Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Browser redirect / possible trojan or malware

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Fri Jul 20, 2012 8:17 pm    Post subject: Browser redirect / possible trojan or malware Reply with quote

Hello. I am a first time poster. When clicking on a search result from google or yahoo search, my browser redirects me to some other site than requested.

The DDS logs are attached. Thanks for all your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by ADMIN at 23:53:27 on 2012-07-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1176 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\aswMBR.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\OTL.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\admin\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dmoint] rundll32.exe
mRun: [isvpkr] "c:\windows\system32\rundll32.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\magicj~1.lnk - c:\documents and settings\admin\application data\mjusbsp\magicJackLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270777262124
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{36BCE01F-3DF2-4D42-A84A-56A9CC575098} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\h9atrq7s.default\
FF - prefs.js: browser.search.selectedEngine - weather.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\h9atrq7s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-18 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-18 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-18 66616]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-11 315392]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-19 218688]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2012-07-21 02:07:11 -------- d-----w- c:\windows\pss
2012-07-18 04:45:13 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
2012-07-12 13:37:57 -------- d-----w- c:\documents and settings\admin\local settings\application data\{C97142EE-CC26-11E1-8270-B8AC6F996F26}
2012-07-04 02:12:35 -------- d-----w- c:\documents and settings\admin\local settings\application data\Identities
2012-07-04 02:11:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-04 02:11:29 -------- d-----w- c:\program files\Windows Desktop Search
2012-07-01 12:40:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-13 02:22:10 59 ----a-w- c:\windows\wpd99.drv
2012-07-01 12:30:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 12:30:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 04:25:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-27 04:25:29 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 04:25:29 472864 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A1314B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a13893c]; MOV EAX, [0x8a138ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A5F2AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A1AEF18]
\Driver\atapi[0x8A648B10] -> IRP_MJ_CREATE -> 0x8A1314B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1312E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:54:41.40 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2010 6:18:02 PM
System Uptime: 7/20/2012 10:11:29 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WF810
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2990/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 46.544 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP374: 5/6/2012 11:50:31 PM - System Checkpoint
RP375: 5/7/2012 11:58:27 PM - System Checkpoint
RP376: 5/9/2012 12:58:26 AM - System Checkpoint
RP377: 5/10/2012 1:58:27 AM - System Checkpoint
RP378: 5/11/2012 2:58:27 AM - System Checkpoint
RP379: 5/12/2012 3:58:26 AM - System Checkpoint
RP380: 5/13/2012 3:58:31 AM - System Checkpoint
RP381: 5/14/2012 4:58:31 AM - System Checkpoint
RP382: 5/15/2012 5:58:32 AM - System Checkpoint
RP383: 5/16/2012 6:23:23 AM - System Checkpoint
RP384: 5/17/2012 7:23:23 AM - System Checkpoint
RP385: 5/18/2012 8:41:38 AM - System Checkpoint
RP386: 5/19/2012 9:26:01 AM - System Checkpoint
RP387: 5/20/2012 9:27:08 AM - System Checkpoint
RP388: 5/21/2012 10:23:28 AM - System Checkpoint
RP389: 5/22/2012 11:23:28 AM - System Checkpoint
RP390: 5/23/2012 12:23:28 PM - System Checkpoint
RP391: 5/24/2012 1:23:29 PM - System Checkpoint
RP392: 5/25/2012 2:23:28 PM - System Checkpoint
RP393: 5/26/2012 3:23:29 PM - System Checkpoint
RP394: 5/27/2012 5:06:35 PM - System Checkpoint
RP395: 5/28/2012 5:23:28 PM - System Checkpoint
RP396: 5/29/2012 5:52:09 PM - System Checkpoint
RP397: 5/30/2012 6:11:37 PM - System Checkpoint
RP398: 5/31/2012 7:11:37 PM - System Checkpoint
RP399: 6/1/2012 8:11:37 PM - System Checkpoint
RP400: 6/2/2012 9:38:01 PM - System Checkpoint
RP401: 6/3/2012 10:11:37 PM - System Checkpoint
RP402: 6/4/2012 8:22:48 PM - Installed OTC Scanning Suite
RP403: 6/5/2012 9:11:37 PM - System Checkpoint
RP404: 6/6/2012 9:11:50 PM - System Checkpoint
RP405: 6/7/2012 10:11:50 PM - System Checkpoint
RP406: 6/8/2012 8:59:28 PM - Installed OTC Scanning Suite
RP407: 6/9/2012 9:11:50 PM - System Checkpoint
RP408: 6/10/2012 10:11:51 PM - System Checkpoint
RP409: 6/11/2012 11:11:50 PM - System Checkpoint
RP410: 6/13/2012 12:43:33 AM - System Checkpoint
RP411: 6/14/2012 2:18:20 AM - System Checkpoint
RP412: 6/15/2012 2:38:14 AM - System Checkpoint
RP413: 6/16/2012 3:38:14 AM - System Checkpoint
RP414: 6/17/2012 4:38:14 AM - System Checkpoint
RP415: 6/18/2012 5:38:15 AM - System Checkpoint
RP416: 6/19/2012 6:38:15 AM - System Checkpoint
RP417: 6/20/2012 7:38:14 AM - System Checkpoint
RP418: 6/21/2012 7:38:25 AM - System Checkpoint
RP419: 6/22/2012 8:43:25 AM - System Checkpoint
RP420: 6/23/2012 9:38:25 AM - System Checkpoint
RP421: 6/24/2012 10:38:25 AM - System Checkpoint
RP422: 6/25/2012 10:39:31 AM - System Checkpoint
RP423: 6/26/2012 11:38:25 AM - System Checkpoint
RP424: 6/27/2012 12:38:25 PM - System Checkpoint
RP425: 6/28/2012 12:38:32 PM - System Checkpoint
RP426: 6/29/2012 1:38:32 PM - System Checkpoint
RP427: 6/30/2012 1:53:16 PM - System Checkpoint
RP428: 7/1/2012 9:19:18 AM - Software Distribution Service 3.0
RP429: 7/2/2012 3:00:33 AM - Software Distribution Service 3.0
RP430: 7/3/2012 3:51:07 AM - System Checkpoint
RP431: 7/3/2012 10:10:58 PM - Installed Windows XP KB915800-v4.
RP432: 7/3/2012 10:11:26 PM - Installed Windows XP Windows Search 4.0.
RP433: 7/4/2012 11:32:31 PM - System Checkpoint
RP434: 7/5/2012 3:00:15 AM - Software Distribution Service 3.0
RP435: 7/6/2012 3:21:02 AM - System Checkpoint
RP436: 7/7/2012 4:21:01 AM - System Checkpoint
RP437: 7/8/2012 5:21:01 AM - System Checkpoint
RP438: 7/9/2012 5:21:07 AM - System Checkpoint
RP439: 7/10/2012 6:21:07 AM - System Checkpoint
RP440: 7/11/2012 3:00:23 AM - Software Distribution Service 3.0
RP441: 7/12/2012 3:27:02 AM - System Checkpoint
RP442: 7/13/2012 4:27:02 AM - System Checkpoint
RP443: 7/14/2012 5:18:25 AM - System Checkpoint
RP444: 7/15/2012 6:18:25 AM - System Checkpoint
RP445: 7/16/2012 7:18:25 AM - System Checkpoint
RP446: 7/17/2012 8:58:26 AM - System Checkpoint
RP447: 7/18/2012 12:46:58 AM - Restore Operation
RP448: 7/18/2012 12:49:52 AM - Restore Operation
RP449: 7/18/2012 12:52:42 AM - Restore Operation
RP450: 7/20/2012 11:44:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Ad-aware 6 Personal
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
Avira AntiVir Personal - Free Antivirus
Broadcom Gigabit Integrated Controller
BufferChm
Cisco Connect
Coupon Printer for Windows
Dell Driver Download Manager
Dell Support 3.2.1
Destinations
DeviceDiscovery
DocMgr
DocProc
Eraser 6.0.9.2343
Fax
FLVPlayer4Free Free FLV Player 3.8.0.0
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 32
magicJack
MediaImpression 2.0 for PENTAX
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Mozilla Firefox 13.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Novacomd
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 13.0
OTC Scanning Suite
Pdf995
PHOTOfunSTUDIO
Readon TV Movie Radio Player 7.6.0.0
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Status
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (01/07/2010 2.0.0)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinIPConfig
WinRAR 4.00 (32-bit)
ZOTAC FireStorm
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 9:59:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
7/18/2012 12:53:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/18/2012 12:44:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:43:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/18/2012 12:43:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/18/2012 12:39:12 AM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
7/17/2012 10:17:50 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
7/17/2012 10:17:43 PM, error: Service Control Manager [7034] - The McciServiceHost service terminated unexpectedly. It has done this 1 time(s).
7/13/2012 7:41:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/13/2012 7:14:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/13/2012 6:57:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/13/2012 1:30:03 PM, error: Print [6161] - The document Print Chewy Rum Sugar Cookies | Just A Pinch Recipe Club owned by ADMIN failed to print on printer HP Officejet 4500 G510n-z. Data type: NT EMF 1.008. Size of the spool file in bytes: 550908. Number of bytes printed: 550908. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\MIKE. Win32 error code returned by the print processor: 0 (0x0).
7/13/2012 1:29:57 PM, error: Print [6161] - The document Print Chewy Rum Sugar Cookies | Just A Pinch Recipe Club owned by ADMIN failed to print on printer HP Officejet 4500 G510n-z. Data type: NT EMF 1.008. Size of the spool file in bytes: 551032. Number of bytes printed: 551032. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\MIKE. Win32 error code returned by the print processor: 0 (0x0).
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Sun Jul 22, 2012 2:22 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



A couple of questions before we proceed...
Quote:
Microsoft Office Enterprise 2007

I see that you have Microsoft Office Enterprise 2007 installed. Could you tell me how this came to be on your machine ?
Quote:
aswMBR.exe
OTL.exe

These tools suggest that you have received help at another forum, can you confirm that is the case?

Please download MGA Diagnostic Tool and save it to your Desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Sun Jul 22, 2012 7:59 am    Post subject: Reply with quote

Hello Cypher,

Microsoft Enterprise came with my PC, I bought it on the Dell Auction site. It's a refurb. Asfor the OTL and aswMBR, I found those by perusing Nortons forums and began following their troubleshooting process until I came to the part where I needed to submit logs, etc and couldn.t as I am not a Norton user.

I will running the app you recommended and post the log in a moment.

Thanks again for your assistance
Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Sun Jul 22, 2012 7:59 am    Post subject: Reply with quote

Hello Cypher,

Microsoft Enterprise came with my PC, I bought it on the Dell Auction site. It's a refurb. Asfor the OTL and aswMBR, I found those by perusing Nortons forums and began following their troubleshooting process until I came to the part where I needed to submit logs, etc and couldn.t as I am not a Norton user.

I will running the app you recommended and post the log in a moment.

Thanks again for your assistance
Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Sun Jul 22, 2012 8:03 am    Post subject: Reply with quote

MGA results

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {22FF315C-8BAD-40E0-824E-425404B71137}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{22FF315C-8BAD-40E0-824E-425404B71137}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2023294846-3223980389-256265723</SID><SYSTEM/><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.1 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070821000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>86DF339701846076</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65098</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A702:Dell Inc|1A702:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Sun Jul 22, 2012 9:43 am    Post subject: Reply with quote

Hi cough,
Quote:
OTL and aswMBR, I found those by perusing Nortons forums and began following their troubleshooting process until I came to the part where I needed to submit logs, etc and couldn.t as I am not a Norton user.
Ok thanks for clearing that up.
Quote:
Microsoft Enterprise came with my PC, I bought it on the Dell Auction site. It's a refurb.

Microsoft Office Enterprise is not issued to home users, hence you do not have a valid license for it.
If you wish for me to continue helping you, you will have to uninstall it.
Let me know what you would like to do in your next reply please.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Sun Jul 22, 2012 11:11 am    Post subject: Reply with quote

I was not aware that there were allowed and disallowed office versions. As I noted, I purchased the PC directly from Dell on their auction website. it came already loaded on it. I can uninstall it if that is necessary.
Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Sun Jul 22, 2012 11:17 am    Post subject: Reply with quote

do I need to run the MGA diagnostics again once uninstalled?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Mon Jul 23, 2012 1:22 am    Post subject: Reply with quote

Hi cough,
Quote:
I was not aware that there were allowed and disallowed office versions. As I noted, I purchased the PC directly from Dell on their auction website. it came already loaded on it. I can uninstall it if that is necessary.
Microsoft does not sell nor does it permit the sale of Enterprise versions of Windows or Microsoft Office to individuals.
It is only available to businesses and educational institutions.
Quote:
do I need to run the MGA diagnostics again once uninstalled?

No i just need you to uninstall it, if you are happy to do so, once done continue with the instructions below.

First delete the versions of aswMBR.exe, and OTL.exe on your computer.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • TDSSKiller log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Mon Jul 23, 2012 4:38 am    Post subject: Reply with quote

I uninstalled Microsoft Enterprise and deleted the aswMBr and OTL.

Here is the OTL txt. I have not seen an extras.txt log though. The TDSS log is below the OTL

OTL logfile created on: 7/23/2012 8:22:23 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\ADMIN\Desktop\2012virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.25% Memory free
3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): C:\pagefile.sys 2045 2245 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 48.79 Gb Free Space | 65.49% Space Free | Partition Type: NTFS

Computer Name: MIKE | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 08:22:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\2012virus\OTL.exe
PRC - [2012/07/23 08:19:40 | 002,136,152 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ADMIN\Desktop\2012virus\tdsskiller.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\ADMIN\Application Data\mjusbsp\magicJack.exe
PRC - [2011/11/05 12:17:04 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2011/09/09 10:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2011/07/01 03:18:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 03:30:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/24 14:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/07/27 06:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2008/11/18 19:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/02 03:34:11 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/02 03:31:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/07/02 03:31:19 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/07/02 03:30:54 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/07/02 03:30:15 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/07/02 03:26:10 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/07/02 03:25:59 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/01 13:42:32 | 000,083,352 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\mjusbsp\octvqem_apiw.dll
MOD - [2010/07/24 13:58:43 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/09 10:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2011/07/01 03:18:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 03:30:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/24 14:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 14:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 14:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 14:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2011/09/09 10:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 10:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/07/01 03:18:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 03:18:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/23 15:03:56 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2011/04/19 16:55:20 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2007/06/06 15:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 8F 76 46 F2 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "weather.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 22:58:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/01 08:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C97142EE-CC26-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\ADMIN\Local Settings\Application Data\{C97142EE-CC26-11E1-8270-B8AC6F996F26}\ [2012/07/12 09:37:57 | 000,000,000 | ---D | M]

[2010/04/08 19:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2012/05/30 19:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\extensions
[2010/06/12 16:48:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/25 18:17:10 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2010/05/01 20:34:19 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\extensions\firefox@tvunetworks.com
[2010/06/12 16:48:11 | 000,005,310 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\searchplugins\footiefox.xml
[2010/04/09 19:25:13 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\h9atrq7s.default\searchplugins\weathercom.xml
[2012/06/16 22:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/21 15:34:44 | 000,067,428 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H9ATRQ7S.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012/07/12 09:37:57 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\{C97142EE-CC26-11E1-8270-B8AC6F996F26}
[2012/06/16 22:58:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/04 20:41:03 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/16 22:58:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 22:58:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/17 20:54:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dmoint] rundll32.exe File not found
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [isvpkr] "C:\WINDOWS\system32\rundll32.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\magicJack.lnk = C:\Documents and Settings\ADMIN\Application Data\mjusbsp\magicJackLoader.exe (magicJack L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270777262124 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36BCE01F-3DF2-4D42-A84A-56A9CC575098}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 14:46:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 12:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2012/07/20 23:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\2012virus
[2012/07/20 23:53:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Start Menu\Programs\Administrative Tools
[2012/07/20 22:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/18 00:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Windows Search
[2012/07/18 00:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/17 21:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Magic Jack
[2012/07/12 09:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\{C97142EE-CC26-11E1-8270-B8AC6F996F26}
[2012/07/12 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\2001 Intrigue
[2012/07/10 08:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\1994 Suburban
[2012/07/06 09:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\HSA
[2012/07/05 14:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
[2012/07/03 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/07/03 22:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Identities
[2012/07/03 22:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/07/03 22:11:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/07/01 08:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

========== Files - Modified Within 30 Days ==========

[2012/07/23 08:31:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/23 08:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 08:15:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/23 08:15:02 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\magicJack.lnk
[2012/07/23 08:14:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/23 08:13:50 | 000,249,405 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/07/23 08:13:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 08:13:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 08:13:33 | 2144,960,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 08:13:33 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/21 07:57:57 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Readon TV Movie Radio Player.lnk
[2012/07/20 23:18:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\MBR.dat
[2012/07/20 08:48:42 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/20 08:48:42 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/18 08:36:00 | 000,000,084 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/12 22:22:10 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/07/11 19:03:54 | 001,013,388 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Alero fan wiring.xps
[2012/07/11 03:06:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 08:34:48 | 000,097,641 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\AutoZone tune up shopping cart.pdf
[2012/07/05 14:48:12 | 000,082,964 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\https eservices.paychex.com secure CheckImageViewHub.pdf
[2012/06/27 09:50:08 | 000,027,266 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\lemon.jpg

========== Files Created - No Company Name ==========

[2012/07/20 23:18:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\MBR.dat
[2012/07/18 08:36:00 | 000,000,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/07/18 01:44:40 | 2144,960,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/11 19:03:54 | 001,013,388 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Alero fan wiring.xps
[2012/07/10 08:34:45 | 000,097,641 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\AutoZone tune up shopping cart.pdf
[2012/07/05 14:48:12 | 000,082,964 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\https eservices.paychex.com secure CheckImageViewHub.pdf
[2012/06/27 09:50:08 | 000,027,266 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\lemon.jpg
[2012/05/05 23:27:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/18 07:02:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/06 10:48:16 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Itazeqube.dat
[2010/12/20 22:58:09 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2010/09/26 11:54:47 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2010/09/26 11:23:05 | 000,207,282 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2010/09/26 11:23:04 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2010/09/25 22:11:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/09/25 22:09:58 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/25 22:22:10 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 13:59:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/07/24 13:58:43 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/07/24 13:58:43 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

========== LOP Check ==========

[2010/09/12 10:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\CanuckSoftware
[2011/07/04 20:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Catalina Marketing Corp
[2011/04/19 16:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\DAEMON Tools Lite
[2011/04/14 17:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ED1E3DBCD3B160EE8D3A7B6726340B33
[2010/05/02 20:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\FLVPlayer4Free
[2012/07/23 08:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\mjusbsp
[2010/05/08 23:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Panasonic
[2010/07/24 13:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\pdf995
[2010/12/30 20:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Unity
[2012/07/18 00:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Windows Search
[2010/07/10 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/04/21 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/23 07:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/08/07 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2012/07/12 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/03/26 00:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
[2012/06/04 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scanning Suite
[2011/09/11 17:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

========== Purity Check ==========



< End of report >

TDSS Log

08:19:42.0187 2708 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
08:19:42.0484 2708 ============================================================
08:19:42.0484 2708 Current date / time: 2012/07/23 08:19:42.0484
08:19:42.0484 2708 SystemInfo:
08:19:42.0484 2708
08:19:42.0484 2708 OS Version: 5.1.2600 ServicePack: 3.0
08:19:42.0484 2708 Product type: Workstation
08:19:42.0484 2708 ComputerName: MIKE
08:19:42.0484 2708 UserName: ADMIN
08:19:42.0484 2708 Windows directory: C:\WINDOWS
08:19:42.0484 2708 System windows directory: C:\WINDOWS
08:19:42.0484 2708 Processor architecture: Intel x86
08:19:42.0484 2708 Number of processors: 2
08:19:42.0484 2708 Page size: 0x1000
08:19:42.0484 2708 Boot type: Normal boot
08:19:42.0484 2708 ============================================================
08:19:49.0296 2708 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:19:49.0328 2708 ============================================================
08:19:49.0328 2708 \Device\Harddisk0\DR0:
08:19:49.0359 2708 MBR partitions:
08:19:49.0359 2708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800
08:19:49.0359 2708 ============================================================
08:19:49.0437 2708 C: <-> \Device\Harddisk0\DR0\Partition0
08:19:49.0437 2708 ============================================================
08:19:49.0437 2708 Initialize success
08:19:49.0437 2708 ============================================================
08:20:07.0781 4500 ============================================================
08:20:07.0781 4500 Scan started
08:20:07.0781 4500 Mode: Manual;
08:20:07.0781 4500 ============================================================
08:20:11.0046 4500 Abiosdsk - ok
08:20:11.0062 4500 abp480n5 - ok
08:20:11.0250 4500 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:20:11.0250 4500 ACDaemon - ok
08:20:11.0343 4500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:20:11.0343 4500 ACPI - ok
08:20:11.0359 4500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:20:11.0359 4500 ACPIEC - ok
08:20:11.0515 4500 ADIHdAudAddService (0bcb5bd6ea1cbf1750d881e0c4e923ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:20:11.0515 4500 ADIHdAudAddService - ok
08:20:11.0515 4500 adpu160m - ok
08:20:11.0562 4500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:20:11.0578 4500 aec - ok
08:20:11.0593 4500 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
08:20:11.0609 4500 Afc - ok
08:20:11.0640 4500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:20:11.0640 4500 AFD - ok
08:20:11.0656 4500 Aha154x - ok
08:20:11.0656 4500 aic78u2 - ok
08:20:11.0656 4500 aic78xx - ok
08:20:11.0734 4500 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:20:11.0734 4500 Alerter - ok
08:20:11.0765 4500 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:20:11.0765 4500 ALG - ok
08:20:11.0765 4500 AliIde - ok
08:20:11.0765 4500 amsint - ok
08:20:11.0781 4500 Andbus - ok
08:20:11.0781 4500 AndDiag - ok
08:20:11.0781 4500 AndGps - ok
08:20:11.0796 4500 ANDModem - ok
08:20:11.0875 4500 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:20:11.0890 4500 AntiVirSchedulerService - ok
08:20:11.0921 4500 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:20:11.0937 4500 AntiVirService - ok
08:20:11.0984 4500 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:20:12.0000 4500 AppMgmt - ok
08:20:12.0000 4500 asc - ok
08:20:12.0015 4500 asc3350p - ok
08:20:12.0015 4500 asc3550 - ok
08:20:12.0125 4500 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:20:12.0187 4500 aspnet_state - ok
08:20:12.0234 4500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:20:12.0250 4500 AsyncMac - ok
08:20:12.0281 4500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:20:12.0281 4500 atapi - ok
08:20:12.0281 4500 Atdisk - ok
08:20:12.0296 4500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:20:12.0312 4500 Atmarpc - ok
08:20:12.0343 4500 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:20:12.0359 4500 AudioSrv - ok
08:20:12.0359 4500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:20:12.0359 4500 audstub - ok
08:20:12.0390 4500 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
08:20:12.0406 4500 avgio - ok
08:20:12.0406 4500 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:20:12.0421 4500 avgntflt - ok
08:20:12.0421 4500 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:20:12.0437 4500 avipbb - ok
08:20:12.0562 4500 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:20:12.0578 4500 b57w2k - ok
08:20:12.0625 4500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:20:12.0625 4500 Beep - ok
08:20:12.0671 4500 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:20:12.0718 4500 BITS - ok
08:20:12.0750 4500 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:20:12.0750 4500 Browser - ok
08:20:12.0781 4500 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:20:12.0796 4500 BVRPMPR5 - ok
08:20:12.0812 4500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:20:12.0812 4500 cbidf2k - ok
08:20:12.0828 4500 cd20xrnt - ok
08:20:12.0843 4500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:20:12.0843 4500 Cdaudio - ok
08:20:12.0890 4500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:20:12.0906 4500 Cdfs - ok
08:20:12.0937 4500 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:20:12.0937 4500 Cdrom - ok
08:20:12.0953 4500 cerc6 - ok
08:20:12.0953 4500 Changer - ok
08:20:12.0984 4500 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:20:12.0984 4500 CiSvc - ok
08:20:13.0000 4500 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:20:13.0000 4500 ClipSrv - ok
08:20:13.0078 4500 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:13.0140 4500 clr_optimization_v2.0.50727_32 - ok
08:20:13.0234 4500 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:20:13.0234 4500 CmBatt - ok
08:20:13.0234 4500 CmdIde - ok
08:20:13.0250 4500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:20:13.0265 4500 Compbatt - ok
08:20:13.0265 4500 COMSysApp - ok
08:20:13.0265 4500 Cpqarray - ok
08:20:13.0312 4500 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:20:13.0312 4500 CryptSvc - ok
08:20:13.0328 4500 dac2w2k - ok
08:20:13.0328 4500 dac960nt - ok
08:20:13.0375 4500 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:20:13.0390 4500 DcomLaunch - ok
08:20:13.0406 4500 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:20:13.0421 4500 Dhcp - ok
08:20:13.0421 4500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:20:13.0437 4500 Disk - ok
08:20:13.0437 4500 dmadmin - ok
08:20:13.0843 4500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:20:13.0890 4500 dmboot - ok
08:20:13.0921 4500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:20:13.0937 4500 dmio - ok
08:20:13.0953 4500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:20:13.0953 4500 dmload - ok
08:20:13.0984 4500 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:20:14.0015 4500 dmserver - ok
08:20:14.0046 4500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:20:14.0062 4500 DMusic - ok
08:20:14.0281 4500 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:20:14.0281 4500 Dnscache - ok
08:20:14.0390 4500 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:20:14.0421 4500 Dot3svc - ok
08:20:14.0421 4500 dpti2o - ok
08:20:14.0437 4500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:20:14.0453 4500 drmkaud - ok
08:20:14.0593 4500 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
08:20:14.0593 4500 DSproct - ok
08:20:14.0640 4500 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
08:20:14.0640 4500 dtsoftbus01 - ok
08:20:14.0687 4500 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:20:14.0703 4500 EapHost - ok
08:20:14.0718 4500 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:20:14.0718 4500 ERSvc - ok
08:20:14.0765 4500 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:14.0765 4500 Eventlog - ok
08:20:14.0812 4500 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:20:14.0812 4500 EventSystem - ok
08:20:14.0906 4500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:20:14.0921 4500 Fastfat - ok
08:20:14.0953 4500 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:14.0968 4500 FastUserSwitchingCompatibility - ok
08:20:15.0015 4500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:20:15.0015 4500 Fdc - ok
08:20:15.0031 4500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:20:15.0031 4500 Fips - ok
08:20:15.0078 4500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:20:15.0078 4500 Flpydisk - ok
08:20:15.0218 4500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:20:15.0328 4500 FltMgr - ok
08:20:15.0421 4500 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:20:15.0421 4500 FontCache3.0.0.0 - ok
08:20:15.0453 4500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:20:15.0468 4500 Fs_Rec - ok
08:20:15.0500 4500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:20:15.0515 4500 Ftdisk - ok
08:20:15.0562 4500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:20:15.0562 4500 Gpc - ok
08:20:15.0875 4500 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:20:17.0296 4500 gupdate - ok
08:20:17.0296 4500 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:20:17.0312 4500 gupdatem - ok
08:20:17.0359 4500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:20:17.0359 4500 HDAudBus - ok
08:20:17.0546 4500 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:20:17.0562 4500 helpsvc - ok
08:20:17.0593 4500 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:20:17.0593 4500 HidServ - ok
08:20:17.0625 4500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:20:17.0640 4500 HidUsb - ok
08:20:17.0703 4500 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:20:17.0734 4500 hkmsvc - ok
08:20:17.0734 4500 hpn - ok
08:20:18.0046 4500 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:20:18.0046 4500 hpqcxs08 - ok
08:20:18.0109 4500 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:20:18.0109 4500 hpqddsvc - ok
08:20:18.0140 4500 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:20:18.0156 4500 HPSLPSVC - ok
08:20:18.0187 4500 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:20:18.0203 4500 HPZid412 - ok
08:20:18.0265 4500 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:20:18.0265 4500 HPZipr12 - ok
08:20:18.0281 4500 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:20:18.0312 4500 HPZius12 - ok
08:20:18.0500 4500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:20:18.0515 4500 HTTP - ok
08:20:18.0546 4500 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:20:18.0562 4500 HTTPFilter - ok
08:20:18.0562 4500 i2omgmt - ok
08:20:18.0578 4500 i2omp - ok
08:20:18.0593 4500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:20:18.0609 4500 i8042prt - ok
08:20:18.0703 4500 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:20:18.0734 4500 ialm - ok
08:20:18.0906 4500 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:20:18.0984 4500 idsvc - ok
08:20:19.0171 4500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:20:19.0187 4500 Imapi - ok
08:20:19.0296 4500 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:20:19.0296 4500 ImapiService - ok
08:20:19.0296 4500 ini910u - ok
08:20:19.0312 4500 IntelIde - ok
08:20:19.0359 4500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:20:19.0359 4500 intelppm - ok
08:20:19.0421 4500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:20:19.0421 4500 Ip6Fw - ok
08:20:19.0453 4500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:20:19.0468 4500 IpFilterDriver - ok
08:20:19.0468 4500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:20:19.0484 4500 IpInIp - ok
08:20:19.0500 4500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:20:19.0531 4500 IpNat - ok
08:20:19.0546 4500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:20:19.0578 4500 IPSec - ok
08:20:19.0593 4500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:20:19.0609 4500 IRENUM - ok
08:20:19.0625 4500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:20:19.0625 4500 isapnp - ok
08:20:19.0765 4500 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
08:20:19.0781 4500 JavaQuickStarterService - ok
08:20:19.0828 4500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:20:19.0828 4500 Kbdclass - ok
08:20:19.0875 4500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:20:19.0875 4500 kbdhid - ok
08:20:19.0906 4500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:20:19.0937 4500 kmixer - ok
08:20:19.0968 4500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:20:19.0968 4500 KSecDD - ok
08:20:20.0000 4500 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:20:20.0015 4500 LanmanServer - ok
08:20:20.0046 4500 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:20:20.0062 4500 lanmanworkstation - ok
08:20:20.0078 4500 lbrtfdc - ok
08:20:20.0140 4500 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:20:20.0156 4500 LmHosts - ok
08:20:20.0281 4500 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
08:20:20.0296 4500 McciCMService - ok
08:20:20.0343 4500 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files\Common Files\Motive\McciServiceHost.exe
08:20:20.0343 4500 McciServiceHost - ok
08:20:20.0406 4500 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:20:20.0406 4500 Messenger - ok
08:20:20.0453 4500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:20:20.0453 4500 mnmdd - ok
08:20:20.0484 4500 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:20:20.0484 4500 mnmsrvc - ok
08:20:20.0515 4500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:20:20.0515 4500 Modem - ok
08:20:20.0531 4500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:20:20.0531 4500 Mouclass - ok
08:20:20.0609 4500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:20:20.0656 4500 mouhid - ok
08:20:20.0671 4500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:20:20.0687 4500 MountMgr - ok
08:20:20.0687 4500 mraid35x - ok
08:20:20.0718 4500 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:20:20.0734 4500 MREMP50 - ok
08:20:20.0734 4500 MREMPR5 - ok
08:20:20.0750 4500 MRENDIS5 - ok
08:20:20.0828 4500 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:20:20.0859 4500 MRESP50 - ok
08:20:20.0953 4500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:20:20.0968 4500 MRxDAV - ok
08:20:21.0500 4500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:20:21.0500 4500 MRxSmb - ok
08:20:21.0562 4500 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:20:21.0562 4500 MSDTC - ok
08:20:21.0593 4500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:20:21.0593 4500 Msfs - ok
08:20:21.0593 4500 MSIServer - ok
08:20:21.0656 4500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:20:21.0656 4500 MSKSSRV - ok
08:20:21.0703 4500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:20:21.0718 4500 MSPCLOCK - ok
08:20:21.0812 4500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:20:21.0828 4500 MSPQM - ok
08:20:21.0968 4500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:20:21.0968 4500 mssmbios - ok
08:20:22.0093 4500 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
08:20:22.0093 4500 msvad_simple - ok
08:20:22.0265 4500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:20:22.0265 4500 Mup - ok
08:20:22.0406 4500 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:20:22.0421 4500 napagent - ok
08:20:22.0546 4500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:20:22.0578 4500 NDIS - ok
08:20:22.0593 4500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:20:22.0609 4500 NdisTapi - ok
08:20:22.0609 4500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:20:22.0625 4500 Ndisuio - ok
08:20:22.0734 4500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:20:22.0750 4500 NdisWan - ok
08:20:22.0812 4500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:20:22.0828 4500 NDProxy - ok
08:20:22.0843 4500 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
08:20:22.0843 4500 Net Driver HPZ12 - ok
08:20:22.0859 4500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:20:22.0859 4500 NetBIOS - ok
08:20:22.0890 4500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:20:22.0906 4500 NetBT - ok
08:20:22.0953 4500 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:22.0953 4500 NetDDE - ok
08:20:22.0968 4500 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:22.0968 4500 NetDDEdsdm - ok
08:20:23.0015 4500 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:23.0015 4500 Netlogon - ok
08:20:23.0171 4500 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:20:23.0187 4500 Netman - ok
08:20:23.0296 4500 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:20:23.0312 4500 NetTcpPortSharing - ok
08:20:23.0375 4500 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:20:23.0375 4500 Nla - ok
08:20:23.0718 4500 NovacomD (3339d2847b3e5dcabe3bf0029edd3a7f) C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
08:20:23.0718 4500 NovacomD - ok
08:20:23.0812 4500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:20:23.0812 4500 Npfs - ok
08:20:23.0875 4500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:20:23.0906 4500 Ntfs - ok
08:20:23.0906 4500 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:23.0906 4500 NtLmSsp - ok
08:20:23.0953 4500 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:20:23.0968 4500 NtmsSvc - ok
08:20:24.0000 4500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:20:24.0015 4500 Null - ok
08:20:24.0718 4500 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:20:25.0671 4500 nv - ok
08:20:25.0890 4500 nvsvc (896b929603fe45993853df9a3e5e19b1) C:\WINDOWS\system32\nvsvc32.exe
08:20:25.0890 4500 nvsvc - ok
08:20:25.0984 4500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:20:25.0984 4500 NwlnkFlt - ok
08:20:26.0000 4500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:20:26.0015 4500 NwlnkFwd - ok
08:20:26.0125 4500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:20:26.0140 4500 Parport - ok
08:20:26.0296 4500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:20:26.0312 4500 PartMgr - ok
08:20:26.0328 4500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:20:26.0328 4500 ParVdm - ok
08:20:26.0343 4500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:20:26.0359 4500 PCI - ok
08:20:26.0359 4500 PCIDump - ok
08:20:26.0375 4500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:20:26.0390 4500 PCIIde - ok
08:20:26.0437 4500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:20:26.0453 4500 Pcmcia - ok
08:20:26.0453 4500 PDCOMP - ok
08:20:26.0468 4500 PDFRAME - ok
08:20:26.0468 4500 PDRELI - ok
08:20:26.0468 4500 PDRFRAME - ok
08:20:26.0484 4500 perc2 - ok
08:20:26.0484 4500 perc2hib - ok
08:20:26.0546 4500 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:26.0546 4500 PlugPlay - ok
08:20:26.0656 4500 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
08:20:26.0656 4500 Pml Driver HPZ12 - ok
08:20:26.0703 4500 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:26.0703 4500 PolicyAgent - ok
08:20:26.0750 4500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:20:26.0765 4500 PptpMiniport - ok
08:20:26.0765 4500 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:26.0781 4500 ProtectedStorage - ok
08:20:26.0859 4500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:20:26.0859 4500 PSched - ok
08:20:26.0875 4500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:20:26.0875 4500 Ptilink - ok
08:20:26.0937 4500 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:20:26.0937 4500 PxHelp20 - ok
08:20:26.0953 4500 ql1080 - ok
08:20:26.0953 4500 Ql10wnt - ok
08:20:26.0953 4500 ql12160 - ok
08:20:26.0953 4500 ql1240 - ok
08:20:26.0968 4500 ql1280 - ok
08:20:26.0968 4500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:20:26.0984 4500 RasAcd - ok
08:20:27.0015 4500 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:20:27.0015 4500 RasAuto - ok
08:20:27.0046 4500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:20:27.0062 4500 Rasl2tp - ok
08:20:27.0171 4500 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:20:27.0187 4500 RasMan - ok
08:20:27.0187 4500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:20:27.0187 4500 RasPppoe - ok
08:20:27.0203 4500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:20:27.0203 4500 Raspti - ok
08:20:27.0234 4500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:20:27.0250 4500 Rdbss - ok
08:20:27.0250 4500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:20:27.0265 4500 RDPCDD - ok
08:20:27.0421 4500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:20:27.0437 4500 rdpdr - ok
08:20:27.0468 4500 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:20:27.0468 4500 RDPWD - ok
08:20:27.0500 4500 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:20:27.0500 4500 RDSessMgr - ok
08:20:27.0531 4500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:20:27.0546 4500 redbook - ok
08:20:27.0640 4500 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:20:27.0656 4500 RemoteAccess - ok
08:20:27.0671 4500 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:20:27.0671 4500 RemoteRegistry - ok
08:20:27.0718 4500 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:20:27.0718 4500 RpcLocator - ok
08:20:27.0765 4500 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:20:27.0781 4500 RpcSs - ok
08:20:27.0828 4500 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:20:27.0828 4500 RSVP - ok
08:20:27.0890 4500 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:27.0890 4500 SamSs - ok
08:20:27.0906 4500 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:20:27.0906 4500 SCardSvr - ok
08:20:27.0937 4500 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:20:27.0953 4500 Schedule - ok
08:20:28.0000 4500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:20:28.0000 4500 Secdrv - ok
08:20:28.0015 4500 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:20:28.0031 4500 seclogon - ok
08:20:28.0031 4500 SenFiltService - ok
08:20:28.0125 4500 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:20:28.0125 4500 SENS - ok
08:20:28.0171 4500 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:20:28.0171 4500 Serenum - ok
08:20:28.0203 4500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:20:28.0218 4500 Serial - ok
08:20:28.0281 4500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:20:28.0281 4500 Sfloppy - ok
08:20:28.0375 4500 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:20:28.0390 4500 SharedAccess - ok
08:20:28.0515 4500 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:28.0515 4500 ShellHWDetection - ok
08:20:28.0515 4500 Simbad - ok
08:20:28.0531 4500 Sparrow - ok
08:20:28.0578 4500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:20:28.0578 4500 splitter - ok
08:20:28.0640 4500 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:20:28.0640 4500 Spooler - ok
08:20:28.0671 4500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:20:28.0687 4500 sr - ok
08:20:28.0718 4500 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:20:28.0734 4500 srservice - ok
08:20:28.0781 4500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:20:28.0796 4500 Srv - ok
08:20:28.0828 4500 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:20:28.0828 4500 SSDPSRV - ok
08:20:28.0890 4500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:20:28.0906 4500 ssmdrv - ok
08:20:28.0968 4500 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:20:28.0968 4500 stisvc - ok
08:20:29.0015 4500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:20:29.0015 4500 swenum - ok
08:20:29.0062 4500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:20:29.0078 4500 swmidi - ok
08:20:29.0078 4500 SwPrv - ok
08:20:29.0093 4500 symc810 - ok
08:20:29.0093 4500 symc8xx - ok
08:20:29.0093 4500 sym_hi - ok
08:20:29.0109 4500 sym_u3 - ok
08:20:29.0125 4500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:20:29.0140 4500 sysaudio - ok
08:20:29.0187 4500 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:20:29.0187 4500 SysmonLog - ok
08:20:29.0234 4500 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:20:29.0234 4500 TapiSrv - ok
08:20:29.0296 4500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:20:29.0296 4500 Tcpip - ok
08:20:29.0375 4500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:20:29.0406 4500 TDPIPE - ok
08:20:29.0453 4500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:20:29.0453 4500 TDTCP - ok
08:20:29.0500 4500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:20:29.0515 4500 TermDD - ok
08:20:29.0578 4500 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:20:29.0578 4500 TermService - ok
08:20:29.0640 4500 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:29.0640 4500 Themes - ok
08:20:29.0671 4500 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:20:29.0671 4500 TlntSvr - ok
08:20:29.0687 4500 TosIde - ok
08:20:29.0718 4500 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:20:29.0718 4500 TrkWks - ok
08:20:29.0781 4500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:20:29.0796 4500 Udfs - ok
08:20:29.0796 4500 ultra - ok
08:20:29.0968 4500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:20:29.0984 4500 Update - ok
08:20:30.0140 4500 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:20:30.0140 4500 upnphost - ok
08:20:30.0171 4500 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:20:30.0171 4500 UPS - ok
08:20:30.0312 4500 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:20:30.0328 4500 usbaudio - ok
08:20:30.0453 4500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:20:30.0453 4500 usbccgp - ok
08:20:30.0531 4500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:20:30.0531 4500 usbehci - ok
08:20:30.0656 4500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:20:30.0671 4500 usbhub - ok
08:20:30.0718 4500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:20:30.0718 4500 usbprint - ok
08:20:30.0781 4500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:20:30.0781 4500 usbscan - ok
08:20:30.0796 4500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:20:30.0796 4500 USBSTOR - ok
08:20:30.0796 4500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\sys
Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Mon Jul 23, 2012 4:49 am    Post subject: Reply with quote

it appears to have missed the last portion of the TDSS log - here it is. Let me know if you prefer that I repost the log in it's entirety.

08:20:30.0796 4500 usbuhci - ok
08:20:30.0812 4500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:20:30.0812 4500 VgaSave - ok
08:20:30.0828 4500 ViaIde - ok
08:20:30.0828 4500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:20:30.0859 4500 VolSnap - ok
08:20:30.0921 4500 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:20:30.0921 4500 VSS - ok
08:20:30.0937 4500 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:20:30.0953 4500 W32Time - ok
08:20:30.0953 4500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:20:30.0953 4500 Wanarp - ok
08:20:31.0015 4500 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:20:31.0062 4500 Wdf01000 - ok
08:20:31.0062 4500 WDICA - ok
08:20:31.0125 4500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:20:31.0125 4500 wdmaud - ok
08:20:31.0140 4500 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:20:31.0156 4500 WebClient - ok
08:20:31.0281 4500 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:20:31.0281 4500 winmgmt - ok
08:20:31.0359 4500 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:20:31.0375 4500 WinUSB - ok
08:20:31.0406 4500 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:20:31.0421 4500 WmdmPmSN - ok
08:20:31.0468 4500 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:20:31.0468 4500 Wmi - ok
08:20:31.0484 4500 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:20:31.0531 4500 WmiAcpi - ok
08:20:31.0562 4500 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:20:31.0562 4500 WmiApSrv - ok
08:20:31.0703 4500 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:20:31.0718 4500 WMPNetworkSvc - ok
08:20:31.0875 4500 WMZuneComm (cac923906c526433e789d76f4f596601) c:\Program Files\Zune\WMZuneComm.exe
08:20:31.0890 4500 WMZuneComm - ok
08:20:31.0921 4500 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:20:31.0937 4500 wscsvc - ok
08:20:31.0937 4500 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:20:31.0937 4500 wuauserv - ok
08:20:32.0015 4500 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:20:32.0031 4500 WudfPf - ok
08:20:32.0078 4500 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:20:32.0078 4500 WudfRd - ok
08:20:32.0125 4500 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
08:20:32.0140 4500 WudfSvc - ok
08:20:32.0187 4500 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:20:32.0203 4500 WZCSVC - ok
08:20:32.0234 4500 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:20:32.0250 4500 xmlprov - ok
08:20:32.0296 4500 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
08:20:32.0296 4500 zumbus - ok
08:20:32.0406 4500 ZuneBusEnum (7f2ac17f35667661e1f9b8d4ae7cb447) c:\WINDOWS\system32\ZuneBusEnum.exe
08:20:32.0406 4500 ZuneBusEnum - ok
08:20:32.0906 4500 ZuneNetworkSvc (7288e904b5514d601ba004954e4393bb) c:\Program Files\Zune\ZuneNss.exe
08:20:35.0703 4500 ZuneNetworkSvc - ok
08:20:35.0984 4500 ZuneWlanCfgSvc (945eba97cb6c85f5baea4dd2e8410c81) c:\WINDOWS\system32\ZuneWlanCfgSvc.exe
08:20:36.0000 4500 ZuneWlanCfgSvc - ok
08:20:36.0015 4500 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:20:36.0046 4500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:20:36.0046 4500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:20:36.0062 4500 Boot (0x1200) (c9d5de4c69c11949fab7d7c88bf4f59d) \Device\Harddisk0\DR0\Partition0
08:20:36.0078 4500 \Device\Harddisk0\DR0\Partition0 - ok
08:20:36.0078 4500 ============================================================
08:20:36.0078 4500 Scan finished
08:20:36.0078 4500 ============================================================
08:20:36.0093 4492 Detected object count: 1
08:20:36.0093 4492 Actual detected object count: 1
08:20:54.0250 4492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
08:20:54.0250 4492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Mon Jul 23, 2012 6:31 am    Post subject: Reply with quote

Hi cough,
Quote:
I uninstalled Microsoft Enterprise

Thank you for your cooperation.

ROOTKIT

Your computer is infected with a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files

You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality, and there is no way that it can be sure it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Mon Jul 23, 2012 9:51 am    Post subject: Reply with quote

Holy Cow,

I was not expecting it to be this bad. Reformat here I come.

Thank you for your help Cypher. This is a great forum and helps a lot of people. I appreciate all the assistance you have provided me.

Now to back up lots and lots of stuff.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Tue Jul 24, 2012 1:42 am    Post subject: Reply with quote

Hi cough,
Quote:
I was not expecting it to be this bad. Reformat here I come.
Thank you for your help Cypher. This is a great forum and helps a lot of people. I appreciate all the assistance you have provided me.

You're most welcome, im sorry the outcome was not better.
But you have made the right decision, if this was my computer i would be doing the same thing.

Here are some free programs I recommend that could help you improve your computer's security, once you have completed the reformat.

Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Tue Jul 24, 2012 6:21 am    Post subject: Reply with quote

Cypher,

Thanks again. I will take the site and apps suggestions and download these once I complete the format and re install.

However, you may still be able to assist me. The pc won't let me format my hard drive. I get a message to the effect that the drive is in use by another process and I cannot complete this function. (something like that). I attempted formating via command line and received the same thing, though it did offer me the option to unmount the drive, ( a type of forcing the issue I suspect) tried that as well and it still didn't accept it.

Any thoughts and/or suggestions on the best way to proceed? Could this be a result of the infection?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Tue Jul 24, 2012 6:28 am    Post subject: Reply with quote

Hi cough,
Quote:
However, you may still be able to assist me. The pc won't let me format my hard drive. I get a message to the effect that the drive is in use by another process and I cannot complete this function. (something like that).
That's a new one to me, do you get that error when using your XP installation discs?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Tue Jul 24, 2012 7:14 am    Post subject: Reply with quote

The XP installation disc I have is the one provided by Dell.

When I attempt to run setup.exe from the XP folder I receive the message " No valid system partition found. Setup is unable to continue."
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Tue Jul 24, 2012 8:35 am    Post subject: Reply with quote

Hi cough,
Quote:
The XP installation disc I have is the one provided by Dell.
When I attempt to run setup.exe from the XP folder I receive the message " No valid system partition found. Setup is unable to continue."

I have never come across that problem before, would it be possible for you to contact Dell?
I think they could better advise you than myself, let me know in your next reply please.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Wed Jul 25, 2012 12:01 pm    Post subject: Reply with quote

Hello Cypher,

I can chalk it up to oldsheimers or a brain fa*t.. The PC wouldn't boot up from the CD and I wasn't in the BIOS menu to properly initiate the format and re install.
Once I stepped back and took a moment to think about what it was I was attempting to accomplish, it all came back to me. Sorry about the confusion.

I tok your advice and suggestions and downloaded all the apps after I updated windows, etc.

Thanks again for all your help.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Thu Jul 26, 2012 12:58 am    Post subject: Reply with quote

Hi cough,
Quote:
Thanks again for all your help.

You're most welcome.
Im glad to hear you were able to solve the problem, as you have no further questions i will close this topic.
Good luck and stay safe.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Thu Jul 26, 2012 12:59 am    Post subject: Reply with quote

Quote:
As your issues appear to be resolved following a reformat, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group