Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email hacked, multiple infections on laptop, froze on blue screen


  • Please log in to reply
23 replies to this topic

#1 Joyful25

Joyful25

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 02 August 2013 - 04:07 PM

My yahoo email got hacked on July 23 2013.  I think my computer possibly got infected when I was cleaning out my inbox after the hack.  I don't know if that's possible, but I started having problems on my computer within the week.

I have a dell latitude D620 (laptop) which has windows xp. It seemed sluggish and then I started getting "AVG Threat Detection" popups saying that 2 threats had been found.  One of which was "TrojanhorseGeneric34.LDW".  I have AVG 2013 on my computer so I clicked on the button to fix it.  It was unable to eliminate threats and they continued to pop up frequently while I was on computer (sometimes with new or more than 2 threats).

 

I downloaded sysinternals (based on something I read) and under the "Logon" tab I unchecked "Google desktop" and "ROC_ROC_API2013_AV"  (at this point I was wondering if the AVG popups were possibly a virus masquerading as AVG). 

 

After this I downloaded Malwarebytes, ran a FULL scan on C and D.  14 items were found including rootkits, trojans and malware.  I clicked on the button to get rid of them, which it appeared to do successfully.  Then the computer had to restart.  When it tried to restart, it went frozen on a blue screen that said "Stop:c000021a {fatal system error} Windows subsystem process terminated unexpectedly with a status of ox c0000005 (0x75e9ad15 0x00c7f160). The system has been shut down."  It was completely frozen.  I unplugged it, and even took the battery out...today it is working and I was on malwarebytes...there are 7 items in quarantine still.  I don't know what to do, because I KNOW I didn't take care of the problem, but possibly made it worse...Please help!



BC AdBot (Login to Remove)

 


#2 CMOSrun

CMOSrun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 02 August 2013 - 04:26 PM

-Disable your avg or any other virus scanner -

You should download and run combo fix -------- http://www.bleepingcomputer.com/download/combofix/

 

Tell me what it finds if anything (don't copy log in this section of the forums)


Edited by CMOSrun, 02 August 2013 - 04:55 PM.


#3 CMOSrun

CMOSrun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 02 August 2013 - 04:33 PM

-


Edited by CMOSrun, 02 August 2013 - 04:37 PM.


#4 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 02 August 2013 - 10:09 PM

Thankyou for the suggestion, and I really DO appreciate you reading and putting thought toward my crisis.  However, I looked at the Combo fix download and read what it does and the warning that goes along with it, which says "Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper."  So, I am really not comfortable running this program especially since I have no idea how knowledgeable you are since you're a new member, like myself.  So, thankyou again but I'm going to wait a bit before doing that.



#5 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 03 August 2013 - 03:30 AM

Combofix may only being instructed by a trained person.

 

===

 

:welcome:

 

Please try this:

 

====

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#6 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 03 August 2013 - 01:41 PM

Thankyou so much for taking a look at my problem!  Here is the log from the Malwarebytes scan I ran the other night.  I am going to download and use the TDDSKiller next and will post the results as soon as I can.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Dell User :: DELL-AA20D1D908 [administrator]

8/1/2013 10:55:40 PM
mbam-log-2013-08-01 (22-55-40).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270430
Time elapsed: 38 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Ibryte) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Malware.Packer.GPC) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\Documents and Settings\Dell User\My Documents\Downloads\Setup.exe (PUP.Optional.Ibryte) -> No action taken.
C:\RECYCLER\S-1-5-21-73586283-776561741-725345543-1003\Dc1.exe (PUP.Optional.Ibryte) -> No action taken.
C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Desktop\Install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\GoogleUpdate.exe (Malware.Packer.GPC) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Desktop\Install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Desktop\Install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell User\Local Settings\Application Data\Google\Desktop\Install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
c:\program files\google\desktop\install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\   \   \‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\u\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
c:\program files\google\desktop\install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\   \   \‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\u\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\program files\google\desktop\install\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\   \   \‮ﯹ๛\{d67d60f7-25c4-93c7-98e7-e2289c9c8092}\u\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FCBD6B6E-A352-4F45-A7D3-9915187D253B}\RP434\A0043989.exe (Malware.Packer.GPC) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\GAC\Desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully.

(end)



#7 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 03 August 2013 - 01:53 PM

Ok, here is the log from the TDSSKiller Scan...it's really long, but you said to paste it...Found 1 object: a rootkit and I skipped it, as you can see in the log.  I'm going to go ahead and run the ESET online scanner and will post again when I get that done, so it may be a while. 

 

14:43:18.0864 2504  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:43:19.0302 2504  ============================================================
14:43:19.0302 2504  Current date / time: 2013/08/03 14:43:19.0302
14:43:19.0302 2504  SystemInfo:
14:43:19.0302 2504  
14:43:19.0302 2504  OS Version: 5.1.2600 ServicePack: 2.0
14:43:19.0302 2504  Product type: Workstation
14:43:19.0302 2504  ComputerName: DELL-AA20D1D908
14:43:19.0302 2504  UserName: Dell User
14:43:19.0302 2504  Windows directory: C:\WINDOWS
14:43:19.0302 2504  System windows directory: C:\WINDOWS
14:43:19.0302 2504  Processor architecture: Intel x86
14:43:19.0302 2504  Number of processors: 2
14:43:19.0302 2504  Page size: 0x1000
14:43:19.0302 2504  Boot type: Normal boot
14:43:19.0302 2504  ============================================================
14:43:21.0239 2504  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:43:21.0239 2504  ============================================================
14:43:21.0239 2504  \Device\Harddisk0\DR0:
14:43:21.0239 2504  MBR partitions:
14:43:21.0239 2504  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94EEEB9
14:43:21.0239 2504  ============================================================
14:43:21.0286 2504  C: <-> \Device\Harddisk0\DR0\Partition1
14:43:21.0286 2504  ============================================================
14:43:21.0286 2504  Initialize success
14:43:21.0286 2504  ============================================================
14:44:38.0661 3260  ============================================================
14:44:38.0661 3260  Scan started
14:44:38.0661 3260  Mode: Manual; TDLFS;
14:44:38.0661 3260  ============================================================
14:44:39.0442 3260  ================ Scan system memory ========================
14:44:39.0442 3260  System memory - ok
14:44:39.0442 3260  ================ Scan services =============================
14:44:39.0520 3260  Abiosdsk - ok
14:44:39.0520 3260  abp480n5 - ok
14:44:39.0583 3260  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:44:39.0598 3260  ACPI - ok
14:44:39.0645 3260  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:44:39.0645 3260  ACPIEC - ok
14:44:39.0770 3260  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:39.0770 3260  AdobeFlashPlayerUpdateSvc - ok
14:44:39.0786 3260  adpu160m - ok
14:44:39.0864 3260  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:44:39.0864 3260  aec - ok
14:44:39.0942 3260  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:44:39.0942 3260  AFD - ok
14:44:39.0942 3260  Aha154x - ok
14:44:39.0958 3260  aic78u2 - ok
14:44:39.0958 3260  aic78xx - ok
14:44:40.0005 3260  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:44:40.0005 3260  Alerter - ok
14:44:40.0036 3260  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
14:44:40.0036 3260  ALG - ok
14:44:40.0052 3260  AliIde - ok
14:44:40.0052 3260  amsint - ok
14:44:40.0130 3260  [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:44:40.0130 3260  ApfiltrService - ok
14:44:40.0270 3260  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:44:40.0270 3260  Apple Mobile Device - ok
14:44:40.0317 3260  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:44:40.0333 3260  AppMgmt - ok
14:44:40.0333 3260  asc - ok
14:44:40.0348 3260  asc3350p - ok
14:44:40.0348 3260  asc3550 - ok
14:44:40.0364 3260  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:44:40.0364 3260  AsyncMac - ok
14:44:40.0411 3260  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:44:40.0411 3260  atapi - ok
14:44:40.0427 3260  Atdisk - ok
14:44:40.0427 3260  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:44:40.0427 3260  Atmarpc - ok
14:44:40.0489 3260  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:44:40.0489 3260  AudioSrv - ok
14:44:40.0552 3260  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:44:40.0552 3260  audstub - ok
14:44:40.0864 3260  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
14:44:40.0989 3260  AVGIDSAgent - ok
14:44:41.0052 3260  [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:44:41.0067 3260  AVGIDSDriver - ok
14:44:41.0067 3260  [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:44:41.0067 3260  AVGIDSHX - ok
14:44:41.0145 3260  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:44:41.0145 3260  AVGIDSShim - ok
14:44:41.0161 3260  [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:44:41.0161 3260  Avgldx86 - ok
14:44:41.0177 3260  [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
14:44:41.0192 3260  Avglogx - ok
14:44:41.0192 3260  [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:44:41.0208 3260  Avgmfx86 - ok
14:44:41.0208 3260  [ EDDE28E993496EE1DC3F0937DFF7BF28 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:44:41.0208 3260  Avgrkx86 - ok
14:44:41.0286 3260  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:44:41.0286 3260  Avgtdix - ok
14:44:41.0348 3260  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
14:44:41.0364 3260  avgwd - ok
14:44:41.0427 3260  [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:44:41.0427 3260  b57w2k - ok
14:44:41.0614 3260  [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:44:41.0677 3260  BCM43XX - ok
14:44:41.0755 3260  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:44:41.0755 3260  Beep - ok
14:44:41.0833 3260  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
14:44:41.0895 3260  BITS - ok
14:44:42.0020 3260  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:44:42.0036 3260  Bonjour Service - ok
14:44:42.0098 3260  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
14:44:42.0098 3260  Browser - ok
14:44:42.0161 3260  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:44:42.0161 3260  cbidf2k - ok
14:44:42.0177 3260  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:44:42.0192 3260  CCDECODE - ok
14:44:42.0192 3260  cd20xrnt - ok
14:44:42.0239 3260  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:44:42.0239 3260  Cdaudio - ok
14:44:42.0302 3260  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:44:42.0302 3260  Cdfs - ok
14:44:42.0364 3260  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:44:42.0364 3260  Cdrom - ok
14:44:42.0427 3260  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
14:44:42.0427 3260  cercsr6 - ok
14:44:42.0427 3260  Changer - ok
14:44:42.0458 3260  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:44:42.0458 3260  CiSvc - ok
14:44:42.0489 3260  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:44:42.0489 3260  ClipSrv - ok
14:44:42.0536 3260  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:44:42.0536 3260  CmBatt - ok
14:44:42.0552 3260  CmdIde - ok
14:44:42.0552 3260  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:44:42.0552 3260  Compbatt - ok
14:44:42.0567 3260  COMSysApp - ok
14:44:42.0583 3260  Cpqarray - ok
14:44:42.0614 3260  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:44:42.0614 3260  CryptSvc - ok
14:44:42.0630 3260  dac2w2k - ok
14:44:42.0630 3260  dac960nt - ok
14:44:42.0692 3260  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:44:42.0708 3260  DcomLaunch - ok
14:44:42.0786 3260  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:44:42.0786 3260  Dhcp - ok
14:44:42.0786 3260  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:44:42.0786 3260  Disk - ok
14:44:42.0802 3260  dmadmin - ok
14:44:42.0895 3260  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:44:42.0911 3260  dmboot - ok
14:44:42.0942 3260  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:44:42.0942 3260  dmio - ok
14:44:42.0989 3260  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:44:42.0989 3260  dmload - ok
14:44:43.0005 3260  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:44:43.0005 3260  dmserver - ok
14:44:43.0067 3260  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:44:43.0067 3260  DMusic - ok
14:44:43.0098 3260  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:44:43.0098 3260  Dnscache - ok
14:44:43.0098 3260  dpti2o - ok
14:44:43.0145 3260  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:44:43.0145 3260  drmkaud - ok
14:44:43.0192 3260  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:44:43.0192 3260  ERSvc - ok
14:44:43.0255 3260  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\WINDOWS\system32\services.exe
14:44:43.0270 3260  Eventlog - ok
14:44:43.0333 3260  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
14:44:43.0348 3260  EventSystem - ok
14:44:43.0380 3260  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:44:43.0380 3260  Fastfat - ok
14:44:43.0427 3260  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:44:43.0427 3260  FastUserSwitchingCompatibility - ok
14:44:43.0505 3260  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:44:43.0505 3260  Fdc - ok
14:44:43.0520 3260  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:44:43.0520 3260  Fips - ok
14:44:43.0552 3260  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:44:43.0552 3260  Flpydisk - ok
14:44:43.0598 3260  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:44:43.0598 3260  FltMgr - ok
14:44:43.0614 3260  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:44:43.0614 3260  Fs_Rec - ok
14:44:43.0614 3260  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:44:43.0630 3260  Ftdisk - ok
14:44:43.0692 3260  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:44:43.0692 3260  GEARAspiWDM - ok
14:44:43.0692 3260  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:44:43.0708 3260  Gpc - ok
14:44:43.0755 3260  [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2       C:\WINDOWS\system32\Drivers\oz776.sys
14:44:43.0755 3260  guardian2 - ok
14:44:43.0833 3260  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:44:43.0833 3260  HDAudBus - ok
14:44:43.0911 3260  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:44:43.0911 3260  helpsvc - ok
14:44:43.0927 3260  HidServ - ok
14:44:43.0973 3260  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:44:44.0005 3260  HidUsb - ok
14:44:44.0020 3260  hpn - ok
14:44:44.0067 3260  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:44:44.0067 3260  HPZid412 - ok
14:44:44.0114 3260  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:44:44.0114 3260  HPZipr12 - ok
14:44:44.0114 3260  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:44:44.0114 3260  HPZius12 - ok
14:44:44.0192 3260  [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
14:44:44.0223 3260  HSF_DPV - ok
14:44:44.0239 3260  [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
14:44:44.0239 3260  HSXHWAZL - ok
14:44:44.0317 3260  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:44:44.0333 3260  HTTP - ok
14:44:44.0380 3260  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:44:44.0395 3260  HTTPFilter - ok
14:44:44.0395 3260  i2omgmt - ok
14:44:44.0395 3260  i2omp - ok
14:44:44.0458 3260  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:44:44.0458 3260  i8042prt - ok
14:44:44.0770 3260  [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:44:44.0911 3260  ialm - ok
14:44:44.0973 3260  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:44:44.0973 3260  Imapi - ok
14:44:45.0052 3260  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:44:45.0067 3260  ImapiService - ok
14:44:45.0067 3260  ini910u - ok
14:44:45.0083 3260  IntelIde - ok
14:44:45.0145 3260  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:44:45.0145 3260  intelppm - ok
14:44:45.0177 3260  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:44:45.0177 3260  Ip6Fw - ok
14:44:45.0223 3260  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:44:45.0223 3260  IpFilterDriver - ok
14:44:45.0239 3260  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:44:45.0239 3260  IpInIp - ok
14:44:45.0317 3260  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:44:45.0364 3260  IpNat - ok
14:44:45.0645 3260  [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:44:45.0692 3260  iPod Service - ok
14:44:45.0708 3260  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:44:45.0708 3260  IPSec - ok
14:44:45.0770 3260  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:44:45.0770 3260  IRENUM - ok
14:44:45.0817 3260  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:44:45.0817 3260  isapnp - ok
14:44:45.0848 3260  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:44:45.0864 3260  Kbdclass - ok
14:44:45.0895 3260  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:44:45.0895 3260  kmixer - ok
14:44:45.0942 3260  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:44:45.0942 3260  KSecDD - ok
14:44:45.0973 3260  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:44:45.0973 3260  lanmanserver - ok
14:44:46.0052 3260  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:44:46.0052 3260  lanmanworkstation - ok
14:44:46.0052 3260  lbrtfdc - ok
14:44:46.0130 3260  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:44:46.0130 3260  LmHosts - ok
14:44:46.0208 3260  [ 35C2B196A8773D1F33905831DAF16C2B ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:44:46.0208 3260  LVRS - ok
14:44:46.0427 3260  [ 0D6B0CCD22CAA668E559B4BB7E86ABF1 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:44:46.0520 3260  LVUVC - ok
14:44:46.0520 3260  lxcg_device - ok
14:44:46.0583 3260  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:44:46.0583 3260  MBAMProtector - ok
14:44:46.0630 3260  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:44:46.0630 3260  MBAMScheduler - ok
14:44:46.0677 3260  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:46.0692 3260  MBAMService - ok
14:44:46.0739 3260  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:44:46.0739 3260  mdmxsdk - ok
14:44:46.0802 3260  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:44:46.0802 3260  Messenger - ok
14:44:46.0848 3260  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:44:46.0848 3260  mnmdd - ok
14:44:46.0911 3260  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:44:46.0911 3260  mnmsrvc - ok
14:44:46.0942 3260  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:44:46.0942 3260  Modem - ok
14:44:46.0973 3260  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:44:46.0973 3260  Mouclass - ok
14:44:47.0052 3260  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:44:47.0052 3260  MountMgr - ok
14:44:47.0161 3260  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:44:47.0161 3260  MozillaMaintenance - ok
14:44:47.0161 3260  mraid35x - ok
14:44:47.0177 3260  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:44:47.0177 3260  MRxDAV - ok
14:44:47.0255 3260  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:44:47.0270 3260  MRxSmb - ok
14:44:47.0317 3260  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:44:47.0333 3260  MSDTC - ok
14:44:47.0333 3260  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:44:47.0333 3260  Msfs - ok
14:44:47.0348 3260  MSIServer - ok
14:44:47.0380 3260  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:44:47.0380 3260  MSKSSRV - ok
14:44:47.0395 3260  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:44:47.0395 3260  MSPCLOCK - ok
14:44:47.0411 3260  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:44:47.0411 3260  MSPQM - ok
14:44:47.0473 3260  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:44:47.0473 3260  mssmbios - ok
14:44:47.0520 3260  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:44:47.0520 3260  MSTEE - ok
14:44:47.0536 3260  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:44:47.0536 3260  Mup - ok
14:44:47.0552 3260  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:44:47.0552 3260  NABTSFEC - ok
14:44:47.0598 3260  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:44:47.0598 3260  NDIS - ok
14:44:47.0645 3260  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:44:47.0645 3260  NdisIP - ok
14:44:47.0708 3260  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:44:47.0708 3260  NdisTapi - ok
14:44:47.0708 3260  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:44:47.0723 3260  Ndisuio - ok
14:44:47.0723 3260  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:44:47.0723 3260  NdisWan - ok
14:44:47.0739 3260  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:44:47.0739 3260  NDProxy - ok
14:44:47.0755 3260  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:44:47.0755 3260  NetBIOS - ok
14:44:47.0770 3260  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:44:47.0786 3260  NetBT - ok
14:44:47.0817 3260  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:44:47.0817 3260  NetDDE - ok
14:44:47.0833 3260  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:44:47.0833 3260  NetDDEdsdm - ok
14:44:47.0864 3260  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:44:47.0864 3260  Netlogon - ok
14:44:47.0942 3260  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
14:44:47.0942 3260  Netman - ok
14:44:48.0020 3260  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:44:48.0020 3260  Nla - ok
14:44:48.0036 3260  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:44:48.0036 3260  Npfs - ok
14:44:48.0114 3260  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:44:48.0130 3260  Ntfs - ok
14:44:48.0130 3260  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:44:48.0130 3260  NtLmSsp - ok
14:44:48.0192 3260  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:44:48.0208 3260  NtmsSvc - ok
14:44:48.0255 3260  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:44:48.0255 3260  Null - ok
14:44:48.0286 3260  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:44:48.0286 3260  NwlnkFlt - ok
14:44:48.0302 3260  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:44:48.0302 3260  NwlnkFwd - ok
14:44:48.0302 3260  OMCI - ok
14:44:48.0411 3260  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:48.0411 3260  ose - ok
14:44:48.0442 3260  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:44:48.0442 3260  Parport - ok
14:44:48.0458 3260  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:44:48.0458 3260  PartMgr - ok
14:44:48.0489 3260  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:44:48.0505 3260  ParVdm - ok
14:44:48.0520 3260  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:44:48.0520 3260  PCI - ok
14:44:48.0536 3260  PCIDump - ok
14:44:48.0536 3260  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:44:48.0536 3260  PCIIde - ok
14:44:48.0552 3260  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:44:48.0552 3260  Pcmcia - ok
14:44:48.0567 3260  PDCOMP - ok
14:44:48.0567 3260  PDFRAME - ok
14:44:48.0583 3260  PDRELI - ok
14:44:48.0583 3260  PDRFRAME - ok
14:44:48.0598 3260  perc2 - ok
14:44:48.0598 3260  perc2hib - ok
14:44:48.0645 3260  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\WINDOWS\system32\services.exe
14:44:48.0645 3260  PlugPlay - ok
14:44:48.0723 3260  [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:44:48.0723 3260  Pml Driver HPZ12 - ok
14:44:48.0723 3260  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:44:48.0723 3260  PolicyAgent - ok
14:44:48.0755 3260  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:44:48.0755 3260  PptpMiniport - ok
14:44:48.0755 3260  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:44:48.0755 3260  ProtectedStorage - ok
14:44:48.0770 3260  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:44:48.0770 3260  PSched - ok
14:44:48.0786 3260  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:44:48.0786 3260  Ptilink - ok
14:44:48.0786 3260  ql1080 - ok
14:44:48.0786 3260  Ql10wnt - ok
14:44:48.0802 3260  ql12160 - ok
14:44:48.0802 3260  ql1240 - ok
14:44:48.0817 3260  ql1280 - ok
14:44:48.0817 3260  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:44:48.0817 3260  RasAcd - ok
14:44:48.0864 3260  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:44:48.0864 3260  RasAuto - ok
14:44:48.0880 3260  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:44:48.0880 3260  Rasl2tp - ok
14:44:48.0927 3260  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:44:48.0942 3260  RasMan - ok
14:44:48.0942 3260  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:44:48.0942 3260  RasPppoe - ok
14:44:48.0958 3260  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:44:48.0958 3260  Raspti - ok
14:44:49.0020 3260  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:44:49.0020 3260  Rdbss - ok
14:44:49.0020 3260  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:44:49.0036 3260  RDPCDD - ok
14:44:49.0114 3260  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:44:49.0114 3260  rdpdr - ok
14:44:49.0161 3260  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:44:49.0177 3260  RDPWD - ok
14:44:49.0192 3260  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:44:49.0192 3260  RDSessMgr - ok
14:44:49.0223 3260  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:44:49.0223 3260  redbook - ok
14:44:49.0286 3260  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:44:49.0286 3260  RemoteAccess - ok
14:44:49.0317 3260  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:44:49.0333 3260  RemoteRegistry - ok
14:44:49.0395 3260  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\WINDOWS\system32\Drivers\RimUsb.sys
14:44:49.0395 3260  RimUsb - ok
14:44:49.0442 3260  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:44:49.0442 3260  RpcLocator - ok
14:44:49.0489 3260  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:44:49.0505 3260  RpcSs - ok
14:44:49.0552 3260  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:44:49.0552 3260  RSVP - ok
14:44:49.0583 3260  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:44:49.0583 3260  SamSs - ok
14:44:49.0614 3260  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:44:49.0614 3260  SCardSvr - ok
14:44:49.0692 3260  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:44:49.0692 3260  Schedule - ok
14:44:49.0739 3260  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:44:49.0739 3260  Secdrv - ok
14:44:49.0786 3260  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:44:49.0786 3260  seclogon - ok
14:44:49.0802 3260  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
14:44:49.0802 3260  SENS - ok
14:44:49.0817 3260  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:44:49.0817 3260  serenum - ok
14:44:49.0848 3260  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:44:49.0848 3260  Serial - ok
14:44:49.0864 3260  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:44:49.0864 3260  Sfloppy - ok
14:44:49.0942 3260  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:44:49.0958 3260  ShellHWDetection - ok
14:44:49.0958 3260  Simbad - ok
14:44:50.0052 3260  [ F2B755D3835089590E8113F48AA931F7 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:44:50.0052 3260  SkypeUpdate - ok
14:44:50.0098 3260  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:44:50.0098 3260  SLIP - ok
14:44:50.0098 3260  Sparrow - ok
14:44:50.0130 3260  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:44:50.0130 3260  splitter - ok
14:44:50.0161 3260  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:44:50.0161 3260  Spooler - ok
14:44:50.0223 3260  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:44:50.0223 3260  sr - ok
14:44:50.0239 3260  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:44:50.0239 3260  srservice - ok
14:44:50.0317 3260  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:44:50.0333 3260  Srv - ok
14:44:50.0395 3260  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:44:50.0395 3260  SSDPSRV - ok
14:44:50.0505 3260  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
14:44:50.0536 3260  STHDA - ok
14:44:50.0614 3260  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:44:50.0630 3260  stisvc - ok
14:44:50.0645 3260  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:44:50.0661 3260  streamip - ok
14:44:50.0677 3260  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:44:50.0677 3260  swenum - ok
14:44:50.0677 3260  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:44:50.0692 3260  swmidi - ok
14:44:50.0692 3260  SwPrv - ok
14:44:50.0692 3260  symc810 - ok
14:44:50.0708 3260  symc8xx - ok
14:44:50.0708 3260  sym_hi - ok
14:44:50.0723 3260  sym_u3 - ok
14:44:50.0817 3260  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:44:50.0864 3260  sysaudio - ok
14:44:50.0989 3260  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:44:51.0067 3260  SysmonLog - ok
14:44:51.0223 3260  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:44:51.0239 3260  TapiSrv - ok
14:44:51.0317 3260  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:44:51.0317 3260  Tcpip - ok
14:44:51.0348 3260  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:44:51.0348 3260  TDPIPE - ok
14:44:51.0364 3260  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:44:51.0380 3260  TDTCP - ok
14:44:51.0380 3260  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:44:51.0380 3260  TermDD - ok
14:44:51.0427 3260  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:44:51.0442 3260  TermService - ok
14:44:51.0473 3260  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:44:51.0473 3260  Themes - ok
14:44:51.0536 3260  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:44:51.0536 3260  TlntSvr - ok
14:44:51.0536 3260  TosIde - ok
14:44:51.0583 3260  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:44:51.0583 3260  TrkWks - ok
14:44:51.0614 3260  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:44:51.0614 3260  Udfs - ok
14:44:51.0630 3260  UIUSys - ok
14:44:51.0630 3260  ultra - ok
14:44:51.0755 3260  [ 6AA98EEB910E3D3A718592834EBE61D7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:44:51.0755 3260  UMVPFSrv - ok
14:44:51.0802 3260  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:44:51.0802 3260  Update - ok
14:44:51.0833 3260  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:44:51.0833 3260  upnphost - ok
14:44:51.0848 3260  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
14:44:51.0848 3260  UPS - ok
14:44:51.0880 3260  [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:44:51.0880 3260  USBAAPL - ok
14:44:51.0927 3260  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:44:51.0942 3260  usbaudio - ok
14:44:52.0020 3260  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:44:52.0020 3260  usbccgp - ok
14:44:52.0083 3260  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:44:52.0098 3260  usbehci - ok
14:44:52.0114 3260  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:44:52.0114 3260  usbhub - ok
14:44:52.0161 3260  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:44:52.0177 3260  usbprint - ok
14:44:52.0192 3260  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:44:52.0208 3260  usbscan - ok
14:44:52.0223 3260  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:44:52.0223 3260  USBSTOR - ok
14:44:52.0239 3260  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:44:52.0239 3260  usbuhci - ok
14:44:52.0302 3260  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
14:44:52.0302 3260  usbvideo - ok
14:44:52.0302 3260  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:44:52.0302 3260  VgaSave - ok
14:44:52.0317 3260  ViaIde - ok
14:44:52.0333 3260  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:44:52.0348 3260  VolSnap - ok
14:44:52.0380 3260  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
14:44:52.0395 3260  VSS - ok
14:44:52.0442 3260  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
14:44:52.0458 3260  W32Time - ok
14:44:52.0473 3260  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:44:52.0473 3260  Wanarp - ok
14:44:52.0473 3260  WDICA - ok
14:44:52.0489 3260  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:44:52.0505 3260  wdmaud - ok
14:44:52.0520 3260  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:44:52.0520 3260  WebClient - ok
14:44:52.0567 3260  [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
14:44:52.0583 3260  winachsf - ok
14:44:52.0708 3260  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:44:52.0723 3260  winmgmt - ok
14:44:52.0739 3260  wltrysvc - ok
14:44:52.0770 3260  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:44:52.0786 3260  WmdmPmSN - ok
14:44:52.0848 3260  [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:44:52.0864 3260  Wmi - ok
14:44:52.0895 3260  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:44:52.0895 3260  WmiAcpi - ok
14:44:52.0942 3260  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:44:52.0942 3260  WmiApSrv - ok
14:44:52.0973 3260  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:44:52.0973 3260  WSTCODEC - ok
14:44:53.0020 3260  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:44:53.0020 3260  wuauserv - ok
14:44:53.0083 3260  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:44:53.0083 3260  WudfPf - ok
14:44:53.0114 3260  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:44:53.0130 3260  WudfRd - ok
14:44:53.0145 3260  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:44:53.0145 3260  WudfSvc - ok
14:44:53.0208 3260  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:44:53.0223 3260  WZCSVC - ok
14:44:53.0270 3260  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:44:53.0270 3260  xmlprov - ok
14:44:53.0286 3260  ================ Scan global ===============================
14:44:53.0333 3260  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:44:53.0348 3260  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:44:53.0364 3260  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:44:53.0380 3260  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
14:44:53.0380 3260  [Global] - ok
14:44:53.0380 3260  ================ Scan MBR ==================================
14:44:53.0411 3260  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:44:53.0458 3260  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
14:44:53.0458 3260  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
14:44:53.0536 3260  ================ Scan VBR ==================================
14:44:53.0583 3260  [ 0A46F4A70E360AB4D7153DD8D0D73305 ] \Device\Harddisk0\DR0\Partition1
14:44:53.0583 3260  \Device\Harddisk0\DR0\Partition1 - ok
14:44:53.0583 3260  ============================================================
14:44:53.0583 3260  Scan finished
14:44:53.0583 3260  ============================================================
14:44:53.0598 2796  Detected object count: 1
14:44:53.0598 2796  Actual detected object count: 1
14:45:19.0755 2796  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
14:45:19.0755 2796  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip



#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 03 August 2013 - 02:31 PM

:step1: Backdoor/Rootkit warning: Sinowal

 

This computer is infected with a rootkit called Sinowal. You will need to change all passwords after this and pay attention to do not homebanking. Don't use the machine now for other goals then malware removal.

===

 

Choose to cure it. Rerun the scan.


Edited by GodfatherKing, 03 August 2013 - 02:31 PM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 03 August 2013 - 03:20 PM

Ok, by the time I read your last post, I had already ran the ESET Online Scanner.  It found 2 threats and when I clicked on "list threats" it listed 2 targets but each had the same threat...most likely the rootkit.  I tried to copy and paste or send to clipboard or save results, neither of which was effective for some reason.  Then I read your post, reran TDSSKiller and clicked "cure".  Restarted computer when prompted and then ran TDSSKiller again and this time NO infections at ALL!!!  Many Many Thanks to you!!!  I do have some quick questions for you though. 

 

1. Should I uninstall the ESET online scanner or any other programs I used? or the sysinternals autorun i had downloaded before talking to you?

 

2. Can I go ahead and use my computer for online banking or other regular activities (facebook, craigslist, email, etc) since rootkit is gone???  I want to change all my passwords like you said.

 

3. Lastly, I've been using CC cleaner pretty frequently and AVG 2013 as my main protection....Would you make any recommendations as to what I should use for the everyday protection and health of my computer???  

 

Again I appreciate all your help SOO much! :)



#10 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 03 August 2013 - 10:02 PM

Update: I got on my computer again this evening and there was an "AVG - Antivirus Free" popup again....i had walked away from the laptop and it had went to sleep and that mustve popped up before I got back..  I ran the TDSSKiller again and nothing was detected...I am really confused about why it would have popped up and am not at ease about it. I got a screen shot of the AVG popup, but I'm not sure how to post it, if I even need to do that. Should I do anything else???   Would appreciate your help again Godfather King!



#11 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 04 August 2013 - 02:10 AM

Don't use this computer for other goals, it's still infected. 

 

:step1: Rerun MBAM and post the log.

 

:step2: Rerun TDSSKiller post the log.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#12 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 04 August 2013 - 11:01 PM

Okay, ran a full scan on MBAM and TDSSKiller.  Neither one showed any malicious threats whatsoever!  But I am still seeing AVG popups, a couple every hour at least.  Here is the MBAM scan I just ran. I tried to copy the log from TDSSKiller but for some reason was unable to copy it...BUT no threats at all for that scan as well.  Could something be wrong with AVG itself?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Dell User :: DELL-AA20D1D908 [administrator]

8/4/2013 9:34:16 PM
mbam-log-2013-08-04 (21-34-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275653
Time elapsed: 29 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 



#13 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 05 August 2013 - 03:53 AM

Post the screenshot from AVG or attach the image. It can be a false-positive.

 

== 

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#14 Joyful25

Joyful25
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:34 PM

Posted 05 August 2013 - 09:23 AM

Here's the Security Check's results.  I did notice that it said Adobe is out of date but I recently downloaded the Secuna PSI and had updated a lot of things.  I didn't get everything updated though, so I will check on that.  I would like to uninstall my AVG and install the AVAST instead.....The WOT...I've never heard of that, I will check out the link.  Thanks!

 

Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
u
p
d
a
t
e
ECHO is off.
m
o
d
u
l
e
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````



#15 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 05 August 2013 - 09:33 AM

Steps to do:

 

1) Download Avast setup.

2) Remove AVG.

2B) Reboot and don't do any other activities on the computer. 

3) Install Avast.

3B) Reboot again.

 

4) You shoud be running now Avast.

 

If you have any issues with removing AVG, let me know. 

 

Avast has also a Software updater inside it. It will tell you to up date Adobe, Java, ... if necessary. 


Edited by GodfatherKing, 05 August 2013 - 09:34 AM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users