20.0422 2956  HidServ - ok
08:01:20.0469 2956  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:01:20.0469 2956  hidusb - ok
08:01:20.0500 2956  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:01:20.0516 2956  hkmsvc - ok
08:01:20.0516 2956  hpn - ok
08:01:20.0563 2956  [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:01:20.0578 2956  HSFHWAZL - ok
08:01:20.0641 2956  [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:01:20.0672 2956  HSF_DPV - ok
08:01:20.0703 2956  [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32        C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
08:01:20.0703 2956  HTCAND32 - ok
08:01:20.0750 2956  [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot        C:\WINDOWS\system32\DRIVERS\htcnprot.sys
08:01:20.0750 2956  htcnprot - ok
08:01:20.0781 2956  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:01:20.0781 2956  HTTP - ok
08:01:20.0797 2956  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:01:20.0813 2956  HTTPFilter - ok
08:01:20.0828 2956  i2omgmt - ok
08:01:20.0828 2956  i2omp - ok
08:01:20.0859 2956  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
08:01:20.0859 2956  i8042prt - ok
08:01:20.0922 2956  [ 0294A30B302CA71A2C26E582DDA93486 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:01:20.0984 2956  ialm - ok
08:01:21.0031 2956  [ 294110966CEDD127629C5BE48367C8CF ] iastor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:01:21.0031 2956  iastor - ok
08:01:21.0156 2956  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:01:21.0156 2956  IDriverT - ok
08:01:21.0234 2956  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:01:21.0250 2956  idsvc - ok
08:01:21.0297 2956  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:01:21.0297 2956  Imapi - ok
08:01:21.0344 2956  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:01:21.0359 2956  ImapiService - ok
08:01:21.0359 2956  ini910u - ok
08:01:21.0375 2956  IntelIde - ok
08:01:21.0422 2956  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:01:21.0422 2956  intelppm - ok
08:01:21.0453 2956  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
08:01:21.0453 2956  Ip6Fw - ok
08:01:21.0485 2956  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:01:21.0485 2956  IpFilterDriver - ok
08:01:21.0500 2956  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:01:21.0516 2956  IpInIp - ok
08:01:21.0531 2956  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:01:21.0531 2956  IpNat - ok
08:01:21.0594 2956  [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:01:21.0610 2956  iPod Service - ok
08:01:21.0641 2956  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:01:21.0641 2956  IPSec - ok
08:01:21.0656 2956  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:01:21.0656 2956  IRENUM - ok
08:01:21.0703 2956  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:01:21.0703 2956  isapnp - ok
08:01:21.0828 2956  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:01:21.0828 2956  JavaQuickStarterService - ok
08:01:21.0860 2956  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:01:21.0860 2956  Kbdclass - ok
08:01:21.0875 2956  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:01:21.0875 2956  kbdhid - ok
08:01:21.0906 2956  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:01:21.0906 2956  kmixer - ok
08:01:21.0953 2956  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:01:21.0953 2956  KSecDD - ok
08:01:22.0000 2956  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
08:01:22.0016 2956  lanmanserver - ok
08:01:22.0047 2956  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:01:22.0063 2956  lanmanworkstation - ok
08:01:22.0078 2956  lbrtfdc - ok
08:01:22.0156 2956  [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
08:01:22.0156 2956  LBTServ - ok
08:01:22.0188 2956  [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:01:22.0203 2956  LHidFilt - ok
08:01:22.0250 2956  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:01:22.0250 2956  LmHosts - ok
08:01:22.0297 2956  [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:01:22.0297 2956  LMouFilt - ok
08:01:22.0406 2956  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
08:01:22.0406 2956  McComponentHostService - ok
08:01:22.0453 2956  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
08:01:22.0453 2956  McrdSvc - ok
08:01:22.0500 2956  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:01:22.0516 2956  mdmxsdk - ok
08:01:22.0563 2956  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:01:22.0578 2956  Messenger - ok
08:01:22.0641 2956  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
08:01:22.0657 2956  MHN - ok
08:01:22.0688 2956  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:01:22.0688 2956  MHNDRV - ok
08:01:22.0766 2956  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:01:22.0766 2956  Microsoft Office Groove Audit Service - ok
08:01:22.0797 2956  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:01:22.0797 2956  mnmdd - ok
08:01:22.0828 2956  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:01:22.0844 2956  mnmsrvc - ok
08:01:22.0875 2956  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:01:22.0875 2956  Modem - ok
08:01:22.0891 2956  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:01:22.0907 2956  Mouclass - ok
08:01:22.0922 2956  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:01:22.0922 2956  mouhid - ok
08:01:22.0953 2956  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:01:22.0953 2956  MountMgr - ok
08:01:23.0032 2956  [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:01:23.0032 2956  MozillaMaintenance - ok
08:01:23.0032 2956  mraid35x - ok
08:01:23.0047 2956  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:01:23.0047 2956  MRxDAV - ok
08:01:23.0110 2956  [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:01:23.0125 2956  MRxSmb - ok
08:01:23.0203 2956  [ F1534ACA143CA86CD57672953754FAB0 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
08:01:23.0203 2956  MSCSPTISRV - ok
08:01:23.0250 2956  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:01:23.0250 2956  MSDTC - ok
08:01:23.0313 2956  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:01:23.0313 2956  Msfs - ok
08:01:23.0313 2956  MSIServer - ok
08:01:23.0344 2956  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:01:23.0360 2956  MSKSSRV - ok
08:01:23.0375 2956  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:01:23.0375 2956  MSPCLOCK - ok
08:01:23.0391 2956  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:01:23.0391 2956  MSPQM - ok
08:01:23.0422 2956  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:01:23.0422 2956  mssmbios - ok
08:01:23.0438 2956  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:01:23.0438 2956  Mup - ok
08:01:23.0516 2956  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:01:23.0532 2956  napagent - ok
08:01:23.0563 2956  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:01:23.0563 2956  NDIS - ok
08:01:23.0594 2956  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:01:23.0594 2956  NdisTapi - ok
08:01:23.0610 2956  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:01:23.0610 2956  Ndisuio - ok
08:01:23.0610 2956  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:01:23.0625 2956  NdisWan - ok
08:01:23.0641 2956  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:01:23.0641 2956  NDProxy - ok
08:01:23.0657 2956  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:01:23.0657 2956  NetBIOS - ok
08:01:23.0672 2956  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:01:23.0672 2956  NetBT - ok
08:01:23.0703 2956  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:01:23.0735 2956  NetDDE - ok
08:01:23.0735 2956  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:01:23.0750 2956  NetDDEdsdm - ok
08:01:23.0797 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:01:23.0797 2956  Netlogon - ok
08:01:23.0813 2956  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
08:01:23.0828 2956  Netman - ok
08:01:23.0954 2956  [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc          C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
08:01:23.0969 2956  NetSvc - ok
08:01:24.0000 2956  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:01:24.0000 2956  NetTcpPortSharing - ok
08:01:24.0047 2956  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:01:24.0047 2956  NIC1394 - ok
08:01:24.0079 2956  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:01:24.0079 2956  Nla - ok
08:01:24.0110 2956  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:01:24.0110 2956  Npfs - ok
08:01:24.0141 2956  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:01:24.0157 2956  Ntfs - ok
08:01:24.0172 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:01:24.0188 2956  NtLmSsp - ok
08:01:24.0219 2956  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:01:24.0219 2956  NtmsSvc - ok
08:01:24.0266 2956  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:01:24.0266 2956  Null - ok
08:01:24.0297 2956  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:01:24.0297 2956  NwlnkFlt - ok
08:01:24.0329 2956  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:01:24.0329 2956  NwlnkFwd - ok
08:01:24.0438 2956  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:01:24.0454 2956  odserv - ok
08:01:24.0454 2956  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:01:24.0454 2956  ohci1394 - ok
08:01:24.0500 2956  [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
08:01:24.0516 2956  OMCI - ok
08:01:24.0563 2956  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:01:24.0563 2956  ose - ok
08:01:24.0610 2956  [ 17BB6B38DE8C2BDA692CA1DB0CEA7325 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
08:01:24.0641 2956  PACSPTISVR - ok
08:01:24.0688 2956  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
08:01:24.0688 2956  Parport - ok
08:01:24.0704 2956  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:01:24.0719 2956  PartMgr - ok
08:01:24.0766 2956  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:01:24.0766 2956  ParVdm - ok
08:01:24.0813 2956  [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
08:01:24.0813 2956  PassThru Service - ok
08:01:24.0860 2956  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:01:24.0860 2956  PCI - ok
08:01:24.0860 2956  PCIDump - ok
08:01:24.0875 2956  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:01:24.0875 2956  PCIIde - ok
08:01:24.0922 2956  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
08:01:24.0922 2956  Pcmcia - ok
08:01:24.0985 2956  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
08:01:24.0985 2956  pcouffin - ok
08:01:24.0985 2956  PDCOMP - ok
08:01:25.0000 2956  PDFRAME - ok
08:01:25.0000 2956  PDRELI - ok
08:01:25.0016 2956  PDRFRAME - ok
08:01:25.0016 2956  perc2 - ok
08:01:25.0032 2956  perc2hib - ok
08:01:25.0079 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:01:25.0094 2956  PlugPlay - ok
08:01:25.0094 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:01:25.0110 2956  PolicyAgent - ok
08:01:25.0126 2956  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:01:25.0126 2956  PptpMiniport - ok
08:01:25.0172 2956  [ D5A9221F57656C99248D0B526E077BCF ] PRISMSVC        C:\WINDOWS\system32\PRISMSVC.EXE
08:01:25.0188 2956  PRISMSVC - ok
08:01:25.0219 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:01:25.0219 2956  ProtectedStorage - ok
08:01:25.0282 2956  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
08:01:25.0297 2956  ProtexisLicensing - ok
08:01:25.0297 2956  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:01:25.0297 2956  PSched - ok
08:01:25.0344 2956  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:01:25.0344 2956  Ptilink - ok
08:01:25.0407 2956  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:01:25.0407 2956  PxHelp20 - ok
08:01:25.0407 2956  ql1080 - ok
08:01:25.0422 2956  Ql10wnt - ok
08:01:25.0438 2956  ql12160 - ok
08:01:25.0438 2956  ql1240 - ok
08:01:25.0454 2956  ql1280 - ok
08:01:25.0469 2956  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:01:25.0469 2956  RasAcd - ok
08:01:25.0516 2956  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:01:25.0532 2956  RasAuto - ok
08:01:25.0547 2956  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:01:25.0563 2956  Rasl2tp - ok
08:01:25.0594 2956  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:01:25.0610 2956  RasMan - ok
08:01:25.0626 2956  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:01:25.0626 2956  RasPppoe - ok
08:01:25.0626 2956  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:01:25.0626 2956  Raspti - ok
08:01:25.0657 2956  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:01:25.0657 2956  Rdbss - ok
08:01:25.0672 2956  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:01:25.0672 2956  RDPCDD - ok
08:01:25.0688 2956  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:01:25.0688 2956  rdpdr - ok
08:01:25.0719 2956  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:01:25.0719 2956  RDPWD - ok
08:01:25.0751 2956  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:01:25.0766 2956  RDSessMgr - ok
08:01:25.0797 2956  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:01:25.0797 2956  redbook - ok
08:01:25.0860 2956  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:01:25.0860 2956  RemoteAccess - ok
08:01:25.0907 2956  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:01:25.0922 2956  RemoteRegistry - ok
08:01:25.0922 2956  RimUsb - ok
08:01:25.0985 2956  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
08:01:26.0001 2956  RimVSerPort - ok
08:01:26.0047 2956  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
08:01:26.0047 2956  ROOTMODEM - ok
08:01:26.0063 2956  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:01:26.0063 2956  RpcLocator - ok
08:01:26.0094 2956  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:01:26.0110 2956  RpcSs - ok
08:01:26.0126 2956  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:01:26.0141 2956  RSVP - ok
08:01:26.0157 2956  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:01:26.0172 2956  SamSs - ok
08:01:26.0204 2956  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:01:26.0219 2956  SCardSvr - ok
08:01:26.0266 2956  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:01:26.0266 2956  Schedule - ok
08:01:26.0313 2956  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:01:26.0313 2956  Secdrv - ok
08:01:26.0344 2956  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:01:26.0360 2956  seclogon - ok
08:01:26.0376 2956  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
08:01:26.0391 2956  SENS - ok
08:01:26.0423 2956  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
08:01:26.0423 2956  Serial - ok
08:01:26.0454 2956  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
08:01:26.0454 2956  Sfloppy - ok
08:01:26.0501 2956  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:01:26.0516 2956  SharedAccess - ok
08:01:26.0532 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:01:26.0548 2956  ShellHWDetection - ok
08:01:26.0548 2956  Simbad - ok
08:01:26.0563 2956  Sparrow - ok
08:01:26.0673 2956  [ 777B4A39A65854C39C581DD129F946B3 ] SplashtopRemoteService C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
08:01:26.0688 2956  SplashtopRemoteService - ok
08:01:26.0719 2956  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:01:26.0719 2956  splitter - ok
08:01:26.0766 2956  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:01:26.0766 2956  Spooler - ok
08:01:26.0813 2956  [ 3980B48DFF300A7E4139F5C64DA65F5C ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
08:01:26.0829 2956  SPTISRV - ok
08:01:26.0860 2956  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:01:26.0860 2956  sr - ok
08:01:26.0891 2956  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:01:26.0907 2956  srservice - ok
08:01:26.0938 2956  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:01:26.0938 2956  Srv - ok
08:01:26.0985 2956  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:01:27.0001 2956  SSDPSRV - ok
08:01:27.0032 2956  [ 3DBADE5B4AA47C245A69E99D72B8E73B ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
08:01:27.0032 2956  SSScsiSV - ok
08:01:27.0110 2956  [ F9AEDD871E1CD759B95728C9B935D203 ] SSUService      C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
08:01:27.0173 2956  SSUService - ok
08:01:27.0235 2956  [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
08:01:27.0251 2956  STHDA - ok
08:01:27.0282 2956  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:01:27.0298 2956  stisvc - ok
08:01:27.0329 2956  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:01:27.0329 2956  swenum - ok
08:01:27.0360 2956  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:01:27.0360 2956  swmidi - ok
08:01:27.0423 2956  [ ECE0D311DB07E0E8999133344876CC07 ] swmsflt         C:\WINDOWS\System32\drivers\swmsflt.sys
08:01:27.0423 2956  swmsflt - ok
08:01:27.0423 2956  SWMX00 - ok
08:01:27.0438 2956  SWNC5E00 - ok
08:01:27.0454 2956  SwPrv - ok
08:01:27.0454 2956  symc810 - ok
08:01:27.0469 2956  symc8xx - ok
08:01:27.0469 2956  SymIM - ok
08:01:27.0485 2956  SymIMMP - ok
08:01:27.0485 2956  sym_hi - ok
08:01:27.0501 2956  sym_u3 - ok
08:01:27.0516 2956  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:01:27.0516 2956  sysaudio - ok
08:01:27.0563 2956  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:01:27.0579 2956  SysmonLog - ok
08:01:27.0641 2956  [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
08:01:27.0673 2956  TabletServicePen - ok
08:01:27.0704 2956  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:01:27.0720 2956  TapiSrv - ok
08:01:27.0751 2956  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:01:27.0751 2956  Tcpip - ok
08:01:27.0782 2956  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:01:27.0782 2956  TDPIPE - ok
08:01:27.0798 2956  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:01:27.0798 2956  TDTCP - ok
08:01:27.0829 2956  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:01:27.0829 2956  TermDD - ok
08:01:27.0860 2956  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
08:01:27.0891 2956  TermService - ok
08:01:27.0907 2956  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:01:27.0923 2956  Themes - ok
08:01:27.0970 2956  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:01:27.0985 2956  TlntSvr - ok
08:01:27.0985 2956  TosIde - ok
08:01:28.0001 2956  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:01:28.0016 2956  TrkWks - ok
08:01:28.0048 2956  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:01:28.0048 2956  Udfs - ok
08:01:28.0063 2956  ultra - ok
08:01:28.0079 2956  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:01:28.0095 2956  Update - ok
08:01:28.0110 2956  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:01:28.0126 2956  upnphost - ok
08:01:28.0141 2956  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
08:01:28.0173 2956  UPS - ok
08:01:28.0220 2956  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:01:28.0220 2956  usbccgp - ok
08:01:28.0251 2956  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:01:28.0266 2956  usbehci - ok
08:01:28.0266 2956  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:01:28.0266 2956  usbhub - ok
08:01:28.0282 2956  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:01:28.0282 2956  usbprint - ok
08:01:28.0313 2956  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:01:28.0313 2956  usbscan - ok
08:01:28.0345 2956  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:01:28.0345 2956  USBSTOR - ok
08:01:28.0376 2956  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:01:28.0376 2956  usbuhci - ok
08:01:28.0407 2956  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:01:28.0407 2956  VgaSave - ok
08:01:28.0407 2956  ViaIde - ok
08:01:28.0438 2956  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:01:28.0438 2956  VolSnap - ok
08:01:28.0470 2956  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
08:01:28.0485 2956  VSS - ok
08:01:28.0516 2956  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
08:01:28.0532 2956  W32Time - ok
08:01:28.0563 2956  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
08:01:28.0579 2956  wacommousefilter - ok
08:01:28.0595 2956  [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
08:01:28.0610 2956  wacomvhid - ok
08:01:28.0626 2956  [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid      C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
08:01:28.0626 2956  WacomVKHid - ok
08:01:28.0641 2956  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:01:28.0641 2956  Wanarp - ok
08:01:28.0688 2956  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:01:28.0704 2956  Wdf01000 - ok
08:01:28.0704 2956  WDICA - ok
08:01:28.0720 2956  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:01:28.0720 2956  wdmaud - ok
08:01:28.0767 2956  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:01:28.0782 2956  WebClient - ok
08:01:28.0829 2956  [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:01:28.0845 2956  winachsf - ok
08:01:28.0892 2956  [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6      C:\WINDOWS\system32\drivers\windrvr6.sys
08:01:28.0907 2956  WinDriver6 - ok
08:01:29.0001 2956  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:01:29.0001 2956  winmgmt - ok
08:01:29.0032 2956  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:01:29.0048 2956  WinUSB - ok
08:01:29.0110 2956  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
08:01:29.0110 2956  WmdmPmSN - ok
08:01:29.0157 2956  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:01:29.0188 2956  Wmi - ok
08:01:29.0235 2956  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:01:29.0235 2956  WmiApSrv - ok
08:01:29.0329 2956  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
08:01:29.0392 2956  WMPNetworkSvc - ok
08:01:29.0423 2956  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:01:29.0423 2956  WpdUsb - ok
08:01:29.0579 2956  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:01:29.0610 2956  WPFFontCache_v0400 - ok
08:01:29.0642 2956  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:01:29.0673 2956  wscsvc - ok
08:01:29.0688 2956  WSearch - ok
08:01:29.0735 2956  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:01:29.0751 2956  WudfPf - ok
08:01:29.0782 2956  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:01:29.0782 2956  WudfRd - ok
08:01:29.0798 2956  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
08:01:29.0829 2956  WudfSvc - ok
08:01:29.0876 2956  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:01:29.0892 2956  WZCSVC - ok
08:01:29.0923 2956  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:01:29.0939 2956  xmlprov - ok
08:01:29.0954 2956  ================ Scan global ===============================
08:01:30.0001 2956  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:01:30.0032 2956  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
08:01:30.0064 2956  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
08:01:30.0110 2956  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:01:30.0110 2956  [Global] - ok
08:01:30.0126 2956  ================ Scan MBR ==================================
08:01:30.0142 2956  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:01:30.0298 2956  \Device\Harddisk0\DR0 - ok
08:01:30.0314 2956  [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk1\DR2
08:01:30.0329 2956  \Device\Harddisk1\DR2 - ok
08:01:30.0329 2956  ================ Scan VBR ==================================
08:01:30.0329 2956  [ AE7CEB60BACED9DCEE960F80F4621B42 ] \Device\Harddisk0\DR0\Partition1
08:01:30.0329 2956  \Device\Harddisk0\DR0\Partition1 - ok
08:01:30.0329 2956  [ 5097F1A2B1EAFC755FE5DD927662BF40 ] \Device\Harddisk1\DR2\Partition1
08:01:30.0329 2956  \Device\Harddisk1\DR2\Partition1 - ok
08:01:30.0329 2956  ============================================================
08:01:30.0329 2956  Scan finished
08:01:30.0329 2956  ============================================================
08:01:30.0345 5488  Detected object count: 0
08:01:30.0345 5488  Actual detected object count: 0
 



#6 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 07 April 2013 - 07:12 AM

Oops! I just realized I was posting logs here instead of in the proper forum, so I'm moving over there.

 

http://www.bleepingcomputer.com/forums/t/491004/infected-by-an-autorun-virus/



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 07 April 2013 - 12:09 PM

Hello... These logs belong here..

Let's run two more

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 08 April 2013 - 09:04 PM

Hello... These logs belong here..

Let's run two more

 



 

Oh, ok. 

 

# AdwCleaner v2.200 - Logfile created 04/08/2013 at 21:54:16
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Linda - DELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Linda\Desktop\RECYCLER Removal\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q65drok7.default\Conduit
Folder Deleted : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q65drok7.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q65drok7.default\extensions\engine@conduit.com
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKU\S-1-5-21-1229272821-616249376-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q65drok7.default\prefs.js

C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q65drok7.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/MarketPlace/3f/b7/3f1[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 06:53:26 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:40:38 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 15:40:33 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{8aed1c3e-1055-4c2c-8837-aa512a92f88e}");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 09 2011 21:49:13 GMT-0400 (Eastern Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jun 24 2011 15:40:30 GMT-0400 (Eastern Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "04/15/2011 06");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Apr 15 2011 16:11:21 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 25 2011 16:07:49 GMT-0400 (Eastern Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.5.1", "Sat Jun 25 2011 23:36:50 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 25 2011 23:36:50 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN12082918281565236");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 25 2011 15:40:33 GMT-0400 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 23:53:48 GMT-0400 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.startup.homepage", "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]
Deleted : user_pref("extensions.enabledAddons", "primewebplayer%40monmentalgames:1.3.22,%7B53A03D43-5363-4669-[...]
Deleted : user_pref("extensions.snipit.askTbInstalled", true);

File : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\scc30bv0.default\prefs.js

C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\scc30bv0.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Sydney\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12008 octets] - [08/04/2013 21:54:16]

########## EOF - C:\AdwCleaner[S1].txt - [12069 octets] ##########
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 08 April 2013 - 10:12 PM

Looking good, tell me how its running after ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 09 April 2013 - 06:34 PM

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo5.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo7.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\Dennis\Local Settings\Temp\jar_cache4772511315197349577.tmp    a variant of Java/Exploit.CVE-2010-0840.NAD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Dennis\Local Settings\Temp\jar_cache5985170068478020296.tmp    a variant of Java/Exploit.CVE-2010-0840.NAD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Dennis\Local Settings\Temp\jar_cache9167168179635266649.tmp    a variant of Java/Exploit.CVE-2010-0840.NAD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\15.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\16.exe    a variant of Win32/Kryptik.AFRV trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\17.exe    a variant of Win32/Kryptik.AFRV trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\1B.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\1C.exe    a variant of Win32/Kryptik.AFRV trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\22.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\24.exe    a variant of Win32/Kryptik.AFRV trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\31.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\32.exe    a variant of Win32/Kryptik.AFTD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\33.exe    a variant of Win32/Kryptik.AFTD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\35.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\36.exe    a variant of Win32/Kryptik.AFTD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\37.exe    a variant of Win32/Kryptik.AFTD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\5.exe    a variant of Win32/Kryptik.AGER trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\6.exe    Win32/SpamTool.Tedroo.AQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Application Data\7.exe    a variant of Win32/Kryptik.AGER trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\My Documents\Downloads\Software\Video converter for PS3\ps3video9-600-setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\My Documents\Downloads\Torrents\Eminem_-_[2000]_Rap_Attack_(320).exe    Win32/Adware.1ClickDownload.J application    cleaned by deleting - quarantined
C:\Documents and Settings\Linda\My Documents\Fonts\3-12\more\WankstabergBattles_downloader_by_Ffonts.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FSR5MFO7\updater-startnow-200-2.5-g[1].exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H8KK3ZBV\updater-startnow-200-2.5-d[1].exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LLG29GK0\updater-startnow-200-2.5-f[1].exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Documents and Settings\Sydney\My Documents\Downloads\ShareGreetingCards(1).exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Documents and Settings\Sydney\My Documents\Downloads\ShareGreetingCards.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Temp\TBU001\ToolbarUpdate.exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\WINDOWS\Temp\TBU002\ToolbarUpdate.exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\WINDOWS\Temp\TBU003\ToolbarUpdate.exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\WINDOWS\Temp\TBU004\ToolbarUpdate.exe    a variant of Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
E:\RECYCLER\2bc58ef0.exe    a variant of Win32/Injector.RIO trojan    cleaned by deleting - quarantined



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 09 April 2013 - 10:32 PM

This is why I won't use torrents. Win32/Injector.RIO Trojan ,  Win32/SpamTool.Tedroo.AQ and  Win32/Bagle.gen
 
One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall



Junkware Removal Tool
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



  • >>>>
    TFC
    Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
    alternate download link
    • Save any unsaved work. TFC will close ALL open programs including your browser!
    • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
    • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Edited by boopme, 09 April 2013 - 10:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 11 April 2013 - 06:25 PM

 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.

Yeah, I think I'm headed for a complete wiping of the system.

 

Here's the JRT report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Linda on Thu 04/11/2013 at 18:28:42.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\splashtop"
Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Application Data\startnow toolbar"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
Failed to delete: [Folder] "C:\Program Files\splashtop"
Successfully deleted: [Folder] "C:\Program Files\superfish"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Documents and Settings\Linda\Application Data\mozilla\firefox\profiles\q65drok7.default\searchplugins\youtube-video-search.xml
Successfully deleted: [Folder] C:\Documents and Settings\Linda\Application Data\mozilla\firefox\profiles\q65drok7.default\extensions\superfish@superfish.com
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\superfish@superfish.com
Emptied folder: C:\Documents and Settings\Linda\Application Data\mozilla\firefox\profiles\q65drok7.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/11/2013 at 18:41:54.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 11 April 2013 - 09:24 PM

Well its as clean as we can get it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 lippysyd

lippysyd
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 PM

Posted 12 April 2013 - 12:50 PM

Awesome!

 

Ok, so if you don't mind spending a little more time with me, I have some questions.

 

How do I clean my external hard drive and the SD card in my phone?

 

I know where the RECYCLER virus came from; it's kind of a long story, but at work we have 20+ laptops that are passed around twice a year. These are not connected to the internet and the virus software is disabled because it really slows down the program we have to use. (It's a program for printing ID badges)  It is necessary to download a file to a flash drive at home, then upload it to the laptop.  I suspect the virus came from someone's home computer and has now run rampant through these laptops, which are not regularly cleaned.  (Don't get me started on how stupid this is- it's work, they don't listen to me.  We haven't had a proper IT person in years, due to budget issues...grr)

 

Would the scans I've run here, help the laptops?

 

How do I protect myself from getting something from these laptops in the future?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 PM

Posted 12 April 2013 - 01:45 PM

Hello again.. Uninstall this... Java 6 Update 7 (Version: 1.6.0.70),older javas can be exploited.
 
You can select the drive to scan with ESET, so you have to connect the external ,run ESET and ADWcleaner again.
 
On the XP machine ...
 
Flash_Disinfector is a specialized fix tool created by sUBs to remove infections that load an autorun.inf file on removable media. Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. This folder helps to keep the malicious autorun.ini file from being installed on the root drive and running other malicious files which will infect the computer.
 
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
  • Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users