Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Antimalware PC Safety"popups- is this the virus???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Antimalware PC Safety"popups- is this the virus???

Unread postby plaizure » April 1st, 2012, 7:31 am

The problem started last week when Antimalware PC Safety installed itself onto my computer and now keeps popping up ads that state there are infected files in this laptop and they need to be removed, but in order to do that I must buy their program. It also states that my laptop is at risk for identity theft and the program to stop this is even more expensive. i believe it is slowing my browsing and sometimes makes other windows unavailable. The pop ups sometimes do not give an option to close and remain on until i force close internet explorer.
I purchased this rebuilt lapop from a family aquaintaince and believe him when he says that it is up to date and legal. he installed auslogics disk defragmentation and ClamWin antivirus and told me to run them once a month. I have not run them as often as he told he too. I noticed that there is no way to remove the infected files they found using either of these programs. I have school age children who use these computers to browse the net and even though i have implented parental controls, i am not completely computer literate. If the person who helps me, finds anything "fishy" about this laptop, (i.e those "cracked" or "p2p" programs) please inform me of how to fix it.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by OWNER at 3:30:46 on 2012-04-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.379 [GMT -7:00]
.
AV: Antimalware PC Safety *Enabled/Updated* {3581685B-528B-427C-9637-9C7507624CF6}
FW: Antimalware PC Safety *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\abd596\APabd_8046.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Antimalware PC Safety] "c:\documents and settings\all users\application data\abd596\APabd_8046.exe" /s /d
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 8839677334
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7C03AD52-27FA-4A4D-B35F-F5F06FA84A88} : DhcpNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R2 8046;8046;c:\docume~1\owner\locals~1\temp\8046.sys [2012-3-25 146432]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-18 315392]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-11-21 9216]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-11-21 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-11-21 105856]
.
=============== Created Last 30 ================
.
2012-04-01 09:45:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
2012-04-01 09:05:54 -------- d-----w- c:\documents and settings\owner\application data\PC Cleaners
2012-04-01 09:05:51 -------- d-----w- c:\documents and settings\owner\application data\PCPro
2012-04-01 09:05:50 3971856 ----a-w- c:\windows\uninst.exe
2012-04-01 09:05:47 -------- d-----w- c:\program files\PC Cleaners
2012-04-01 09:05:47 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-04-01 08:29:45 -------- d-----w- C:\Data
2012-03-25 08:30:02 -------- d-sh--w- c:\documents and settings\owner\application data\Antimalware PC Safety
2012-03-25 08:30:02 -------- d-sh--w- c:\documents and settings\all users\application data\APPYPZRHJRCS
2012-03-25 08:29:33 -------- d-sh--w- c:\documents and settings\all users\application data\abd596
.
==================== Find3M ====================
.
2012-02-28 16:25:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x82DA6991]<<
_asm { PUSH 0x82eda940; PUSH 0x0; PUSH 0x82da6750; PUSH EAX; PUSH 0x82ed7c40; RET ; ADD [EAX+EAX], AL; ADD [EAX], EAX; DEC EBP; INSD ; DEC ECX; OUTSB ; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F8BAB8]
3 CLASSPNP[0xF758EFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82FC9030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 3:31:27.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2011 12:21:21 AM
System Uptime: 4/1/2012 1:29:30 AM (2 hours ago)
.
Motherboard: Dell Computer Corporation | | 0D5689
Processor: Intel(R) Celeron(R) M processor 1500MHz | Microprocessor | 1495/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 27.397 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 12/21/2011 11:54:42 AM - System Checkpoint
RP52: 12/25/2011 4:15:07 PM - System Checkpoint
RP53: 12/26/2011 4:57:55 PM - System Checkpoint
RP54: 1/18/2012 3:57:25 PM - Software Distribution Service 3.0
RP55: 1/26/2012 6:26:01 AM - System Checkpoint
RP56: 2/3/2012 11:23:42 AM - System Checkpoint
RP57: 2/6/2012 3:15:39 PM - System Checkpoint
RP58: 2/14/2012 12:53:40 PM - System Checkpoint
RP59: 2/26/2012 12:31:57 PM - Software Distribution Service 3.0
RP60: 3/2/2012 6:26:42 PM - System Checkpoint
RP61: 3/5/2012 3:45:21 AM - System Checkpoint
RP62: 3/6/2012 1:37:57 PM - System Checkpoint
RP63: 3/7/2012 1:43:07 PM - System Checkpoint
RP64: 3/8/2012 1:52:14 PM - System Checkpoint
RP65: 3/9/2012 7:22:41 PM - System Checkpoint
RP66: 3/10/2012 9:40:39 PM - System Checkpoint
RP67: 3/11/2012 9:41:40 PM - System Checkpoint
RP68: 3/16/2012 1:02:19 PM - Software Distribution Service 3.0
RP69: 3/19/2012 12:14:13 AM - System Checkpoint
RP70: 3/20/2012 12:54:39 AM - System Checkpoint
RP71: 3/25/2012 2:39:40 AM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
IFEO: Ad-Aware.exe - svchost.exe
IFEO: adaware.exe - svchost.exe
IFEO: advxdwin.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: agentsvr.exe - svchost.exe
IFEO: agentw.exe - svchost.exe
IFEO: alertsvc.exe - svchost.exe
IFEO: alevir.exe - svchost.exe
IFEO: alogserv.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: AluSchedulerSvc.exe - svchost.exe
IFEO: amon9x.exe - svchost.exe
IFEO: anti-trojan.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: antivirus.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: ants.exe - svchost.exe
IFEO: apimonitor.exe - svchost.exe
IFEO: aplica32.exe - svchost.exe
IFEO: apvxdwin.exe - svchost.exe
IFEO: arr.exe - svchost.exe
IFEO: Arrakis3.exe - svchost.exe
IFEO: ashAvast.exe - svchost.exe
IFEO: ashBug.exe - svchost.exe
IFEO: ashChest.exe - svchost.exe
IFEO: ashCnsnt.exe - svchost.exe
IFEO: ashDisp.exe - svchost.exe
IFEO: ashLogV.exe - svchost.exe
IFEO: ashMaiSv.exe - svchost.exe
IFEO: ashPopWz.exe - svchost.exe
IFEO: ashQuick.exe - svchost.exe
IFEO: ashServ.exe - svchost.exe
IFEO: ashSimp2.exe - svchost.exe
IFEO: ashSimpl.exe - svchost.exe
IFEO: ashSkPcc.exe - svchost.exe
IFEO: ashSkPck.exe - svchost.exe
IFEO: ashUpd.exe - svchost.exe
IFEO: ashWebSv.exe - svchost.exe
IFEO: aswChLic.exe - svchost.exe
IFEO: aswRegSvr.exe - svchost.exe
IFEO: aswRunDll.exe - svchost.exe
IFEO: aswUpdSv.exe - svchost.exe
IFEO: atcon.exe - svchost.exe
IFEO: atguard.exe - svchost.exe
IFEO: atro55en.exe - svchost.exe
IFEO: atupdater.exe - svchost.exe
IFEO: atwatch.exe - svchost.exe
IFEO: au.exe - svchost.exe
IFEO: aupdate.exe - svchost.exe
IFEO: auto-protect.nav80try.exe - svchost.exe
IFEO: autodown.exe - svchost.exe
IFEO: autotrace.exe - svchost.exe
IFEO: autoupdate.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: avadmin.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: avcenter.exe - svchost.exe
IFEO: avciman.exe - svchost.exe
IFEO: avconfig.exe - svchost.exe
IFEO: avconsol.exe - svchost.exe
IFEO: ave32.exe - svchost.exe
IFEO: AVENGINE.EXE - svchost.exe
IFEO: avgcc32.exe - svchost.exe
IFEO: avgchk.exe - svchost.exe
IFEO: avgcmgr.exe - svchost.exe
IFEO: avgcsrvx.exe - svchost.exe
IFEO: avgctrl.exe - svchost.exe
IFEO: avgdumpx.exe - svchost.exe
IFEO: avgemc.exe - svchost.exe
IFEO: avgiproxy.exe - svchost.exe
IFEO: avgnsx.exe - svchost.exe
IFEO: avgnt.exe - svchost.exe
IFEO: avgrsx.exe - svchost.exe
IFEO: avgscanx.exe - svchost.exe
IFEO: avgserv.exe - svchost.exe
IFEO: avgserv9.exe - svchost.exe
IFEO: avgsrmax.exe - svchost.exe
IFEO: avgtray.exe - svchost.exe
IFEO: avgui.exe - svchost.exe
IFEO: avgupd.exe - svchost.exe
IFEO: avgw.exe - svchost.exe
IFEO: avgwdsvc.exe - svchost.exe
IFEO: avkpop.exe - svchost.exe
IFEO: avkserv.exe - svchost.exe
IFEO: avkservice.exe - svchost.exe
IFEO: avkwctl9.exe - svchost.exe
IFEO: avltmain.exe - svchost.exe
IFEO: avmailc.exe - svchost.exe
IFEO: avmcdlg.exe - svchost.exe
IFEO: avnotify.exe - svchost.exe
IFEO: avnt.exe - svchost.exe
IFEO: avp32.exe - svchost.exe
IFEO: avpcc.exe - svchost.exe
IFEO: avpdos32.exe - svchost.exe
IFEO: avpm.exe - svchost.exe
IFEO: avptc32.exe - svchost.exe
IFEO: avpupd.exe - svchost.exe
IFEO: avsched32.exe - svchost.exe
IFEO: avsynmgr.exe - svchost.exe
IFEO: avupgsvc.exe - svchost.exe
IFEO: AVWEBGRD.EXE - svchost.exe
IFEO: avwin.exe - svchost.exe
IFEO: avwin95.exe - svchost.exe
IFEO: avwinnt.exe - svchost.exe
IFEO: avwsc.exe - svchost.exe
IFEO: avwupd.exe - svchost.exe
IFEO: avwupd32.exe - svchost.exe
IFEO: avwupsrv.exe - svchost.exe
IFEO: avxmonitor9x.exe - svchost.exe
IFEO: avxmonitornt.exe - svchost.exe
IFEO: avxquar.exe - svchost.exe
IFEO: b.exe - svchost.exe
IFEO: backweb.exe - svchost.exe
IFEO: bargains.exe - svchost.exe
IFEO: bdagent.exe - svchost.exe
IFEO: bdfvcl.exe - svchost.exe
IFEO: bdfvwiz.exe - svchost.exe
IFEO: BDInProcPatch.exe - svchost.exe
IFEO: bdmcon.exe - svchost.exe
IFEO: BDMsnScan.exe - svchost.exe
IFEO: bdreinit.exe - svchost.exe
IFEO: bdsubwiz.exe - svchost.exe
IFEO: BDSurvey.exe - svchost.exe
IFEO: bdtkexec.exe - svchost.exe
IFEO: bdwizreg.exe - svchost.exe
IFEO: bd_professional.exe - svchost.exe
IFEO: beagle.exe - svchost.exe
IFEO: belt.exe - svchost.exe
IFEO: bidef.exe - svchost.exe
IFEO: bidserver.exe - svchost.exe
IFEO: bipcp.exe - svchost.exe
IFEO: bipcpevalsetup.exe - svchost.exe
IFEO: bisp.exe - svchost.exe
IFEO: blackd.exe - svchost.exe
IFEO: blackice.exe - svchost.exe
IFEO: blink.exe - svchost.exe
IFEO: blss.exe - svchost.exe
IFEO: bootconf.exe - svchost.exe
IFEO: bootwarn.exe - svchost.exe
IFEO: borg2.exe - svchost.exe
IFEO: bpc.exe - svchost.exe
IFEO: brasil.exe - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: brw.exe - svchost.exe
IFEO: bs120.exe - svchost.exe
IFEO: bspatch.exe - svchost.exe
IFEO: bundle.exe - svchost.exe
IFEO: bvt.exe - svchost.exe
IFEO: c.exe - svchost.exe
IFEO: cavscan.exe - svchost.exe
IFEO: ccapp.exe - svchost.exe
IFEO: ccevtmgr.exe - svchost.exe
IFEO: ccpxysvc.exe - svchost.exe
IFEO: ccSvcHst.exe - svchost.exe
IFEO: cdp.exe - svchost.exe
IFEO: cfd.exe - svchost.exe
IFEO: cfgwiz.exe - svchost.exe
IFEO: cfiadmin.exe - svchost.exe
IFEO: cfiaudit.exe - svchost.exe
IFEO: cfinet.exe - svchost.exe
IFEO: cfinet32.exe - svchost.exe
IFEO: cfp.exe - svchost.exe
IFEO: cfpconfg.exe - svchost.exe
IFEO: cfplogvw.exe - svchost.exe
IFEO: cfpupdat.exe - svchost.exe
IFEO: Cl.exe - svchost.exe
IFEO: claw95.exe - svchost.exe
IFEO: claw95cf.exe - svchost.exe
IFEO: clean.exe - svchost.exe
IFEO: cleaner.exe - svchost.exe
IFEO: cleaner3.exe - svchost.exe
IFEO: cleanIELow.exe - svchost.exe
IFEO: cleanpc.exe - svchost.exe
IFEO: click.exe - svchost.exe
IFEO: cmd32.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: cmesys.exe - svchost.exe
IFEO: cmgrdian.exe - svchost.exe
IFEO: cmon016.exe - svchost.exe
IFEO: connectionmonitor.exe - svchost.exe
IFEO: control - svchost.exe
IFEO: cpd.exe - svchost.exe
IFEO: cpf9x206.exe - svchost.exe
IFEO: cpfnt206.exe - svchost.exe
IFEO: crashrep.exe - svchost.exe
IFEO: csc.exe - svchost.exe
IFEO: cssconfg.exe - svchost.exe
IFEO: cssupdat.exe - svchost.exe
IFEO: cssurf.exe - svchost.exe
IFEO: ctrl.exe - svchost.exe
IFEO: cv.exe - svchost.exe
IFEO: cwnb181.exe - svchost.exe
IFEO: cwntdwmo.exe - svchost.exe
IFEO: d.exe - svchost.exe
IFEO: datemanager.exe - svchost.exe
IFEO: dcomx.exe - svchost.exe
IFEO: defalert.exe - svchost.exe
IFEO: defscangui.exe - svchost.exe
IFEO: defwatch.exe - svchost.exe
IFEO: deloeminfs.exe - svchost.exe
IFEO: deputy.exe - svchost.exe
IFEO: divx.exe - svchost.exe
IFEO: dllcache.exe - svchost.exe
IFEO: dllreg.exe - svchost.exe
IFEO: doors.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: dpf.exe - svchost.exe
IFEO: dpfsetup.exe - svchost.exe
IFEO: dpps2.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: drwatson.exe - svchost.exe
IFEO: drweb32.exe - svchost.exe
IFEO: drwebupw.exe - svchost.exe
IFEO: dssagent.exe - svchost.exe
IFEO: dvp95.exe - svchost.exe
IFEO: dvp95_0.exe - svchost.exe
IFEO: ecengine.exe - svchost.exe
IFEO: efpeadm.exe - svchost.exe
IFEO: egui.exe - svchost.exe
IFEO: ekrn.exe - svchost.exe
IFEO: emsw.exe - svchost.exe
IFEO: ent.exe - svchost.exe
IFEO: esafe.exe - svchost.exe
IFEO: escanhnt.exe - svchost.exe
IFEO: escanv95.exe - svchost.exe
IFEO: espwatch.exe - svchost.exe
IFEO: ethereal.exe - svchost.exe
IFEO: etrustcipe.exe - svchost.exe
IFEO: evpn.exe - svchost.exe
IFEO: exantivirus-cnet.exe - svchost.exe
IFEO: exe.avxw.exe - svchost.exe
IFEO: expert.exe - svchost.exe
IFEO: explore.exe - svchost.exe
IFEO: f-agnt95.exe - svchost.exe
IFEO: f-prot.exe - svchost.exe
IFEO: f-prot95.exe - svchost.exe
IFEO: f-stopw.exe - svchost.exe
IFEO: fact.exe - svchost.exe
IFEO: fameh32.exe - svchost.exe
IFEO: fast.exe - svchost.exe
IFEO: fch32.exe - svchost.exe
IFEO: fih32.exe - svchost.exe
IFEO: findviru.exe - svchost.exe
IFEO: firewall.exe - svchost.exe
IFEO: fixcfg.exe - svchost.exe
IFEO: fixfp.exe - svchost.exe
IFEO: fnrb32.exe - svchost.exe
IFEO: fp-win.exe - svchost.exe
IFEO: fp-win_trial.exe - svchost.exe
IFEO: fprot.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: frw.exe - svchost.exe
IFEO: fsaa.exe - svchost.exe
IFEO: fsav.exe - svchost.exe
IFEO: fsav32.exe - svchost.exe
IFEO: fsav530stbyb.exe - svchost.exe
IFEO: fsav530wtbyb.exe - svchost.exe
IFEO: fsav95.exe - svchost.exe
IFEO: fsgk32.exe - svchost.exe
IFEO: fsm32.exe - svchost.exe
IFEO: fsma32.exe - svchost.exe
IFEO: fsmb32.exe - svchost.exe
IFEO: gator.exe - svchost.exe
IFEO: gav.exe - svchost.exe
IFEO: gbmenu.exe - svchost.exe
IFEO: gbn976rl.exe - svchost.exe
IFEO: gbpoll.exe - svchost.exe
IFEO: generics.exe - svchost.exe
IFEO: gmt.exe - svchost.exe
IFEO: guard.exe - svchost.exe
IFEO: guarddog.exe - svchost.exe
IFEO: guardgui.exe - svchost.exe
IFEO: hacktracersetup.exe - svchost.exe
IFEO: hbinst.exe - svchost.exe
IFEO: hbsrv.exe - svchost.exe
IFEO: History.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: hotactio.exe - svchost.exe
IFEO: hotpatch.exe - svchost.exe
IFEO: htlog.exe - svchost.exe
IFEO: htpatch.exe - svchost.exe
IFEO: hwpe.exe - svchost.exe
IFEO: hxdl.exe - svchost.exe
IFEO: hxiul.exe - svchost.exe
IFEO: iamapp.exe - svchost.exe
IFEO: iamserv.exe - svchost.exe
IFEO: iamstats.exe - svchost.exe
IFEO: ibmasn.exe - svchost.exe
IFEO: ibmavsp.exe - svchost.exe
IFEO: icload95.exe - svchost.exe
IFEO: icloadnt.exe - svchost.exe
IFEO: icmon.exe - svchost.exe
IFEO: icsupp95.exe - svchost.exe
IFEO: icsuppnt.exe - svchost.exe
IFEO: Identity.exe - svchost.exe
IFEO: idle.exe - svchost.exe
IFEO: iedll.exe - svchost.exe
IFEO: iedriver.exe - svchost.exe
IFEO: IEShow.exe - svchost.exe
IFEO: iface.exe - svchost.exe
IFEO: ifw2000.exe - svchost.exe
IFEO: inetlnfo.exe - svchost.exe
IFEO: infus.exe - svchost.exe
IFEO: infwin.exe - svchost.exe
IFEO: init.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: install.exe - svchost.exe
IFEO: install[1].exe - svchost.exe
IFEO: install[2].exe - svchost.exe
IFEO: install[3].exe - svchost.exe
IFEO: install[4].exe - svchost.exe
IFEO: install[5].exe - svchost.exe
IFEO: intdel.exe - svchost.exe
IFEO: intren.exe - svchost.exe
IFEO: iomon98.exe - svchost.exe
IFEO: istsvc.exe - svchost.exe
IFEO: jammer.exe - svchost.exe
IFEO: jdbgmrg.exe - svchost.exe
IFEO: jedi.exe - svchost.exe
IFEO: JsRcGen.exe - svchost.exe
IFEO: kavlite40eng.exe - svchost.exe
IFEO: kavpers40eng.exe - svchost.exe
IFEO: kavpf.exe - svchost.exe
IFEO: kazza.exe - svchost.exe
IFEO: keenvalue.exe - svchost.exe
IFEO: kerio-pf-213-en-win.exe - svchost.exe
IFEO: kerio-wrl-421-en-win.exe - svchost.exe
IFEO: kerio-wrp-421-en-win.exe - svchost.exe
IFEO: killprocesssetup161.exe - svchost.exe
IFEO: ldnetmon.exe - svchost.exe
IFEO: ldpro.exe - svchost.exe
IFEO: ldpromenu.exe - svchost.exe
IFEO: ldscan.exe - svchost.exe
IFEO: licmgr.exe - svchost.exe
IFEO: livesrv.exe - svchost.exe
IFEO: lnetinfo.exe - svchost.exe
IFEO: loader.exe - svchost.exe
IFEO: localnet.exe - svchost.exe
IFEO: lockdown.exe - svchost.exe
IFEO: lockdown2000.exe - svchost.exe
IFEO: lookout.exe - svchost.exe
IFEO: lordpe.exe - svchost.exe
IFEO: lsetup.exe - svchost.exe
IFEO: luall.exe - svchost.exe
IFEO: luau.exe - svchost.exe
IFEO: lucomserver.exe - svchost.exe
IFEO: luinit.exe - svchost.exe
IFEO: luspt.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: mapisvc32.exe - svchost.exe
IFEO: mcagent.exe - svchost.exe
IFEO: mcmnhdlr.exe - svchost.exe
IFEO: mcmscsvc.exe - svchost.exe
IFEO: mcnasvc.exe - svchost.exe
IFEO: mcproxy.exe - svchost.exe
IFEO: McSACore.exe - svchost.exe
IFEO: mcshell.exe - svchost.exe
IFEO: mcshield.exe - svchost.exe
IFEO: mcsysmon.exe - svchost.exe
IFEO: mctool.exe - svchost.exe
IFEO: mcupdate.exe - svchost.exe
IFEO: mcvsrte.exe - svchost.exe
IFEO: mcvsshld.exe - svchost.exe
IFEO: md.exe - svchost.exe
IFEO: mfin32.exe - svchost.exe
IFEO: mfw2en.exe - svchost.exe
IFEO: mfweng3.02d30.exe - svchost.exe
IFEO: mgavrtcl.exe - svchost.exe
IFEO: mgavrte.exe - svchost.exe
IFEO: mghtml.exe - svchost.exe
IFEO: mgui.exe - svchost.exe
IFEO: minilog.exe - svchost.exe
IFEO: mmod.exe - svchost.exe
IFEO: monitor.exe - svchost.exe
IFEO: moolive.exe - svchost.exe
IFEO: mostat.exe - svchost.exe
IFEO: mpfagent.exe - svchost.exe
IFEO: mpfservice.exe - svchost.exe
IFEO: MPFSrv.exe - svchost.exe
IFEO: mpftray.exe - svchost.exe
IFEO: mrflux.exe - svchost.exe
IFEO: mrt.exe - svchost.exe
IFEO: msa.exe - svchost.exe
IFEO: msapp.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msbb.exe - svchost.exe
IFEO: msblast.exe - svchost.exe
IFEO: mscache.exe - svchost.exe
IFEO: msccn32.exe - svchost.exe
IFEO: mscman.exe - svchost.exe
IFEO: msconfig - svchost.exe
IFEO: msdm.exe - svchost.exe
IFEO: msdos.exe - svchost.exe
IFEO: msfwsvc.exe - svchost.exe
IFEO: msiexec16.exe - svchost.exe
IFEO: mslaugh.exe - svchost.exe
IFEO: msmgt.exe - svchost.exe
IFEO: MsMpEng.exe - svchost.exe
IFEO: msmsgri32.exe - svchost.exe
IFEO: msseces.exe - svchost.exe
IFEO: mssmmc32.exe - svchost.exe
IFEO: mssys.exe - svchost.exe
IFEO: msvxd.exe - svchost.exe
IFEO: mu0311ad.exe - svchost.exe
IFEO: mwatch.exe - svchost.exe
IFEO: n32scanw.exe - svchost.exe
IFEO: nav.exe - svchost.exe
IFEO: navap.navapsvc.exe - svchost.exe
IFEO: navapsvc.exe - svchost.exe
IFEO: navapw32.exe - svchost.exe
IFEO: navdx.exe - svchost.exe
IFEO: navlu32.exe - svchost.exe
IFEO: navnt.exe - svchost.exe
IFEO: navstub.exe - svchost.exe
IFEO: navw32.exe - svchost.exe
IFEO: navwnt.exe - svchost.exe
IFEO: nc2000.exe - svchost.exe
IFEO: ncinst4.exe - svchost.exe
IFEO: ndd32.exe - svchost.exe
IFEO: neomonitor.exe - svchost.exe
IFEO: neowatchlog.exe - svchost.exe
IFEO: netarmor.exe - svchost.exe
IFEO: netd32.exe - svchost.exe
IFEO: netinfo.exe - svchost.exe
IFEO: netmon.exe - svchost.exe
IFEO: netscanpro.exe - svchost.exe
IFEO: netspyhunter-1.2.exe - svchost.exe
IFEO: netutils.exe - svchost.exe
IFEO: nisserv.exe - svchost.exe
IFEO: nisum.exe - svchost.exe
IFEO: nmain.exe - svchost.exe
IFEO: nod32.exe - svchost.exe
IFEO: normist.exe - svchost.exe
IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
IFEO: notstart.exe - svchost.exe
IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
IFEO: npfmessenger.exe - svchost.exe
IFEO: nprotect.exe - svchost.exe
IFEO: npscheck.exe - svchost.exe
IFEO: npssvc.exe - svchost.exe
IFEO: nsched32.exe - svchost.exe
IFEO: nssys32.exe - svchost.exe
IFEO: nstask32.exe - svchost.exe
IFEO: nsupdate.exe - svchost.exe
IFEO: nt.exe - svchost.exe
IFEO: ntrtscan.exe - svchost.exe
IFEO: ntvdm.exe - svchost.exe
IFEO: ntxconfig.exe - svchost.exe
IFEO: nui.exe - svchost.exe
IFEO: nupgrade.exe - svchost.exe
IFEO: nvarch16.exe - svchost.exe
IFEO: nvc95.exe - svchost.exe
IFEO: nvsvc32.exe - svchost.exe
IFEO: nwinst4.exe - svchost.exe
IFEO: nwservice.exe - svchost.exe
IFEO: nwtool16.exe - svchost.exe
IFEO: OAcat.exe - svchost.exe
IFEO: OAhlp.exe - svchost.exe
IFEO: OAReg.exe - svchost.exe
IFEO: oasrv.exe - svchost.exe
IFEO: oaui.exe - svchost.exe
IFEO: oaview.exe - svchost.exe
IFEO: OcHealthMon.exe - svchost.exe
IFEO: ODSW.exe - svchost.exe
IFEO: ollydbg.exe - svchost.exe
IFEO: OLT.exe - svchost.exe
IFEO: onsrvr.exe - svchost.exe
IFEO: optimize.exe - svchost.exe
IFEO: ostronet.exe - svchost.exe
IFEO: otfix.exe - svchost.exe
IFEO: outpost.exe - svchost.exe
IFEO: outpostinstall.exe - svchost.exe
IFEO: outpostproinstall.exe - svchost.exe
IFEO: ozn695m5.exe - svchost.exe
IFEO: padmin.exe - svchost.exe
IFEO: panixk.exe - svchost.exe
IFEO: patch.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: pavcl.exe - svchost.exe
IFEO: PavFnSvr.exe - svchost.exe
IFEO: pavproxy.exe - svchost.exe
IFEO: pavprsrv.exe - svchost.exe
IFEO: pavsched.exe - svchost.exe
IFEO: pavsrv51.exe - svchost.exe
IFEO: pavw.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pccwin98.exe - svchost.exe
IFEO: pcfwallicon.exe - svchost.exe
IFEO: pcip10117_0.exe - svchost.exe
IFEO: pcscan.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: pdfndr.exe - svchost.exe
IFEO: pdsetup.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: periscope.exe - svchost.exe
IFEO: persfw.exe - svchost.exe
IFEO: personalguard - svchost.exe
IFEO: personalguard.exe - svchost.exe
IFEO: perswf.exe - svchost.exe
IFEO: pf2.exe - svchost.exe
IFEO: pfwadmin.exe - svchost.exe
IFEO: pgmonitr.exe - svchost.exe
IFEO: pingscan.exe - svchost.exe
IFEO: platin.exe - svchost.exe
IFEO: pop3trap.exe - svchost.exe
IFEO: poproxy.exe - svchost.exe
IFEO: popscan.exe - svchost.exe
IFEO: portdetective.exe - svchost.exe
IFEO: portmonitor.exe - svchost.exe
IFEO: powerscan.exe - svchost.exe
IFEO: ppinupdt.exe - svchost.exe
IFEO: pptbc.exe - svchost.exe
IFEO: ppvstop.exe - svchost.exe
IFEO: prizesurfer.exe - svchost.exe
IFEO: prmt.exe - svchost.exe
IFEO: prmvr.exe - svchost.exe
IFEO: procdump.exe - svchost.exe
IFEO: processmonitor.exe - svchost.exe
IFEO: procexplorerv1.0.exe - svchost.exe
IFEO: programauditor.exe - svchost.exe
IFEO: proport.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: protectx.exe - svchost.exe
IFEO: PSANCU.exe - svchost.exe
IFEO: PSANHost.exe - svchost.exe
IFEO: PSANToManager.exe - svchost.exe
IFEO: PsCtrls.exe - svchost.exe
IFEO: PsImSvc.exe - svchost.exe
IFEO: PskSvc.exe - svchost.exe
IFEO: pspf.exe - svchost.exe
IFEO: PSUNMain.exe - svchost.exe
IFEO: purge.exe - svchost.exe
IFEO: qconsole.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: qserver.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: QuickHealCleaner.exe - svchost.exe
IFEO: rapapp.exe - svchost.exe
IFEO: rav7.exe - svchost.exe
IFEO: rav7win.exe - svchost.exe
IFEO: rav8win32eng.exe - svchost.exe
IFEO: ray.exe - svchost.exe
IFEO: rb32.exe - svchost.exe
IFEO: rcsync.exe - svchost.exe
IFEO: realmon.exe - svchost.exe
IFEO: reged.exe - svchost.exe
IFEO: regedt32.exe - svchost.exe
IFEO: rescue.exe - svchost.exe
IFEO: rescue32.exe - svchost.exe
IFEO: rrguard.exe - svchost.exe
IFEO: rscdwld.exe - svchost.exe
IFEO: rshell.exe - svchost.exe
IFEO: rtvscan.exe - svchost.exe
IFEO: rtvscn95.exe - svchost.exe
IFEO: rulaunch.exe - svchost.exe
IFEO: rwg - svchost.exe
IFEO: rwg.exe - svchost.exe
IFEO: SafetyKeeper.exe - svchost.exe
IFEO: safeweb.exe - svchost.exe
IFEO: sahagent.exe - svchost.exe
IFEO: Save.exe - svchost.exe
IFEO: SaveArmor.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: savenow.exe - svchost.exe
IFEO: sbserv.exe - svchost.exe
IFEO: sc.exe - svchost.exe
IFEO: scam32.exe - svchost.exe
IFEO: scan32.exe - svchost.exe
IFEO: scan95.exe - svchost.exe
IFEO: scanpm.exe - svchost.exe
IFEO: scrscan.exe - svchost.exe
IFEO: seccenter.exe - svchost.exe
IFEO: Secure Veteran.exe - svchost.exe
IFEO: secureveteran.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: SecurityFighter.exe - svchost.exe
IFEO: securitysoldier.exe - svchost.exe
IFEO: serv95.exe - svchost.exe
IFEO: setloadorder.exe - svchost.exe
IFEO: setupvameeval.exe - svchost.exe
IFEO: setup_flowprotector_us.exe - svchost.exe
IFEO: sgssfw32.exe - svchost.exe
IFEO: sh.exe - svchost.exe
IFEO: shellspyinstall.exe - svchost.exe
IFEO: shield.exe - svchost.exe
IFEO: shn.exe - svchost.exe
IFEO: showbehind.exe - svchost.exe
IFEO: signcheck.exe - svchost.exe
IFEO: smart.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smc.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: sms.exe - svchost.exe
IFEO: smss32.exe - svchost.exe
IFEO: snetcfg.exe - svchost.exe
IFEO: soap.exe - svchost.exe
IFEO: sofi.exe - svchost.exe
IFEO: SoftSafeness.exe - svchost.exe
IFEO: sperm.exe - svchost.exe
IFEO: spf.exe - svchost.exe
IFEO: sphinx.exe - svchost.exe
IFEO: spoler.exe - svchost.exe
IFEO: spoolcv.exe - svchost.exe
IFEO: spoolsv32.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: spyxx.exe - svchost.exe
IFEO: srexe.exe - svchost.exe
IFEO: srng.exe - svchost.exe
IFEO: ss3edit.exe - svchost.exe
IFEO: ssgrate.exe - svchost.exe
IFEO: ssg_4104.exe - svchost.exe
IFEO: st2.exe - svchost.exe
IFEO: start.exe - svchost.exe
IFEO: stcloader.exe - svchost.exe
IFEO: supftrl.exe - svchost.exe
IFEO: support.exe - svchost.exe
IFEO: supporter5.exe - svchost.exe
IFEO: svc.exe - svchost.exe
IFEO: svchostc.exe - svchost.exe
IFEO: svchosts.exe - svchost.exe
IFEO: svshost.exe - svchost.exe
IFEO: sweep95.exe - svchost.exe
IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
IFEO: symlcsvc.exe - svchost.exe
IFEO: symproxysvc.exe - svchost.exe
IFEO: symtray.exe - svchost.exe
IFEO: system.exe - svchost.exe
IFEO: system32.exe - svchost.exe
IFEO: sysupd.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: taskmgr.exe - svchost.exe
IFEO: taumon.exe - svchost.exe
IFEO: tbscan.exe - svchost.exe
IFEO: tc.exe - svchost.exe
IFEO: tca.exe - svchost.exe
IFEO: tcm.exe - svchost.exe
IFEO: tds-3.exe - svchost.exe
IFEO: tds2-98.exe - svchost.exe
IFEO: tds2-nt.exe - svchost.exe
IFEO: teekids.exe - svchost.exe
IFEO: tfak.exe - svchost.exe
IFEO: tfak5.exe - svchost.exe
IFEO: tgbob.exe - svchost.exe
IFEO: titanin.exe - svchost.exe
IFEO: titaninxp.exe - svchost.exe
IFEO: TPSrv.exe - svchost.exe
IFEO: trickler.exe - svchost.exe
IFEO: trjscan.exe - svchost.exe
IFEO: trjsetup.exe - svchost.exe
IFEO: trojantrap3.exe - svchost.exe
IFEO: TrustWarrior.exe - svchost.exe
IFEO: tsadbot.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: tvmd.exe - svchost.exe
IFEO: tvtmd.exe - svchost.exe
IFEO: uiscan.exe - svchost.exe
IFEO: undoboot.exe - svchost.exe
IFEO: updat.exe - svchost.exe
IFEO: upgrad.exe - svchost.exe
IFEO: upgrepl.exe - svchost.exe
IFEO: utpost.exe - svchost.exe
IFEO: vbcmserv.exe - svchost.exe
IFEO: vbcons.exe - svchost.exe
IFEO: vbust.exe - svchost.exe
IFEO: vbwin9x.exe - svchost.exe
IFEO: vbwinntw.exe - svchost.exe
IFEO: vcsetup.exe - svchost.exe
IFEO: vet32.exe - svchost.exe
IFEO: vet95.exe - svchost.exe
IFEO: vettray.exe - svchost.exe
IFEO: vfsetup.exe - svchost.exe
IFEO: vir-help.exe - svchost.exe
IFEO: virusmdpersonalfirewall.exe - svchost.exe
IFEO: VisthAux.exe - svchost.exe
IFEO: VisthLic.exe - svchost.exe
IFEO: VisthUpd.exe - svchost.exe
IFEO: vnlan300.exe - svchost.exe
IFEO: vnpc3000.exe - svchost.exe
IFEO: vpc32.exe - svchost.exe
IFEO: vpc42.exe - svchost.exe
IFEO: vpfw30s.exe - svchost.exe
IFEO: vptray.exe - svchost.exe
IFEO: vscan40.exe - svchost.exe
IFEO: vscenu6.02d30.exe - svchost.exe
IFEO: vsched.exe - svchost.exe
IFEO: vsecomr.exe - svchost.exe
IFEO: vshwin32.exe - svchost.exe
IFEO: vsisetup.exe - svchost.exe
IFEO: vsmain.exe - svchost.exe
IFEO: vsmon.exe - svchost.exe
IFEO: vsserv.exe - svchost.exe
IFEO: vsstat.exe - svchost.exe
IFEO: vswin9xe.exe - svchost.exe
IFEO: vswinntse.exe - svchost.exe
IFEO: vswinperse.exe - svchost.exe
IFEO: w32dsm89.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: w9x.exe - svchost.exe
IFEO: watchdog.exe - svchost.exe
IFEO: webdav.exe - svchost.exe
IFEO: WebProxy.exe - svchost.exe
IFEO: webscanx.exe - svchost.exe
IFEO: webtrap.exe - svchost.exe
IFEO: wfindv32.exe - svchost.exe
IFEO: whoswatchingme.exe - svchost.exe
IFEO: wimmun32.exe - svchost.exe
IFEO: win-bugsfix.exe - svchost.exe
IFEO: win32.exe - svchost.exe
IFEO: win32us.exe - svchost.exe
IFEO: winactive.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: window.exe - svchost.exe
IFEO: windows Police Pro.exe - svchost.exe
IFEO: windows.exe - svchost.exe
IFEO: wininetd.exe - svchost.exe
IFEO: wininitx.exe - svchost.exe
IFEO: winlogin.exe - svchost.exe
IFEO: winmain.exe - svchost.exe
IFEO: winppr32.exe - svchost.exe
IFEO: winrecon.exe - svchost.exe
IFEO: winservn.exe - svchost.exe
IFEO: winss.exe - svchost.exe
IFEO: winssk32.exe - svchost.exe
IFEO: winssnotify.exe - svchost.exe
IFEO: WinSSUI.exe - svchost.exe
IFEO: winstart.exe - svchost.exe
IFEO: winstart001.exe - svchost.exe
IFEO: wintsk32.exe - svchost.exe
IFEO: winupdate.exe - svchost.exe
IFEO: wkufind.exe - svchost.exe
IFEO: wnad.exe - svchost.exe
IFEO: wnt.exe - svchost.exe
IFEO: wradmin.exe - svchost.exe
IFEO: wrctrl.exe - svchost.exe
IFEO: wsbgate.exe - svchost.exe
IFEO: wscfxas.exe - svchost.exe
IFEO: wscfxav.exe - svchost.exe
IFEO: wscfxfw.exe - svchost.exe
IFEO: wsctool.exe - svchost.exe
IFEO: wupdater.exe - svchost.exe
IFEO: wupdt.exe - svchost.exe
IFEO: wyvernworksfirewall.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: xpf202en.exe - svchost.exe
IFEO: xp_antispyware.exe - svchost.exe
IFEO: zapro.exe - svchost.exe
IFEO: zapsetup3001.exe - svchost.exe
IFEO: zatutor.exe - svchost.exe
IFEO: zonalm2601.exe - svchost.exe
IFEO: zonealarm.exe - svchost.exe
IFEO: _avp32.exe - svchost.exe
IFEO: _avpcc.exe - svchost.exe
IFEO: _avpm.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe
.
==== Installed Programs ======================
.
AbiWord 2.8.6
Adobe Flash Player 11 ActiveX
Adobe Reader X
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
att.net Toolbar
Auslogics Disk Defrag
Bonjour
Broadcom 440x 10/100 Integrated Controller
BurnAware Free 3.3.1
Canon PIXMA iP4000
ClamWin Free Antivirus 0.97.3
Conexant D480 MDC V.92 Modem
DivX Setup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
Java(TM) 6 Update 29
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
NVIDIA Drivers
PC Cleaners
QuickTime
RoyalSolitaire
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VZAccess Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Software Update
ZTE USB Drivers
.
==== Event Viewer Messages From Past Week ========
.
3/25/2012 6:14:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
3/25/2012 6:14:25 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
plaizure
Active Member
 
Posts: 5
Joined: April 1st, 2012, 5:56 am
Advertisement
Register to Remove

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 2nd, 2012, 5:08 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==============================================


aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it
  • Click No to the prompt to download Avast! virus definitions.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby plaizure » April 4th, 2012, 1:22 am

Hello and thank you for your help,
I would first like to appologize, my eldest took it upon herself to "fix' my computer without my knowledge. I took it from her before she could do any thing else that i didnt know about. i have read the rules and understand that we were not to do any "fixing" of our own, please continue to help. I assure you that this laptop is off commission until we figure this out. Respectfully,
Precious

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 22:04:15
-----------------------------
22:04:15.389 OS Version: Windows 5.1.2600 Service Pack 3
22:04:15.389 Number of processors: 1 586 0x905
22:04:15.389 ComputerName: NEWGUY UserName: OWNER
22:04:16.230 Initialize success
22:04:30.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:04:30.691 Disk 0 Vendor: Size: 0MB BusType: 0
22:04:30.711 Disk 0 MBR read successfully
22:04:30.711 Disk 0 MBR scan
22:04:30.711 Disk 0 Windows XP default MBR code
22:04:30.711 Disk 0 MBR hidden
22:04:30.711 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
22:04:30.761 Disk 0 scanning C:\WINDOWS\system32\drivers
22:04:42.067 Service scanning
22:04:43.349 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
22:05:04.770 Modules scanning
22:05:15.135 Module: C:\DOCUME~1\OWNER\LOCALS~1\Temp\8046.sys **SUSPICIOUS**
22:05:16.416 Disk 0 trace - called modules:
22:05:16.436 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x82d56641]<<
22:05:16.757 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8bab8]
22:05:16.757 3 CLASSPNP.SYS[f758efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fc9030]
22:05:16.757 Scan finished successfully
22:06:23.423 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\OWNER\Desktop\MBR.dat"
22:06:23.433 The log file has been saved successfully to "C:\Documents and Settings\OWNER\Desktop\aswMBR.txt"
plaizure
Active Member
 
Posts: 5
Joined: April 1st, 2012, 5:56 am

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 4th, 2012, 2:52 am

Hi

ROOTKIT

Your computer has multiple infections, including a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files

You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality, and there is no way that it can be sure it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.



Please let us know what you have decided to do in your next post.



Risk Advice - MBR

Unfortunately you have an infected Master Boot Record (MBR)

Some Dell computers have a non-standard, customised MBR that allows you to press a key on startup and restore your computer to it's factory delivered condition. That option is no longer available to you. Any attempted fix of this infection may result in the PC receiving a default Windows XP MBR. Whilst this will fix the infection, it may not restore the ability to restore your computer to it's factory delivered condition. It may be possible to restore the original Dell MBR either before or after fixing the infection, but I would recommend that you contact Dell themselves for support for this.

If you would like to proceed with attempting to fix this infection I need you to recognise this does not come without risk. The MBR is a critical component of your PC - as the name suggests it is critical to booting the PC. If anything was to go wrong with the fix it could result in your computer no longer being able to boot up. Whilst an unbootable computer may be fixable, it can be lengthy and complicated procedure.

If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data and then continue with the instructions below. If you have any questions - Please ask them first.


==================================


Rkill

Please download Rkill from the link below and save to your Desktop:

WiNlOgOn.exe (Renamed rKill)

  • Double click on WiNlOgOn.exe[/b] (Renamed rKill) .
  • A command window will open then disappear upon completion. This is normal, and your desktop may temporarily disappear. Do not be alarmed.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave [b]Rkill on the Desktop until otherwise advised.

Note: If you recieve a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you encounter infections that give a fake warning and close Rkill, a trick is to leave the fake warning on the screen and then run Rkill again. By not closing the fake warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue processes.




TDSSKiller

Download tdsskiller.exe and save it to your desktop

  • Double click TDSSKiller.exe
  • Click Start scan and allow it to scan for Malicious objects.
  • If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby plaizure » April 4th, 2012, 2:23 pm

Well Darn, Thank you
i want to continue to try to clean this under your guidance. this computer was used for school and has been used a few times to access a bank account but not recently or since i have this problem. i understand the risks and want to do what i can. if we can fix this laptop together without me having to take it to some expensive shop, i would really like that.

i have another laptop (which, up until this laptop became infected, was rarely used). it is running fine. and has all the programs to back this one i am sure.

ps the pop ups are still happening and one even gives an ip address and says that i am at risk for identity theft. i am taking all precautions noted in your previous reply.
thank you once again,
Precious

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/04/2012 at 10:52:54.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\abd596\APabd_8046.exe


Rkill completed on 04/04/2012 at 10:53:04.
11:02:44.0980 3940 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:04:42.0299 3940 ============================================================
11:04:42.0299 3940 Current date / time: 2012/04/04 11:04:42.0299
11:04:42.0299 3940 SystemInfo:
11:04:42.0299 3940
11:04:42.0299 3940 OS Version: 5.1.2600 ServicePack: 3.0
11:04:42.0299 3940 Product type: Workstation
11:04:42.0299 3940 ComputerName: NEWGUY
11:04:42.0299 3940 UserName: OWNER
11:04:42.0299 3940 Windows directory: C:\WINDOWS
11:04:42.0299 3940 System windows directory: C:\WINDOWS
11:04:42.0299 3940 Processor architecture: Intel x86
11:04:42.0299 3940 Number of processors: 1
11:04:42.0299 3940 Page size: 0x1000
11:04:42.0299 3940 Boot type: Normal boot
11:04:42.0299 3940 ============================================================
11:04:44.0222 3940 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:04:44.0232 3940 \Device\Harddisk0\DR0:
11:04:44.0232 3940 MBR used
11:04:44.0232 3940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:04:44.0733 3940 Initialize success
11:04:44.0733 3940 ============================================================
11:05:07.0856 2432 ============================================================
11:05:07.0856 2432 Scan started
11:05:07.0856 2432 Mode: Manual;
11:05:07.0856 2432 ============================================================
11:05:08.0597 2432 8046 (a88f82c154855708d53ffe7a5c539c30) C:\DOCUME~1\OWNER\LOCALS~1\Temp\8046.sys
11:05:08.0607 2432 8046 - ok
11:05:08.0687 2432 Abiosdsk - ok
11:05:08.0707 2432 abp480n5 - ok
11:05:08.0777 2432 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:05:08.0787 2432 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
11:05:08.0787 2432 ACPI ( Virus.Win32.Rloader.a ) - infected
11:05:08.0787 2432 ACPI - detected Virus.Win32.Rloader.a (0)
11:05:08.0907 2432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:05:08.0907 2432 ACPIEC - ok
11:05:09.0098 2432 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:05:09.0108 2432 AdobeFlashPlayerUpdateSvc - ok
11:05:09.0198 2432 adpu160m - ok
11:05:09.0268 2432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:05:09.0268 2432 aec - ok
11:05:09.0408 2432 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:05:09.0408 2432 AegisP - ok
11:05:09.0478 2432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:05:09.0478 2432 AFD - ok
11:05:09.0618 2432 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:05:09.0618 2432 agp440 - ok
11:05:09.0638 2432 Aha154x - ok
11:05:09.0668 2432 aic78u2 - ok
11:05:09.0688 2432 aic78xx - ok
11:05:09.0769 2432 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:05:09.0769 2432 Alerter - ok
11:05:09.0939 2432 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:05:09.0939 2432 ALG - ok
11:05:09.0979 2432 AliIde - ok
11:05:10.0069 2432 amsint - ok
11:05:10.0199 2432 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:05:10.0199 2432 Apple Mobile Device - ok
11:05:10.0329 2432 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:05:10.0329 2432 AppMgmt - ok
11:05:10.0460 2432 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:05:10.0460 2432 Arp1394 - ok
11:05:10.0480 2432 asc - ok
11:05:10.0500 2432 asc3350p - ok
11:05:10.0520 2432 asc3550 - ok
11:05:10.0660 2432 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:05:10.0670 2432 aspnet_state - ok
11:05:10.0820 2432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:05:10.0820 2432 AsyncMac - ok
11:05:10.0910 2432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:05:10.0910 2432 atapi - ok
11:05:11.0010 2432 Atdisk - ok
11:05:11.0080 2432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:05:11.0080 2432 Atmarpc - ok
11:05:11.0201 2432 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:05:11.0201 2432 AudioSrv - ok
11:05:11.0371 2432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:05:11.0371 2432 audstub - ok
11:05:11.0511 2432 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:05:11.0511 2432 bcm4sbxp - ok
11:05:11.0581 2432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:05:11.0581 2432 Beep - ok
11:05:11.0701 2432 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:05:11.0711 2432 BITS - ok
11:05:11.0882 2432 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:05:11.0892 2432 Bonjour Service - ok
11:05:12.0022 2432 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:05:12.0022 2432 Browser - ok
11:05:12.0102 2432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:05:12.0112 2432 cbidf2k - ok
11:05:12.0192 2432 cd20xrnt - ok
11:05:12.0262 2432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:05:12.0262 2432 Cdaudio - ok
11:05:12.0402 2432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:05:12.0402 2432 Cdfs - ok
11:05:12.0542 2432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:05:12.0542 2432 Cdrom - ok
11:05:12.0643 2432 Changer - ok
11:05:12.0713 2432 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:05:12.0723 2432 CiSvc - ok
11:05:12.0863 2432 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:05:12.0863 2432 ClipSrv - ok
11:05:12.0993 2432 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:12.0993 2432 clr_optimization_v2.0.50727_32 - ok
11:05:13.0103 2432 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:05:13.0103 2432 CmBatt - ok
11:05:13.0153 2432 CmdIde - ok
11:05:13.0193 2432 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:05:13.0203 2432 Compbatt - ok
11:05:13.0244 2432 COMSysApp - ok
11:05:13.0274 2432 Cpqarray - ok
11:05:13.0344 2432 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:05:13.0344 2432 CryptSvc - ok
11:05:13.0424 2432 dac2w2k - ok
11:05:13.0454 2432 dac960nt - ok
11:05:13.0534 2432 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:05:13.0554 2432 DcomLaunch - ok
11:05:13.0684 2432 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:05:13.0684 2432 Dhcp - ok
11:05:13.0754 2432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:05:13.0754 2432 Disk - ok
11:05:13.0834 2432 dmadmin - ok
11:05:13.0945 2432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:05:13.0965 2432 dmboot - ok
11:05:14.0105 2432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:05:14.0115 2432 dmio - ok
11:05:14.0245 2432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:05:14.0245 2432 dmload - ok
11:05:14.0295 2432 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:05:14.0305 2432 dmserver - ok
11:05:14.0435 2432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:05:14.0435 2432 DMusic - ok
11:05:14.0485 2432 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:05:14.0495 2432 Dnscache - ok
11:05:14.0615 2432 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:05:14.0615 2432 Dot3svc - ok
11:05:14.0666 2432 dpti2o - ok
11:05:14.0826 2432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:05:14.0826 2432 drmkaud - ok
11:05:14.0876 2432 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:05:14.0876 2432 EapHost - ok
11:05:14.0986 2432 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:05:14.0986 2432 ERSvc - ok
11:05:15.0106 2432 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:05:15.0106 2432 Eventlog - ok
11:05:15.0216 2432 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:05:15.0226 2432 EventSystem - ok
11:05:15.0447 2432 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:05:15.0467 2432 EvtEng - ok
11:05:15.0597 2432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:05:15.0607 2432 Fastfat - ok
11:05:15.0677 2432 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:15.0687 2432 FastUserSwitchingCompatibility - ok
11:05:15.0827 2432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:05:15.0827 2432 Fdc - ok
11:05:15.0897 2432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:05:15.0897 2432 Fips - ok
11:05:16.0048 2432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:05:16.0048 2432 Flpydisk - ok
11:05:16.0118 2432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:05:16.0118 2432 FltMgr - ok
11:05:16.0348 2432 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:05:16.0348 2432 FontCache3.0.0.0 - ok
11:05:16.0478 2432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:05:16.0478 2432 Fs_Rec - ok
11:05:16.0518 2432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:05:16.0528 2432 Ftdisk - ok
11:05:16.0658 2432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:05:16.0658 2432 GEARAspiWDM - ok
11:05:16.0729 2432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:05:16.0739 2432 Gpc - ok
11:05:16.0879 2432 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:05:16.0879 2432 helpsvc - ok
11:05:16.0929 2432 HidServ - ok
11:05:17.0009 2432 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:05:17.0009 2432 hkmsvc - ok
11:05:17.0119 2432 hpn - ok
11:05:17.0199 2432 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:05:17.0199 2432 HPZid412 - ok
11:05:17.0289 2432 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:05:17.0289 2432 HPZipr12 - ok
11:05:17.0369 2432 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:05:17.0369 2432 HPZius12 - ok
11:05:17.0540 2432 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:05:17.0540 2432 HSFHWICH - ok
11:05:17.0760 2432 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
11:05:17.0790 2432 HSF_DPV - ok
11:05:17.0940 2432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:05:17.0950 2432 HTTP - ok
11:05:18.0090 2432 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:05:18.0090 2432 HTTPFilter - ok
11:05:18.0131 2432 i2omgmt - ok
11:05:18.0211 2432 i2omp - ok
11:05:18.0291 2432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:05:18.0291 2432 i8042prt - ok
11:05:18.0511 2432 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:05:18.0541 2432 idsvc - ok
11:05:18.0681 2432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:05:18.0681 2432 Imapi - ok
11:05:18.0842 2432 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:05:18.0842 2432 ImapiService - ok
11:05:18.0942 2432 ini910u - ok
11:05:19.0012 2432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:05:19.0012 2432 IntelIde - ok
11:05:19.0162 2432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:05:19.0162 2432 intelppm - ok
11:05:19.0292 2432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:05:19.0292 2432 Ip6Fw - ok
11:05:19.0352 2432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:05:19.0352 2432 IpFilterDriver - ok
11:05:19.0482 2432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:05:19.0482 2432 IpInIp - ok
11:05:19.0623 2432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:05:19.0633 2432 IpNat - ok
11:05:19.0823 2432 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
11:05:19.0843 2432 iPod Service - ok
11:05:19.0983 2432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:05:19.0983 2432 IPSec - ok
11:05:20.0033 2432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:05:20.0033 2432 IRENUM - ok
11:05:20.0183 2432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:05:20.0183 2432 isapnp - ok
11:05:20.0354 2432 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
11:05:20.0354 2432 JavaQuickStarterService - ok
11:05:20.0484 2432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:05:20.0484 2432 Kbdclass - ok
11:05:20.0564 2432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:05:20.0564 2432 kmixer - ok
11:05:20.0704 2432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:05:20.0704 2432 KSecDD - ok
11:05:21.0045 2432 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:05:21.0045 2432 LanmanServer - ok
11:05:21.0155 2432 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:05:21.0175 2432 lanmanworkstation - ok
11:05:21.0275 2432 lbrtfdc - ok
11:05:21.0365 2432 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:05:21.0365 2432 LmHosts - ok
11:05:21.0495 2432 massfilter (082ea07b461d1d184a82fdcb8b38a753) C:\WINDOWS\system32\drivers\massfilter.sys
11:05:21.0495 2432 massfilter - ok
11:05:21.0626 2432 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
11:05:21.0636 2432 McciCMService - ok
11:05:21.0726 2432 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files\Common Files\Motive\McciServiceHost.exe
11:05:21.0736 2432 McciServiceHost - ok
11:05:21.0866 2432 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:05:21.0866 2432 mdmxsdk - ok
11:05:21.0926 2432 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:05:21.0926 2432 Messenger - ok
11:05:22.0046 2432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:05:22.0046 2432 mnmdd - ok
11:05:22.0106 2432 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:05:22.0106 2432 mnmsrvc - ok
11:05:22.0236 2432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:05:22.0246 2432 Modem - ok
11:05:22.0337 2432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:05:22.0337 2432 Mouclass - ok
11:05:22.0487 2432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:05:22.0487 2432 MountMgr - ok
11:05:22.0527 2432 mraid35x - ok
11:05:22.0647 2432 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:05:22.0657 2432 MREMP50 - ok
11:05:22.0667 2432 MREMPR5 - ok
11:05:22.0677 2432 MRENDIS5 - ok
11:05:22.0707 2432 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:05:22.0707 2432 MRESP50 - ok
11:05:22.0847 2432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:05:22.0847 2432 MRxDAV - ok
11:05:22.0998 2432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:05:23.0008 2432 MRxSmb - ok
11:05:23.0138 2432 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:05:23.0148 2432 MSDTC - ok
11:05:23.0288 2432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:05:23.0288 2432 Msfs - ok
11:05:23.0358 2432 MSIServer - ok
11:05:23.0438 2432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:05:23.0438 2432 MSKSSRV - ok
11:05:23.0538 2432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:05:23.0538 2432 MSPCLOCK - ok
11:05:23.0648 2432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:05:23.0648 2432 MSPQM - ok
11:05:23.0769 2432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:05:23.0769 2432 mssmbios - ok
11:05:23.0909 2432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:05:23.0909 2432 Mup - ok
11:05:24.0089 2432 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:05:24.0099 2432 napagent - ok
11:05:24.0239 2432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:05:24.0239 2432 NDIS - ok
11:05:24.0390 2432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:05:24.0390 2432 NdisTapi - ok
11:05:24.0460 2432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:05:24.0460 2432 Ndisuio - ok
11:05:24.0570 2432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:05:24.0570 2432 NdisWan - ok
11:05:24.0660 2432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:05:24.0660 2432 NDProxy - ok
11:05:24.0830 2432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:05:24.0840 2432 NetBIOS - ok
11:05:25.0020 2432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:05:25.0020 2432 NetBT - ok
11:05:25.0071 2432 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:05:25.0071 2432 NetDDE - ok
11:05:25.0081 2432 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:05:25.0091 2432 NetDDEdsdm - ok
11:05:25.0221 2432 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:25.0221 2432 Netlogon - ok
11:05:25.0291 2432 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:05:25.0301 2432 Netman - ok
11:05:25.0511 2432 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:25.0521 2432 NetTcpPortSharing - ok
11:05:25.0641 2432 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:05:25.0641 2432 NIC1394 - ok
11:05:25.0711 2432 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:05:25.0711 2432 Nla - ok
11:05:25.0862 2432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:05:25.0862 2432 Npfs - ok
11:05:25.0952 2432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:05:25.0982 2432 Ntfs - ok
11:05:26.0112 2432 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:26.0122 2432 NtLmSsp - ok
11:05:26.0232 2432 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:05:26.0252 2432 NtmsSvc - ok
11:05:26.0392 2432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:05:26.0392 2432 Null - ok
11:05:26.0633 2432 nv (9e4b052c76949de445ad6439cd473548) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:05:26.0943 2432 nv - ok
11:05:27.0083 2432 NVSvc (9233d25a68f320eb2361e5c383c1f31f) C:\WINDOWS\system32\nvsvc32.exe
11:05:27.0083 2432 NVSvc - ok
11:05:27.0224 2432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:05:27.0224 2432 NwlnkFlt - ok
11:05:27.0334 2432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:05:27.0334 2432 NwlnkFwd - ok
11:05:27.0454 2432 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:05:27.0454 2432 ohci1394 - ok
11:05:27.0534 2432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:05:27.0534 2432 Parport - ok
11:05:27.0674 2432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:05:27.0674 2432 PartMgr - ok
11:05:27.0724 2432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:05:27.0724 2432 ParVdm - ok
11:05:27.0935 2432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:05:27.0935 2432 PCI - ok
11:05:28.0025 2432 PCIDump - ok
11:05:28.0085 2432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
11:05:28.0095 2432 PCIIde - ok
11:05:28.0235 2432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:05:28.0245 2432 Pcmcia - ok
11:05:28.0335 2432 PDCOMP - ok
11:05:28.0355 2432 PDFRAME - ok
11:05:28.0375 2432 PDRELI - ok
11:05:28.0405 2432 PDRFRAME - ok
11:05:28.0415 2432 perc2 - ok
11:05:28.0435 2432 perc2hib - ok
11:05:28.0535 2432 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:05:28.0535 2432 PlugPlay - ok
11:05:28.0666 2432 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
11:05:28.0676 2432 Pml Driver HPZ12 - ok
11:05:28.0736 2432 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:28.0736 2432 PolicyAgent - ok
11:05:28.0906 2432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:05:28.0906 2432 PptpMiniport - ok
11:05:28.0966 2432 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:28.0966 2432 ProtectedStorage - ok
11:05:29.0106 2432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:05:29.0116 2432 PSched - ok
11:05:29.0267 2432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:05:29.0267 2432 Ptilink - ok
11:05:29.0427 2432 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:05:29.0427 2432 PxHelp20 - ok
11:05:29.0487 2432 ql1080 - ok
11:05:29.0507 2432 Ql10wnt - ok
11:05:29.0527 2432 ql12160 - ok
11:05:29.0557 2432 ql1240 - ok
11:05:29.0577 2432 ql1280 - ok
11:05:29.0617 2432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:05:29.0617 2432 RasAcd - ok
11:05:29.0817 2432 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:05:29.0817 2432 RasAuto - ok
11:05:29.0968 2432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:05:29.0968 2432 Rasl2tp - ok
11:05:30.0108 2432 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:05:30.0118 2432 RasMan - ok
11:05:30.0258 2432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:05:30.0258 2432 RasPppoe - ok
11:05:30.0408 2432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:05:30.0408 2432 Raspti - ok
11:05:30.0558 2432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:05:30.0568 2432 Rdbss - ok
11:05:30.0699 2432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:05:30.0699 2432 RDPCDD - ok
11:05:30.0789 2432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:05:30.0799 2432 rdpdr - ok
11:05:30.0949 2432 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:05:30.0959 2432 RDPWD - ok
11:05:31.0089 2432 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:05:31.0099 2432 RDSessMgr - ok
11:05:31.0229 2432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:05:31.0229 2432 redbook - ok
11:05:31.0420 2432 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:05:31.0430 2432 RegSrvc - ok
11:05:32.0221 2432 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:05:32.0221 2432 RemoteAccess - ok
11:05:32.0371 2432 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:05:32.0371 2432 RemoteRegistry - ok
11:05:32.0441 2432 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:05:32.0451 2432 RpcLocator - ok
11:05:32.0591 2432 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:05:32.0591 2432 RpcSs - ok
11:05:32.0752 2432 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:05:32.0752 2432 RSVP - ok
11:05:33.0012 2432 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:05:33.0042 2432 S24EventMonitor - ok
11:05:33.0162 2432 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:05:33.0172 2432 s24trans - ok
11:05:33.0222 2432 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:33.0222 2432 SamSs - ok
11:05:33.0362 2432 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:05:33.0362 2432 SCardSvr - ok
11:05:33.0503 2432 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:05:33.0513 2432 Schedule - ok
11:05:33.0653 2432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:05:33.0653 2432 Secdrv - ok
11:05:33.0783 2432 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:05:33.0783 2432 seclogon - ok
11:05:33.0803 2432 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:05:33.0803 2432 SENS - ok
11:05:33.0873 2432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:05:33.0873 2432 Serial - ok
11:05:34.0033 2432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:05:34.0033 2432 Sfloppy - ok
11:05:34.0114 2432 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:05:34.0124 2432 SharedAccess - ok
11:05:34.0274 2432 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:34.0274 2432 ShellHWDetection - ok
11:05:34.0374 2432 Simbad - ok
11:05:34.0514 2432 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
11:05:34.0514 2432 SMSIVZAM5 - ok
11:05:34.0614 2432 Sparrow - ok
11:05:34.0674 2432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:05:34.0674 2432 splitter - ok
11:05:34.0835 2432 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:05:34.0835 2432 Spooler - ok
11:05:34.0925 2432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:05:34.0925 2432 sr - ok
11:05:35.0075 2432 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:05:35.0075 2432 srservice - ok
11:05:35.0245 2432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:05:35.0255 2432 Srv - ok
11:05:35.0375 2432 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:05:35.0385 2432 SSDPSRV - ok
11:05:35.0465 2432 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
11:05:35.0475 2432 STAC97 - ok
11:05:35.0626 2432 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:05:35.0636 2432 stisvc - ok
11:05:35.0786 2432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:05:35.0786 2432 swenum - ok
11:05:35.0866 2432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:05:35.0866 2432 swmidi - ok
11:05:35.0956 2432 SwPrv - ok
11:05:35.0976 2432 symc810 - ok
11:05:36.0006 2432 symc8xx - ok
11:05:36.0026 2432 sym_hi - ok
11:05:36.0046 2432 sym_u3 - ok
11:05:36.0116 2432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:05:36.0116 2432 sysaudio - ok
11:05:36.0257 2432 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:05:36.0257 2432 SysmonLog - ok
11:05:36.0297 2432 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:05:36.0307 2432 TapiSrv - ok
11:05:36.0457 2432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:05:36.0467 2432 Tcpip - ok
11:05:36.0597 2432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:05:36.0597 2432 TDPIPE - ok
11:05:36.0637 2432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:05:36.0637 2432 TDTCP - ok
11:05:36.0787 2432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:05:36.0787 2432 TermDD - ok
11:05:36.0938 2432 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:05:36.0948 2432 TermService - ok
11:05:37.0088 2432 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:37.0098 2432 Themes - ok
11:05:37.0238 2432 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:05:37.0238 2432 TlntSvr - ok
11:05:37.0278 2432 TosIde - ok
11:05:37.0418 2432 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:05:37.0418 2432 TrkWks - ok
11:05:37.0478 2432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:05:37.0478 2432 Udfs - ok
11:05:37.0578 2432 UIUSys - ok
11:05:37.0599 2432 ultra - ok
11:05:37.0689 2432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:05:37.0699 2432 Update - ok
11:05:37.0849 2432 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:05:37.0859 2432 upnphost - ok
11:05:37.0999 2432 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:05:37.0999 2432 UPS - ok
11:05:38.0139 2432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:05:38.0139 2432 usbccgp - ok
11:05:38.0209 2432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:05:38.0209 2432 usbehci - ok
11:05:38.0350 2432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:05:38.0350 2432 usbhub - ok
11:05:38.0480 2432 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:05:38.0480 2432 usbohci - ok
11:05:38.0610 2432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:05:38.0610 2432 usbprint - ok
11:05:38.0660 2432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:05:38.0660 2432 usbscan - ok
11:05:38.0790 2432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:05:38.0800 2432 USBSTOR - ok
11:05:39.0221 2432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:05:39.0221 2432 usbuhci - ok
11:05:39.0371 2432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:05:39.0371 2432 VgaSave - ok
11:05:39.0461 2432 ViaIde - ok
11:05:39.0521 2432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:05:39.0531 2432 VolSnap - ok
11:05:39.0611 2432 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:05:39.0621 2432 VSS - ok
11:05:39.0922 2432 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:05:40.0112 2432 w29n51 - ok
11:05:40.0262 2432 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:05:40.0272 2432 W32Time - ok
11:05:40.0403 2432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:05:40.0403 2432 Wanarp - ok
11:05:40.0433 2432 WDICA - ok
11:05:40.0503 2432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:05:40.0513 2432 wdmaud - ok
11:05:40.0653 2432 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:05:40.0653 2432 WebClient - ok
11:05:40.0773 2432 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:05:40.0783 2432 winachsf - ok
11:05:40.0973 2432 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:05:40.0983 2432 winmgmt - ok
11:05:41.0214 2432 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
11:05:41.0224 2432 WLANKEEPER - ok
11:05:41.0374 2432 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:05:41.0374 2432 WmdmPmSN - ok
11:05:41.0534 2432 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:05:41.0544 2432 Wmi - ok
11:05:41.0744 2432 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:05:41.0744 2432 WmiApSrv - ok
11:05:41.0965 2432 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:05:41.0985 2432 WMPNetworkSvc - ok
11:05:42.0145 2432 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:05:42.0145 2432 WpdUsb - ok
11:05:42.0275 2432 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:05:42.0285 2432 wscsvc - ok
11:05:42.0335 2432 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:05:42.0335 2432 wuauserv - ok
11:05:42.0476 2432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:05:42.0476 2432 WudfPf - ok
11:05:42.0596 2432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:05:42.0596 2432 WudfRd - ok
11:05:42.0636 2432 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:05:42.0636 2432 WudfSvc - ok
11:05:42.0816 2432 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:05:42.0836 2432 WZCSVC - ok
11:05:42.0986 2432 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:05:42.0996 2432 xmlprov - ok
11:05:43.0147 2432 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:05:43.0167 2432 YahooAUService - ok
11:05:43.0307 2432 ZTEusbgps (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbgps.sys
11:05:43.0317 2432 ZTEusbgps - ok
11:05:43.0447 2432 ZTEusbmdm6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:05:43.0457 2432 ZTEusbmdm6k - ok
11:05:43.0587 2432 ZTEusbnmea (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:05:43.0587 2432 ZTEusbnmea - ok
11:05:43.0607 2432 ZTEusbnmeaext (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys
11:05:43.0617 2432 ZTEusbnmeaext - ok
11:05:43.0647 2432 ZTEusbser6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:05:43.0647 2432 ZTEusbser6k - ok
11:05:43.0697 2432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:05:43.0898 2432 \Device\Harddisk0\DR0 - ok
11:05:43.0918 2432 Boot (0x1200) (e19d742d49f36d788e7a44872d34f26d) \Device\Harddisk0\DR0\Partition0
11:05:43.0918 2432 \Device\Harddisk0\DR0\Partition0 - ok
11:05:43.0918 2432 ============================================================
11:05:43.0918 2432 Scan finished
11:05:43.0918 2432 ============================================================
11:05:43.0948 3436 Detected object count: 1
11:05:43.0948 3436 Actual detected object count: 1
11:07:49.0879 3436 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
11:07:51.0771 3436 Backup copy found, using it..
11:07:51.0781 3436 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
11:07:51.0781 3436 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
11:07:59.0923 1708 Deinitialize success
plaizure
Active Member
 
Posts: 5
Joined: April 1st, 2012, 5:56 am

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 4th, 2012, 4:46 pm

Hi

ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic: How to disable your security applications
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper. Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby plaizure » April 5th, 2012, 8:22 pm

Hi again,
Umm... it tried to diasable all my anti-virus,malware programs and i thought i did. so i ran the combo fix program then a warning came up saying that that Antimalware PC Safety(APS) had a real time protection scanner enabled and to disable it before pushing the ok button. I again opened APS and it said it was disabled. it also said that another program was managing the safety "Security Essentials". At that point another pop up from APS came up and gave an ip address that was an identiy theft warning(ive seen this before) I tried to then close combofix using the task bar as i could not access the window because of the pop up. It began to run anyways with another warning that the antimalware program was still running. I would have turned the computer off but i read that i was not supposed to touch the computer at all so that i do not mess with the computer. So it started the scan and said it needed an active internet conection again i tried to close combofix using the taskbar, right-clicked then selected close. it continued and said that it would disable my internet connection automatically and it would change my clock. it did not go through any stages like the tutorial said it would. i didnt touch the computer again. it stayed on the first screen for about 5 min then the APS popups dissappeared(i assume beacause the internet connection was disabled) then it continued to stay on the first screen for about 30 - 35 min? then it went to a blank screen and now it has been like this for about 50 min.
I feel like a dunce. Please tell me this is not that big a deal and we can fix it.
i have scanned the program APS with ClamWin before and it said that there were corrupt files in it so i tried to remove the the program using the add/remove programs option but there was no installed program called APS(???) so i dragged the icon on the desktop to the recycle bin. But it kept showing back up upon connection to the internet. thats why i assumed that the virus was the program APS. thats when i started to do research on how to remove infected files and found this forum.
Thanks a bunch,
Precious
plaizure
Active Member
 
Posts: 5
Joined: April 1st, 2012, 5:56 am

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 6th, 2012, 4:21 am

Hi

plaizure wrote:I feel like a dunce. Please tell me this is not that big a deal and we can fix it.
Don't blame yourself - Removing malware is not the easiest job at times. ;)

plaizure wrote:then it went to a blank screen and now it has been like this for about 50 min
A blank blue screen?

If you haven't already done so, reboot the computer.

We'll run rkill before running combofix. That will stop Antimalware PC Safety from running. If combofix reports it has a realtime protection scanner enabled after that, ignore it and continue.

-------

  • STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic: How to disable your security applications


Rkill

You should still have this on your desktop.

  • Double click on WiNlOgOn.exe (Renamed rKill) .
  • A command window will open then disappear upon completion. This is normal, and your desktop may temporarily disappear. Do not be alarmed.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If you recieve a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you encounter infections that give a fake warning and close Rkill, a trick is to leave the fake warning on the screen and then run Rkill again. By not closing the fake warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue processes.



DO NOT REBOOT.


ComboFix (by sUBs)

  • Ensure you are connected to the internet.
  • Double click combofix.exe & follow the prompts.
  • Should combofix require a reboot, please allow combofix to reboot the machine.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper. Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 9th, 2012, 4:30 am

Hi plaizure

It has been over two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • Topics can be closed after 3 days without a response. If you do not reply within that time, the topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby plaizure » April 9th, 2012, 8:31 pm

sorry about that,
i have ran the combo fix twice and both times it has not done what it said it was supposed to do. the blank screen was the computer turning off. to turn the computer back on i had to hold the power button down for 10 sec. then push it again to turn it back on. the antimalware pc safety pop up's are still popping up telling me to buy their product to "remove all" infected files. there is no log on the desktop. i am running it again as you instructed.
thanks for your time and sorry about the delay,
precious
plaizure
Active Member
 
Posts: 5
Joined: April 1st, 2012, 5:56 am

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby melboy » April 10th, 2012, 2:57 am

Hi Precious

Leave combofix if you are having problems and try something else. If you continue to have problems, please let me know.


Rkill

You should still have this on your desktop.

  • Double click on WiNlOgOn.exe (Renamed rKill) .
  • A command window will open then disappear upon completion. This is normal, and your desktop may temporarily disappear. Do not be alarmed.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If you recieve a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you encounter infections that give a fake warning and close Rkill, a trick is to leave the fake warning on the screen and then run Rkill again. By not closing the fake warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue processes.



DO NOT REBOOT.


Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop. (mbam-setup-1.61.0.1400.exe - 9.59mb)

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



aswMBR

You should still have this on your Desktop.

  • Double click aswMBR.exe to run it.
  • Click NO to the prompt to download Avast! virus definitions.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "Antimalware PC Safety"popups- is this the virus???

Unread postby deltalima » April 13th, 2012, 2:32 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware