Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer compromised

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer compromised

Unread postby frusterated » April 9th, 2012, 1:05 pm

Hi,
I have reason to believe that someone has remote access to my computer. Is there a place that my computer would keep a log of this to let me know exactly who it is, where they are getting in and when my computer has been remotely accessed. I want to be able to verify that this is indeed happening and put a stop to this.

My questions for you are: How do I stop someone from remotely accessing my computer? And how do I remove or protect my computer from this happening again?

Thank you,
Frusterated


Here are my logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Barry at 12:12:16 on 2012-04-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *Disabled*
FW: *Disabled*
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dldwcoms.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRAM FILES\DELL V505\DLDWMON.EXE
C:\PROGRAM FILES\DELL V505\DLDWMsdMon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com
uSearch Page = hxxp://www.google.ca
uSearch Bar = hxxp://www.google.ca
uDefault_Page_URL = www.google.ca
mSearchAssistant = hxxp://www.google.ca/hws/sb/dell-row-re ... channel=ca
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
mRun: [PMX Daemon] ICO.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shoc ... swax70.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0224397546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0226166093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://rexall.lifepics.com/net/Uploader ... ader57.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF02F204-3D87-4A1E-B3D0-6AEA24B0D0F3} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\barry\application data\mozilla\firefox\profiles\zmp8f5hg.default\
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&t ... 9A63810A3F
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-24 337880]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-9-12 704384]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-3-8 98392]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-24 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 44768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1983232]
R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldwserv.exe [2009-8-25 99568]
S3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-9-12 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-9-12 257432]
S4 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2009-7-23 1048576]
S4 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2009-7-23 1245184]
.
=============== Created Last 30 ================
.
2012-03-30 00:27:55 -------- d-----w- c:\documents and settings\all users\application data\Advanced Chemistry Development
.
==================== Find3M ====================
.
2012-03-11 21:13:45 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:44 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:43 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:19 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-09 02:49:13 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 12:16:43.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2009 9:11:44 PM
System Uptime: 4/9/2012 9:00:38 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 96.283 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1858: 1/10/2012 10:34:28 PM - System Checkpoint
RP1859: 1/11/2012 11:36:14 AM - Software Distribution Service 3.0
RP1860: 1/11/2012 10:21:01 PM - Software Distribution Service 3.0
RP1861: 1/12/2012 11:14:56 PM - System Checkpoint
RP1862: 1/14/2012 10:01:44 AM - System Checkpoint
RP1863: 1/15/2012 2:22:55 PM - System Checkpoint
RP1864: 1/16/2012 5:10:18 PM - System Checkpoint
RP1865: 1/17/2012 8:17:41 PM - System Checkpoint
RP1866: 1/19/2012 11:57:31 AM - System Checkpoint
RP1867: 1/20/2012 8:24:29 PM - System Checkpoint
RP1868: 1/21/2012 8:25:45 PM - System Checkpoint
RP1869: 1/22/2012 8:33:45 PM - System Checkpoint
RP1870: 1/25/2012 10:01:54 AM - System Checkpoint
RP1871: 1/25/2012 10:04:01 PM - Software Distribution Service 3.0
RP1872: 1/27/2012 5:49:34 PM - System Checkpoint
RP1873: 1/29/2012 12:03:18 PM - System Checkpoint
RP1874: 1/30/2012 4:09:38 PM - System Checkpoint
RP1875: 2/1/2012 8:35:53 PM - System Checkpoint
RP1876: 2/2/2012 8:58:39 PM - System Checkpoint
RP1877: 2/2/2012 11:16:06 PM - Removed SUPERAntiSpyware Free Edition
RP1878: 2/4/2012 4:25:29 PM - System Checkpoint
RP1879: 2/5/2012 8:46:54 PM - System Checkpoint
RP1880: 2/6/2012 8:59:00 PM - System Checkpoint
RP1881: 2/7/2012 9:23:03 PM - System Checkpoint
RP1882: 2/8/2012 9:12:08 PM - Agnitum Outpost Firewall Restore Point: uninstall
RP1883: 2/8/2012 9:30:05 PM - Agnitum Outpost Firewall Restore Point: install
RP1884: 2/9/2012 5:12:29 PM - Software Distribution Service 3.0
RP1885: 2/10/2012 7:26:28 PM - System Checkpoint
RP1886: 2/11/2012 11:44:41 PM - System Checkpoint
RP1887: 2/13/2012 11:07:32 AM - System Checkpoint
RP1888: 2/14/2012 11:29:28 AM - System Checkpoint
RP1889: 2/15/2012 7:12:44 PM - System Checkpoint
RP1890: 2/15/2012 7:22:03 PM - Software Distribution Service 3.0
RP1891: 2/16/2012 8:48:23 PM - System Checkpoint
RP1892: 2/17/2012 10:07:05 PM - System Checkpoint
RP1893: 2/19/2012 11:01:07 AM - System Checkpoint
RP1894: 2/20/2012 11:11:40 AM - System Checkpoint
RP1895: 2/21/2012 5:18:31 PM - System Checkpoint
RP1896: 2/22/2012 8:13:55 PM - System Checkpoint
RP1897: 2/23/2012 9:10:25 PM - System Checkpoint
RP1898: 2/25/2012 5:04:07 PM - System Checkpoint
RP1899: 2/26/2012 7:45:44 PM - System Checkpoint
RP1900: 2/27/2012 7:58:38 PM - System Checkpoint
RP1901: 2/29/2012 9:02:52 AM - System Checkpoint
RP1902: 3/1/2012 9:46:50 AM - System Checkpoint
RP1903: 3/2/2012 3:22:48 PM - System Checkpoint
RP1904: 3/3/2012 4:31:46 PM - System Checkpoint
RP1905: 3/4/2012 4:53:02 PM - System Checkpoint
RP1906: 3/5/2012 8:26:06 PM - System Checkpoint
RP1907: 3/7/2012 8:47:04 AM - System Checkpoint
RP1908: 3/8/2012 8:56:31 AM - System Checkpoint
RP1909: 3/12/2012 8:49:41 PM - System Checkpoint
RP1910: 3/13/2012 1:26:36 PM - Software Distribution Service 3.0
RP1911: 3/13/2012 5:47:45 PM - Software Distribution Service 3.0
RP1912: 3/14/2012 6:37:20 PM - System Checkpoint
RP1913: 3/15/2012 6:47:06 PM - System Checkpoint
RP1914: 3/16/2012 7:29:08 PM - System Checkpoint
RP1915: 3/18/2012 7:03:30 PM - System Checkpoint
RP1916: 3/19/2012 7:39:13 PM - System Checkpoint
RP1917: 3/20/2012 8:11:38 PM - System Checkpoint
RP1918: 3/21/2012 9:35:20 PM - System Checkpoint
RP1919: 3/23/2012 9:18:40 AM - System Checkpoint
RP1920: 3/24/2012 1:01:46 PM - System Checkpoint
RP1921: 3/25/2012 7:15:02 PM - System Checkpoint
RP1922: 3/26/2012 8:18:46 PM - System Checkpoint
RP1923: 3/28/2012 9:15:33 AM - System Checkpoint
RP1924: 3/29/2012 9:16:06 AM - System Checkpoint
RP1925: 3/29/2012 8:38:28 PM - Removed Google Earth.
RP1926: 3/30/2012 8:55:57 PM - System Checkpoint
RP1927: 3/31/2012 9:32:15 PM - System Checkpoint
RP1928: 4/2/2012 8:54:55 AM - System Checkpoint
RP1929: 4/3/2012 9:19:19 AM - System Checkpoint
RP1930: 4/4/2012 5:10:46 PM - System Checkpoint
RP1931: 4/5/2012 8:03:47 PM - System Checkpoint
RP1932: 4/6/2012 8:49:55 PM - System Checkpoint
RP1933: 4/9/2012 10:27:06 AM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Any Video Converter 3.2.3
Apache HTTP Server 2.2.13
avast! Free Antivirus
Bell Internet Check-up
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Support 3.2.1
Dell System Restore
Dell V505
Digital Line Detect
ExamView Assessment Suite
FileZilla (remove only)
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Outlook Web Access S/MIME
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
Notebook Software
Notepad++
OLYMPUS Master 2
Paint.NET v3.5.8
Photo Story 3 for Windows
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SMART Board Drivers
Sonic Activation Module
Sonic Update Manager
SpywareBlaster 4.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Web Album Generator 1.8.2
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPatrol 2009
.
==== Event Viewer Messages From Past Week ========
.
4/6/2012 8:58:20 AM, error: Dhcp [1002] - The IP address lease 192.168.2.16 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/6/2012 8:27:15 PM, error: Dhcp [1002] - The IP address lease 192.168.2.19 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/6/2012 4:04:50 PM, error: Dhcp [1002] - The IP address lease 192.168.2.18 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/6/2012 2:05:45 PM, error: Dhcp [1002] - The IP address lease 192.168.2.17 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/6/2012 12:16:27 AM, error: Dhcp [1002] - The IP address lease 192.168.2.15 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/5/2012 8:20:08 AM, error: Dhcp [1002] - The IP address lease 192.168.2.12 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/5/2012 2:23:13 PM, error: Dhcp [1002] - The IP address lease 192.168.2.14 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/5/2012 10:47:36 AM, error: Dhcp [1002] - The IP address lease 192.168.2.13 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/4/2012 8:10:35 PM, error: Dhcp [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/4/2012 4:22:38 PM, error: Dhcp [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
4/3/2012 9:04:00 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
4/3/2012 9:01:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
4/3/2012 9:01:37 PM, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/3/2012 3:16:19 PM, error: RemoteAccess [20106] - Unable to add the interface {DF10A70B-7540-489B-83E8-116BA017FFE8} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
4/2/2012 5:38:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
4/2/2012 5:38:26 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm
Advertisement
Register to Remove

Re: computer compromised

Unread postby askey127 » April 9th, 2012, 2:02 pm

Hi frusterated,
You are concerned about outsiders getting into your machine, but it appears to have an Apache Server installed.
Why is that?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer compromised

Unread postby frusterated » April 9th, 2012, 7:29 pm

Thank you Askey127 for responding.

Apache is only on our computer so I can see what a website looks like before I put it on the Net when making changes.

Frusterated
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby askey127 » April 10th, 2012, 7:19 am

frusterated,
You have too many "security" programs. They will interfere with each other.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 9.4.1
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
SearchAssist
COMODO Internet Security

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Scroll down to the section on the page, labeled Java SE 7 Update 3, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Possible Router Issue
Now after that, I need you to tell me if you connect to the Internet via a Router.
If you do, you first need to review exactly how it was installed.
Routers have their own administrator username and password for the initial setup.
The trouble is the default users/passwords for each router are published.
If the default router password is not changed at installation, remote bots can insert their own server address in your router and intercept every communication.
Are you able to check whether the Router password is one assigned by you?

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer compromised

Unread postby frusterated » April 10th, 2012, 8:53 pm

Hi,

I have done everything you asked me to remove and/or install except one thing. I did not remove COMODO. The reason it looks like I have 2 firewalls is this. I used to have Outpost.

I was trying to download the latest version of it and when something messed up. Then I tried to uninstall it to try it again and it would not let me completely uninstall the files. Some were left behind and it will not let me delete them. I get an error message everytime I start my computer about the configuration of Outpost. I do not believe the Outpost firewall is working. So I then downloaded COMODO so I wouldn't be left without a firewall. I guess I really need to know how to get rid of the Outpost files completely.

Then I checked with my internet service provider about the default password for the router that we have. They helped me do a hard reset of the router and I did a change of access password.

Another question: How do I know or check to see if anyone is using the Apache server on my computer?


Thank you,
Frusterated
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby askey127 » April 11th, 2012, 6:44 am

frusterated,
OK. Good work.
I understand why you did as you said.
Now however, I really do need you to Uninstall Comodo. It will not play well with the necessary Avast!
We will take care of any necessary added installations later.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

COMODO Internet Security

Take extra care in answering questions posed by any Uninstaller.
If a question comes up during the removal, reply so as to remove all files and settings.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the contents of OTL.txt and Extras.txt
Tell me how the Comodo removal went.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer compromised

Unread postby frusterated » April 11th, 2012, 8:26 pm

Okay, Comodo is uninstalled.
Here is the OTL.txt file

OTL logfile created on: 4/11/2012 7:52:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 581.48 Mb Available Physical Memory | 57.35% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.86 Gb Total Space | 95.54 Gb Free Space | 65.50% Space Free | Partition Type: NTFS

Computer Name: MELISSA | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 19:45:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
PRC - [2012/04/10 17:35:40 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/27 11:33:28 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/07/23 16:13:58 | 002,596,864 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2008/06/05 00:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2008/06/05 00:49:08 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/24 12:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 09:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/08 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/11 16:06:27 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 16:06:10 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/11 14:18:39 | 001,755,136 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041101\algo.dll
MOD - [2012/02/16 09:04:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 09:02:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 08:59:21 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/13 16:02:11 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/06/05 00:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
MOD - [2008/06/05 00:49:08 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
MOD - [2008/05/28 17:37:42 | 001,036,288 | ---- | M] () -- C:\Program Files\Dell V505\dldwdrs.dll
MOD - [2008/05/28 17:37:06 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V505\dldwscw.dll
MOD - [2008/05/19 01:58:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2008/05/19 01:58:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2008/05/19 01:57:11 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2008/05/09 08:53:58 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldwdrpp.dll
MOD - [2008/05/07 16:42:00 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\dldwdrs.dll
MOD - [2008/04/25 02:44:40 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\DLDWcfg.dll
MOD - [2008/04/25 02:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V505\DLDWcfg.dll
MOD - [2008/04/23 03:53:14 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\dldwcaps.dll
MOD - [2008/04/23 03:53:14 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V505\dldwcaps.dll
MOD - [2008/04/23 03:51:16 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V505\dldwmonr.dll
MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008/03/10 07:30:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008/02/26 15:24:06 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\dldwcnv4.dll
MOD - [2008/02/26 15:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V505\dldwcnv4.dll
MOD - [2007/03/26 03:39:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2005/10/20 12:18:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/10 17:35:40 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/23 16:57:58 | 001,048,576 | ---- | M] (SMART Technologies ULC) [Disabled | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2009/07/23 16:51:42 | 001,245,184 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe -- (SMART Web Server)
SRV - [2009/07/23 16:13:58 | 002,596,864 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2008/05/16 10:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dldwcoms.exe -- (dldw_device)
SRV - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2006/07/24 12:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/05 05:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/11/22 19:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 19:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201203302906410DBC7ACC9A63810A3F"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/14 16:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/31 16:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 14:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 17:44:26 | 000,000,000 | ---D | M]

[2010/06/10 14:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions
[2012/03/29 20:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\zmp8f5hg.default\extensions
[2010/10/01 12:02:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\zmp8f5hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 14:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 16:41:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/03/29 20:25:50 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shoc ... swax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0224397546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0226166093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://rexall.lifepics.com/net/Uploader ... ader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF02F204-3D87-4A1E-B3D0-6AEA24B0D0F3}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell - "" = AutoRun
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 19:44:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2012/04/10 18:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sympatico Dial-up Accelerator
[2012/04/10 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sympatico Dial-up Accelerator
[2012/04/10 17:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/10 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/10 17:36:01 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/10 17:36:01 | 000,567,696 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/10 17:36:01 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/04/10 17:36:01 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/04/10 17:36:01 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/04/10 17:36:01 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/09 12:09:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2012/03/29 20:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 19:45:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2012/04/11 19:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/11 19:36:30 | 1063,165,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 18:31:48 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Outlook 2003.lnk
[2012/04/11 16:06:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/11 12:52:42 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 12:52:42 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 12:46:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 18:59:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/04/10 18:57:59 | 000,001,590 | ---- | M] () -- C:\Profile.xml
[2012/04/10 17:35:39 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/04/10 17:35:39 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/04/10 17:35:39 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/04/10 17:35:39 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/10 17:35:38 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/10 17:35:38 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/09 12:09:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2012/04/04 11:15:33 | 013,358,764 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\20070824023923250_tmobile_e105_ug.pdf
[2012/04/02 08:18:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 16:41:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/30 19:31:02 | 005,600,218 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\samsung-rugby-ii-user-guide.pdf
[2012/03/19 09:30:36 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 18:55:46 | 000,196,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 17:44:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 11:14:57 | 013,358,764 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\20070824023923250_tmobile_e105_ug.pdf
[2012/03/30 19:31:02 | 005,600,218 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\samsung-rugby-ii-user-guide.pdf
[2012/02/15 19:47:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 16:27:31 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012/01/01 16:27:31 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/01/01 16:27:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/09/21 19:17:25 | 000,137,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/11 17:53:33 | 000,000,252 | ---- | C] () -- C:\WINDOWS\InetHitr.INI
[2010/12/26 22:11:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/28 20:43:06 | 000,004,109 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\smxrsjou.kmd

========== LOP Check ==========

[2012/03/29 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2010/02/23 22:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/08 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/12/26 22:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/26 17:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2012/04/03 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/31 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2009/08/17 15:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/08/17 15:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2007/01/05 11:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/22 17:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\AnvSoft
[2010/11/26 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Leadertech
[2009/08/14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Notepad++
[2009/08/26 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\SMART Technologies
[2009/08/26 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\SMART Technologies Inc
[2009/08/17 19:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\V505 Series
[2009/08/13 00:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby frusterated » April 11th, 2012, 8:27 pm

And here is the extras.txt file

OTL Extras logfile created on: 4/11/2012 7:52:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 581.48 Mb Available Physical Memory | 57.35% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.86 Gb Total Space | 95.54 Gb Free Space | 65.50% Space Free | Partition Type: NTFS

Computer Name: MELISSA | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1168012140\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1168012140\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\WINDOWS\system32\dldwcoms.exe" = C:\WINDOWS\system32\dldwcoms.exe:*:Enabled:V505 Server -- ( )
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe:*:Enabled:SMART Web Server -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C68967-9790-40DA-86F7-FDB248A5CDB1}" = SMART Board Drivers
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C98A4FE-1F42-4F02-B738-F32886AE5467}" = Notebook Software
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.3
"avast" = avast! Free Antivirus
"BellCanada" = Bell Internet Check-up
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CodeBaby Player (Remove Only)1.0.2.19" = CodeBaby Player (Remove Only) 1.0.2.19
"Dell V505" = Dell V505
"ExamView Pro" = ExamView Assessment Suite
"FileZilla" = FileZilla (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"RealPlayer 6.0" = RealPlayer
"SlipStream" = Dial-up Accelerator
"SpywareBlaster_is1" = SpywareBlaster 4.5
"Web Album Generator_is1" = Web Album Generator 1.8.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 1:03:24 PM | Computer Name = MELISSA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17108, faulting
module mshtml.dll, version 7.0.6000.17108, fault address 0x000a2ca4.

Error - 4/5/2012 1:14:20 PM | Computer Name = MELISSA | Source = Application Error | ID = 1001
Description = Fault bucket -1458911743.

Error - 4/5/2012 3:02:51 PM | Computer Name = MELISSA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17108, faulting
module mshtml.dll, version 7.0.6000.17108, fault address 0x000a2ca4.

Error - 4/5/2012 3:04:28 PM | Computer Name = MELISSA | Source = Application Error | ID = 1001
Description = Fault bucket -1458911743.

Error - 4/5/2012 3:08:22 PM | Computer Name = MELISSA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17108, faulting
module flash11c.ocx, version 11.0.1.152, fault address 0x00195e74.

Error - 4/5/2012 3:08:49 PM | Computer Name = MELISSA | Source = Application Error | ID = 1001
Description = Fault bucket -1455733679.

Error - 4/7/2012 8:47:33 AM | Computer Name = MELISSA | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

Error - 4/9/2012 12:42:29 PM | Computer Name = MELISSA | Source = Application Error | ID = 1000
Description = Faulting application cfplogvw.exe, version 5.10.31649.2253, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 4/10/2012 5:47:11 PM | Computer Name = MELISSA | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module
spelling.api, version 10.1.1.33, fault address 0x0002525a.

Error - 4/11/2012 7:52:07 PM | Computer Name = MELISSA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/11/2012 5:13:07 PM | Computer Name = MELISSA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.12 for the Network Card with network
address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/11/2012 5:13:43 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService
service to connect.

Error - 4/11/2012 5:13:43 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7000
Description = The dldwCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 4/11/2012 5:16:05 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7022
Description = The Fax service hung on starting.

Error - 4/11/2012 5:16:13 PM | Computer Name = MELISSA | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {DF10A70B-7540-489B-83E8-116BA017FFE8}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/11/2012 7:36:32 PM | Computer Name = MELISSA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.13 for the Network Card with network
address 001676E34C19 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/11/2012 7:37:29 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService
service to connect.

Error - 4/11/2012 7:37:29 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7000
Description = The dldwCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 4/11/2012 7:39:49 PM | Computer Name = MELISSA | Source = Service Control Manager | ID = 7022
Description = The Fax service hung on starting.

Error - 4/11/2012 7:39:58 PM | Computer Name = MELISSA | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {DF10A70B-7540-489B-83E8-116BA017FFE8}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby askey127 » April 12th, 2012, 7:55 am

frusterated,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
    O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
    O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
    IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    
    :Files
    C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
    C:\Documents and Settings\All Users\Application Data\smxrsjou.kmd
    c:\Program Files\Agnitum\
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer compromised

Unread postby frusterated » April 12th, 2012, 4:46 pm

Here is the OTL Log:

OTL logfile created on: 4/12/2012 4:27:20 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 607.61 Mb Available Physical Memory | 59.93% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.86 Gb Total Space | 100.85 Gb Free Space | 69.14% Space Free | Partition Type: NTFS

Computer Name: MELISSA | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 19:45:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
PRC - [2012/04/10 17:35:40 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/27 11:33:28 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/07/23 16:13:58 | 002,596,864 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2008/06/05 00:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2008/06/05 00:49:08 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/24 12:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 09:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/08 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/12 15:32:18 | 001,755,136 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041201\algo.dll
MOD - [2012/04/11 16:06:27 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 16:06:10 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/02/16 09:04:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 09:02:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 08:59:21 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/13 16:02:11 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/06/05 00:49:14 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
MOD - [2008/06/05 00:49:08 | 000,677,104 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
MOD - [2008/05/28 17:37:42 | 001,036,288 | ---- | M] () -- C:\Program Files\Dell V505\dldwdrs.dll
MOD - [2008/05/28 17:37:06 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V505\dldwscw.dll
MOD - [2008/05/19 01:58:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2008/05/19 01:58:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2008/05/19 01:57:11 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2008/05/09 08:53:58 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldwdrpp.dll
MOD - [2008/04/25 02:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V505\DLDWcfg.dll
MOD - [2008/04/23 03:53:14 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V505\dldwcaps.dll
MOD - [2008/04/23 03:51:16 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V505\dldwmonr.dll
MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008/03/10 07:30:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008/02/26 15:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V505\dldwcnv4.dll
MOD - [2007/03/26 03:39:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2005/10/20 12:18:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/10 17:35:40 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/23 16:57:58 | 001,048,576 | ---- | M] (SMART Technologies ULC) [Disabled | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2009/07/23 16:51:42 | 001,245,184 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe -- (SMART Web Server)
SRV - [2009/07/23 16:13:58 | 002,596,864 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2008/05/16 10:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 10:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dldwcoms.exe -- (dldw_device)
SRV - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2006/07/24 12:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/05 05:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/11/22 19:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 19:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell ... bd=0070105
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-750667607-609576463-4231889917-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://blekko.com?source=c3348dd4&amp;tbp=homepage&amp;toolbarid=blekkotb&amp;u=201203302906410DBC7ACC9A63810A3F"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/14 16:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/31 16:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 14:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 17:44:26 | 000,000,000 | ---D | M]

[2010/06/10 14:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions
[2012/03/29 20:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\zmp8f5hg.default\extensions
[2010/10/01 12:02:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\zmp8f5hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 14:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 16:41:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-750667607-609576463-4231889917-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Sympatico Dial-up Accelerator\sliplsp.dll ()
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shoc ... swax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0224397546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0226166093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://rexall.lifepics.com/net/Uploader ... ader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF02F204-3D87-4A1E-B3D0-6AEA24B0D0F3}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell - "" = AutoRun
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ba407c8-8910-11de-92a5-001676e34c19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 15:59:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 19:44:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2012/04/10 18:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sympatico Dial-up Accelerator
[2012/04/10 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sympatico Dial-up Accelerator
[2012/04/10 17:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/10 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/09 12:09:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2012/03/29 20:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 16:16:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 16:16:00 | 1063,165,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/12 14:34:26 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Outlook 2003.lnk
[2012/04/11 19:45:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2012/04/11 16:06:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/11 12:52:42 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 12:52:42 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 12:46:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 18:59:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/04/10 18:57:59 | 000,001,590 | ---- | M] () -- C:\Profile.xml
[2012/04/09 12:09:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2012/04/04 11:15:33 | 013,358,764 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\20070824023923250_tmobile_e105_ug.pdf
[2012/04/02 08:18:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 16:41:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/30 19:31:02 | 005,600,218 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\samsung-rugby-ii-user-guide.pdf
[2012/03/19 09:30:36 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 18:55:46 | 000,196,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 17:44:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 11:14:57 | 013,358,764 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\20070824023923250_tmobile_e105_ug.pdf
[2012/03/30 19:31:02 | 005,600,218 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\samsung-rugby-ii-user-guide.pdf
[2012/02/15 19:47:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 16:27:31 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012/01/01 16:27:31 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/01/01 16:27:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/09/21 19:17:25 | 000,137,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/11 17:53:33 | 000,000,252 | ---- | C] () -- C:\WINDOWS\InetHitr.INI
[2010/12/26 22:11:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2012/03/29 20:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2010/02/23 22:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/08 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/12/26 22:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/26 17:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2012/04/03 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/31 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2009/08/17 15:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/08/17 15:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2007/01/05 11:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/22 17:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\AnvSoft
[2010/11/26 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Leadertech
[2009/08/14 16:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Notepad++
[2009/08/26 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\SMART Technologies
[2009/08/26 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\SMART Technologies Inc
[2009/08/17 19:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\V505 Series
[2009/08/13 00:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby frusterated » April 12th, 2012, 4:54 pm

Ok I also ran TDSS. Nothing was found.


Frusterated
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby askey127 » April 12th, 2012, 5:18 pm

frusterated,
I usually like to see the log, but I will take your word for it that TDSSK came up clean.
------------------------------------------------------------
Get Windows Firewall Status
Please go to Start, Run, type wscui.cpl into the box and hit <Enter>.
If it reports Firewall NOT ON, as I expect, click on the Windows Firewall icon below, and turn it ON.
-------------------------------------------------
Run the ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
You will, however, need to disable your current installed Anti-Virus.
DISABLE AVAST
Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
Avast On-Access Protection is now disabled.
Reverse the procedure to re-enable the On-Access Protection later.

  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan, otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer compromised

Unread postby frusterated » April 12th, 2012, 9:00 pm

Sorry, I forgot to look for the log in the c: directory. Here it is.

16:52:35.0765 2636 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:52:35.0968 2636 ============================================================
16:52:35.0968 2636 Current date / time: 2012/04/12 16:52:35.0968
16:52:35.0968 2636 SystemInfo:
16:52:35.0968 2636
16:52:35.0968 2636 OS Version: 5.1.2600 ServicePack: 3.0
16:52:35.0968 2636 Product type: Workstation
16:52:35.0968 2636 ComputerName: MELISSA
16:52:35.0968 2636 UserName: Barry
16:52:35.0968 2636 Windows directory: C:\WINDOWS
16:52:35.0968 2636 System windows directory: C:\WINDOWS
16:52:35.0968 2636 Processor architecture: Intel x86
16:52:35.0968 2636 Number of processors: 2
16:52:35.0968 2636 Page size: 0x1000
16:52:35.0968 2636 Boot type: Normal boot
16:52:35.0968 2636 ============================================================
16:52:38.0140 2636 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:38.0140 2636 \Device\Harddisk0\DR0:
16:52:38.0140 2636 MBR used
16:52:38.0140 2636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123B9121
16:52:38.0171 2636 Initialize success
16:52:38.0171 2636 ============================================================
16:52:45.0109 3896 ============================================================
16:52:45.0109 3896 Scan started
16:52:45.0109 3896 Mode: Manual;
16:52:45.0109 3896 ============================================================
16:52:46.0171 3896 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
16:52:46.0187 3896 Aavmker4 - ok
16:52:46.0203 3896 Abiosdsk - ok
16:52:46.0265 3896 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:52:46.0265 3896 abp480n5 - ok
16:52:46.0312 3896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:52:46.0328 3896 ACPI - ok
16:52:46.0343 3896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:52:46.0359 3896 ACPIEC - ok
16:52:46.0359 3896 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:52:46.0375 3896 adpu160m - ok
16:52:46.0390 3896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:52:46.0390 3896 aec - ok
16:52:46.0453 3896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:52:46.0453 3896 AFD - ok
16:52:46.0500 3896 afw (f85e257cae6133fcda85332fa52b455e) C:\WINDOWS\system32\DRIVERS\afw.sys
16:52:46.0500 3896 afw - ok
16:52:46.0562 3896 afwcore (90b57bf63271cd3df6bb264f91e0be35) C:\WINDOWS\system32\drivers\afwcore.sys
16:52:46.0578 3896 afwcore - ok
16:52:46.0625 3896 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:52:46.0640 3896 agp440 - ok
16:52:46.0640 3896 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:52:46.0656 3896 agpCPQ - ok
16:52:46.0671 3896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:52:46.0671 3896 Aha154x - ok
16:52:46.0687 3896 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:52:46.0687 3896 aic78u2 - ok
16:52:46.0718 3896 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:52:46.0718 3896 aic78xx - ok
16:52:46.0796 3896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:52:46.0796 3896 Alerter - ok
16:52:46.0812 3896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:52:46.0828 3896 ALG - ok
16:52:46.0828 3896 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:52:46.0828 3896 AliIde - ok
16:52:46.0843 3896 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:52:46.0843 3896 alim1541 - ok
16:52:46.0859 3896 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:52:46.0859 3896 amdagp - ok
16:52:46.0875 3896 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:52:46.0875 3896 amsint - ok
16:52:47.0031 3896 Apache2.2 (ff602eff71502b7e221b381b2c1c12b7) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
16:52:47.0031 3896 Apache2.2 - ok
16:52:47.0046 3896 AppMgmt - ok
16:52:47.0109 3896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:52:47.0109 3896 Arp1394 - ok
16:52:47.0140 3896 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:52:47.0140 3896 asc - ok
16:52:47.0156 3896 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:52:47.0156 3896 asc3350p - ok
16:52:47.0156 3896 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:52:47.0171 3896 asc3550 - ok
16:52:47.0296 3896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:52:47.0312 3896 aspnet_state - ok
16:52:47.0390 3896 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:52:47.0390 3896 aswFsBlk - ok
16:52:47.0406 3896 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
16:52:47.0421 3896 aswMon2 - ok
16:52:47.0453 3896 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
16:52:47.0453 3896 aswRdr - ok
16:52:47.0515 3896 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
16:52:47.0531 3896 aswSnx - ok
16:52:47.0609 3896 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
16:52:47.0609 3896 aswSP - ok
16:52:47.0656 3896 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
16:52:47.0656 3896 aswTdi - ok
16:52:47.0703 3896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:52:47.0703 3896 AsyncMac - ok
16:52:47.0750 3896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:52:47.0765 3896 atapi - ok
16:52:47.0765 3896 Atdisk - ok
16:52:47.0796 3896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:52:47.0796 3896 Atmarpc - ok
16:52:47.0843 3896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:52:47.0843 3896 AudioSrv - ok
16:52:47.0875 3896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:52:47.0875 3896 audstub - ok
16:52:47.0984 3896 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:52:47.0984 3896 avast! Antivirus - ok
16:52:48.0062 3896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:52:48.0062 3896 Beep - ok
16:52:48.0125 3896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:52:48.0140 3896 BITS - ok
16:52:48.0203 3896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:52:48.0218 3896 Browser - ok
16:52:48.0234 3896 bvrp_pci - ok
16:52:48.0281 3896 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:52:48.0281 3896 cbidf - ok
16:52:48.0312 3896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:52:48.0328 3896 cbidf2k - ok
16:52:48.0390 3896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:52:48.0406 3896 cd20xrnt - ok
16:52:48.0453 3896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:52:48.0468 3896 Cdaudio - ok
16:52:48.0515 3896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:52:48.0531 3896 Cdfs - ok
16:52:48.0562 3896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:52:48.0578 3896 Cdrom - ok
16:52:48.0578 3896 Changer - ok
16:52:48.0625 3896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:52:48.0640 3896 CiSvc - ok
16:52:48.0656 3896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:52:48.0656 3896 ClipSrv - ok
16:52:48.0765 3896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:48.0812 3896 clr_optimization_v2.0.50727_32 - ok
16:52:48.0875 3896 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:52:48.0875 3896 CmdIde - ok
16:52:48.0890 3896 COMSysApp - ok
16:52:48.0921 3896 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:52:48.0937 3896 Cpqarray - ok
16:52:49.0000 3896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:52:49.0000 3896 CryptSvc - ok
16:52:49.0046 3896 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:52:49.0046 3896 dac2w2k - ok
16:52:49.0093 3896 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:52:49.0093 3896 dac960nt - ok
16:52:49.0140 3896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:52:49.0156 3896 DcomLaunch - ok
16:52:49.0218 3896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:52:49.0218 3896 Dhcp - ok
16:52:49.0265 3896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:49.0265 3896 Disk - ok
16:52:49.0328 3896 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:52:49.0328 3896 DLABOIOM - ok
16:52:49.0343 3896 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:52:49.0343 3896 DLACDBHM - ok
16:52:49.0359 3896 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
16:52:49.0359 3896 DLADResN - ok
16:52:49.0375 3896 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:52:49.0375 3896 DLAIFS_M - ok
16:52:49.0390 3896 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:52:49.0390 3896 DLAOPIOM - ok
16:52:49.0390 3896 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:52:49.0406 3896 DLAPoolM - ok
16:52:49.0406 3896 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:52:49.0406 3896 DLARTL_N - ok
16:52:49.0421 3896 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:52:49.0421 3896 DLAUDFAM - ok
16:52:49.0437 3896 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:52:49.0437 3896 DLAUDF_M - ok
16:52:49.0484 3896 dldwCATSCustConnectService (49b921854424d2acf9e9cfa25fd2be91) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe
16:52:49.0484 3896 dldwCATSCustConnectService - ok
16:52:49.0500 3896 dldw_device - ok
16:52:49.0500 3896 dmadmin - ok
16:52:49.0546 3896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:52:49.0578 3896 dmboot - ok
16:52:49.0625 3896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:52:49.0625 3896 dmio - ok
16:52:49.0656 3896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:52:49.0656 3896 dmload - ok
16:52:49.0671 3896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:52:49.0687 3896 dmserver - ok
16:52:49.0750 3896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:52:49.0765 3896 DMusic - ok
16:52:49.0843 3896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:52:49.0859 3896 Dnscache - ok
16:52:49.0906 3896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:52:49.0906 3896 Dot3svc - ok
16:52:49.0984 3896 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:52:49.0984 3896 dpti2o - ok
16:52:50.0078 3896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:52:50.0078 3896 drmkaud - ok
16:52:50.0140 3896 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:52:50.0140 3896 DRVMCDB - ok
16:52:50.0156 3896 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:52:50.0156 3896 DRVNDDM - ok
16:52:50.0265 3896 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
16:52:50.0281 3896 DSproct - ok
16:52:50.0328 3896 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:52:50.0343 3896 E100B - ok
16:52:50.0437 3896 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:52:50.0437 3896 e1express - ok
16:52:50.0500 3896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:52:50.0500 3896 EapHost - ok
16:52:50.0578 3896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:52:50.0578 3896 ERSvc - ok
16:52:50.0625 3896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:52:50.0640 3896 Eventlog - ok
16:52:50.0671 3896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:52:50.0687 3896 EventSystem - ok
16:52:50.0750 3896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:52:50.0750 3896 Fastfat - ok
16:52:50.0812 3896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:52:50.0812 3896 FastUserSwitchingCompatibility - ok
16:52:50.0906 3896 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:52:50.0921 3896 Fax - ok
16:52:51.0000 3896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:52:51.0000 3896 Fdc - ok
16:52:51.0046 3896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:52:51.0046 3896 Fips - ok
16:52:51.0109 3896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:52:51.0125 3896 Flpydisk - ok
16:52:51.0187 3896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:52:51.0187 3896 FltMgr - ok
16:52:51.0296 3896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:52:51.0296 3896 FontCache3.0.0.0 - ok
16:52:51.0343 3896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:52:51.0343 3896 Fs_Rec - ok
16:52:51.0390 3896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:52:51.0390 3896 Ftdisk - ok
16:52:51.0437 3896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:52:51.0437 3896 Gpc - ok
16:52:51.0500 3896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:52:51.0500 3896 HDAudBus - ok
16:52:51.0578 3896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:52:51.0593 3896 helpsvc - ok
16:52:51.0609 3896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:52:51.0625 3896 HidServ - ok
16:52:51.0718 3896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:52:51.0718 3896 HidUsb - ok
16:52:51.0781 3896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:52:51.0781 3896 hkmsvc - ok
16:52:51.0859 3896 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:52:51.0859 3896 hpn - ok
16:52:51.0921 3896 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:52:51.0921 3896 HSFHWBS2 - ok
16:52:51.0984 3896 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:52:52.0031 3896 HSF_DP - ok
16:52:52.0093 3896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:52:52.0109 3896 HTTP - ok
16:52:52.0156 3896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:52:52.0171 3896 HTTPFilter - ok
16:52:52.0218 3896 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:52:52.0218 3896 i2omgmt - ok
16:52:52.0250 3896 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:52:52.0250 3896 i2omp - ok
16:52:52.0281 3896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:52:52.0281 3896 i8042prt - ok
16:52:52.0421 3896 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:52:52.0421 3896 IAANTMON - ok
16:52:52.0515 3896 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:52:52.0578 3896 ialm - ok
16:52:52.0625 3896 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
16:52:52.0625 3896 iaStor - ok
16:52:52.0734 3896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:52.0765 3896 idsvc - ok
16:52:52.0812 3896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:52:52.0812 3896 Imapi - ok
16:52:52.0859 3896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:52:52.0859 3896 ImapiService - ok
16:52:52.0890 3896 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:52:52.0890 3896 ini910u - ok
16:52:52.0968 3896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:52:52.0968 3896 IntelIde - ok
16:52:53.0046 3896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:52:53.0046 3896 intelppm - ok
16:52:53.0093 3896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:52:53.0093 3896 Ip6Fw - ok
16:52:53.0156 3896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:52:53.0156 3896 IpFilterDriver - ok
16:52:53.0203 3896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:52:53.0203 3896 IpInIp - ok
16:52:53.0265 3896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:52:53.0265 3896 IpNat - ok
16:52:53.0343 3896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:52:53.0343 3896 IPSec - ok
16:52:53.0437 3896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:52:53.0437 3896 IRENUM - ok
16:52:53.0500 3896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:52:53.0500 3896 isapnp - ok
16:52:53.0640 3896 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
16:52:53.0640 3896 JavaQuickStarterService - ok
16:52:53.0671 3896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:52:53.0671 3896 Kbdclass - ok
16:52:53.0703 3896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:52:53.0703 3896 kbdhid - ok
16:52:53.0734 3896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:52:53.0750 3896 kmixer - ok
16:52:53.0812 3896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:52:53.0812 3896 KSecDD - ok
16:52:53.0875 3896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:52:53.0890 3896 lanmanserver - ok
16:52:53.0953 3896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:52:53.0953 3896 lanmanworkstation - ok
16:52:54.0000 3896 lbrtfdc - ok
16:52:54.0062 3896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:52:54.0078 3896 LmHosts - ok
16:52:54.0218 3896 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
16:52:54.0218 3896 McciCMService - ok
16:52:54.0281 3896 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:52:54.0296 3896 MDM - ok
16:52:54.0406 3896 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:52:54.0406 3896 mdmxsdk - ok
16:52:54.0500 3896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:52:54.0500 3896 Messenger - ok
16:52:54.0562 3896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:54.0562 3896 mnmdd - ok
16:52:54.0609 3896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:52:54.0609 3896 mnmsrvc - ok
16:52:54.0640 3896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:52:54.0640 3896 Modem - ok
16:52:54.0718 3896 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:52:54.0718 3896 MODEMCSA - ok
16:52:54.0750 3896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:52:54.0765 3896 Mouclass - ok
16:52:54.0828 3896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:52:54.0828 3896 mouhid - ok
16:52:54.0859 3896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:52:54.0875 3896 MountMgr - ok
16:52:54.0921 3896 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:52:54.0921 3896 mraid35x - ok
16:52:55.0031 3896 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:52:55.0046 3896 MREMP50 - ok
16:52:55.0078 3896 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
16:52:55.0093 3896 MREMPR5 - ok
16:52:55.0140 3896 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS
16:52:55.0140 3896 MRENDIS5 - ok
16:52:55.0156 3896 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:52:55.0156 3896 MRESP50 - ok
16:52:55.0281 3896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:52:55.0296 3896 MRxDAV - ok
16:52:55.0359 3896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:52:55.0375 3896 MRxSmb - ok
16:52:55.0453 3896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:52:55.0453 3896 MSDTC - ok
16:52:55.0484 3896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:52:55.0500 3896 Msfs - ok
16:52:55.0500 3896 MSIServer - ok
16:52:55.0546 3896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:52:55.0562 3896 MSKSSRV - ok
16:52:55.0593 3896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:52:55.0593 3896 MSPCLOCK - ok
16:52:55.0640 3896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:52:55.0656 3896 MSPQM - ok
16:52:55.0718 3896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:52:55.0718 3896 mssmbios - ok
16:52:55.0796 3896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:52:55.0796 3896 Mup - ok
16:52:55.0875 3896 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
16:52:55.0875 3896 NAL - ok
16:52:55.0937 3896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:52:55.0953 3896 napagent - ok
16:52:56.0031 3896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:52:56.0031 3896 NDIS - ok
16:52:56.0093 3896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:52:56.0109 3896 NdisTapi - ok
16:52:56.0125 3896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:52:56.0125 3896 Ndisuio - ok
16:52:56.0187 3896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:52:56.0187 3896 NdisWan - ok
16:52:56.0281 3896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:52:56.0296 3896 NDProxy - ok
16:52:56.0312 3896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:52:56.0328 3896 NetBIOS - ok
16:52:56.0343 3896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:52:56.0343 3896 NetBT - ok
16:52:56.0406 3896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:52:56.0406 3896 NetDDE - ok
16:52:56.0421 3896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:52:56.0421 3896 NetDDEdsdm - ok
16:52:56.0453 3896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:52:56.0468 3896 Netlogon - ok
16:52:56.0484 3896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:52:56.0500 3896 Netman - ok
16:52:56.0609 3896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:56.0609 3896 NetTcpPortSharing - ok
16:52:56.0718 3896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:52:56.0718 3896 NIC1394 - ok
16:52:56.0796 3896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:52:56.0812 3896 Nla - ok
16:52:56.0875 3896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:52:56.0875 3896 Npfs - ok
16:52:56.0921 3896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:56.0937 3896 Ntfs - ok
16:52:57.0031 3896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:52:57.0046 3896 NtLmSsp - ok
16:52:57.0109 3896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:52:57.0125 3896 NtmsSvc - ok
16:52:57.0171 3896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:52:57.0171 3896 Null - ok
16:52:57.0281 3896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:52:57.0328 3896 nv - ok
16:52:57.0390 3896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:57.0406 3896 NwlnkFlt - ok
16:52:57.0437 3896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:57.0453 3896 NwlnkFwd - ok
16:52:57.0515 3896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:52:57.0531 3896 ohci1394 - ok
16:52:57.0625 3896 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:57.0625 3896 ose - ok
16:52:57.0671 3896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:52:57.0687 3896 Parport - ok
16:52:57.0734 3896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:57.0734 3896 PartMgr - ok
16:52:57.0765 3896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:57.0765 3896 ParVdm - ok
16:52:57.0796 3896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:57.0796 3896 PCI - ok
16:52:57.0828 3896 PCIDump - ok
16:52:57.0859 3896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:57.0859 3896 PCIIde - ok
16:52:57.0906 3896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:52:57.0906 3896 Pcmcia - ok
16:52:57.0937 3896 PDCOMP - ok
16:52:57.0937 3896 PDFRAME - ok
16:52:57.0968 3896 PDRELI - ok
16:52:58.0000 3896 PDRFRAME - ok
16:52:58.0062 3896 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:52:58.0062 3896 perc2 - ok
16:52:58.0125 3896 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:52:58.0125 3896 perc2hib - ok
16:52:58.0218 3896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:52:58.0234 3896 PlugPlay - ok
16:52:58.0250 3896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:52:58.0265 3896 PolicyAgent - ok
16:52:58.0328 3896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:58.0328 3896 PptpMiniport - ok
16:52:58.0343 3896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:52:58.0343 3896 ProtectedStorage - ok
16:52:58.0359 3896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:52:58.0375 3896 PSched - ok
16:52:58.0406 3896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:58.0421 3896 Ptilink - ok
16:52:58.0500 3896 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:52:58.0500 3896 PxHelp20 - ok
16:52:58.0531 3896 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:52:58.0531 3896 ql1080 - ok
16:52:58.0546 3896 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:52:58.0546 3896 Ql10wnt - ok
16:52:58.0562 3896 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:52:58.0562 3896 ql12160 - ok
16:52:58.0578 3896 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:52:58.0578 3896 ql1240 - ok
16:52:58.0593 3896 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:52:58.0609 3896 ql1280 - ok
16:52:58.0625 3896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:58.0640 3896 RasAcd - ok
16:52:58.0687 3896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:52:58.0703 3896 RasAuto - ok
16:52:58.0750 3896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:58.0750 3896 Rasl2tp - ok
16:52:58.0812 3896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:52:58.0828 3896 RasMan - ok
16:52:58.0843 3896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:58.0859 3896 RasPppoe - ok
16:52:58.0875 3896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:58.0890 3896 Raspti - ok
16:52:58.0921 3896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:58.0921 3896 Rdbss - ok
16:52:58.0953 3896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:58.0953 3896 RDPCDD - ok
16:52:58.0984 3896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:59.0000 3896 rdpdr - ok
16:52:59.0078 3896 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:59.0078 3896 RDPWD - ok
16:52:59.0125 3896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:52:59.0140 3896 RDSessMgr - ok
16:52:59.0171 3896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:59.0171 3896 redbook - ok
16:52:59.0250 3896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:52:59.0265 3896 RemoteAccess - ok
16:52:59.0312 3896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:52:59.0312 3896 RpcLocator - ok
16:52:59.0359 3896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:52:59.0375 3896 RpcSs - ok
16:52:59.0421 3896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:52:59.0421 3896 RSVP - ok
16:52:59.0468 3896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:52:59.0468 3896 SamSs - ok
16:52:59.0546 3896 SandBox (57ef0a92bada411c563384c08a4a25cd) C:\WINDOWS\system32\drivers\SandBox.sys
16:52:59.0578 3896 SandBox - ok
16:52:59.0625 3896 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
16:52:59.0640 3896 SBRE - ok
16:52:59.0687 3896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:52:59.0703 3896 SCardSvr - ok
16:52:59.0734 3896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:52:59.0750 3896 Schedule - ok
16:52:59.0812 3896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:59.0812 3896 Secdrv - ok
16:52:59.0843 3896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:52:59.0843 3896 seclogon - ok
16:52:59.0890 3896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:52:59.0906 3896 SENS - ok
16:52:59.0984 3896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:52:59.0984 3896 serenum - ok
16:53:00.0046 3896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:53:00.0046 3896 Serial - ok
16:53:00.0125 3896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:53:00.0125 3896 Sfloppy - ok
16:53:00.0187 3896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:53:00.0203 3896 SharedAccess - ok
16:53:00.0296 3896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:53:00.0312 3896 ShellHWDetection - ok
16:53:00.0312 3896 Simbad - ok
16:53:00.0359 3896 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:53:00.0359 3896 sisagp - ok
16:53:00.0515 3896 SMART Board Service (0ce9c796058f92fa31ae709356cf1672) C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
16:53:00.0578 3896 SMART Board Service - ok
16:53:00.0656 3896 SMART SNMP Agent Service (8be046bafc02268336771d5d6acec95e) C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
16:53:00.0687 3896 SMART SNMP Agent Service - ok
16:53:00.0781 3896 SMART Web Server (c12b46f3829d66c1b429e9ffb0420a98) C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
16:53:00.0828 3896 SMART Web Server - ok
16:53:00.0906 3896 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:53:00.0921 3896 Sparrow - ok
16:53:00.0968 3896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:53:00.0968 3896 splitter - ok
16:53:01.0031 3896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:53:01.0046 3896 Spooler - ok
16:53:01.0093 3896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:53:01.0093 3896 sr - ok
16:53:01.0171 3896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:53:01.0187 3896 srservice - ok
16:53:01.0250 3896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:53:01.0250 3896 Srv - ok
16:53:01.0328 3896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:53:01.0343 3896 SSDPSRV - ok
16:53:01.0421 3896 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
16:53:01.0453 3896 STHDA - ok
16:53:01.0531 3896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:53:01.0546 3896 stisvc - ok
16:53:01.0609 3896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:53:01.0609 3896 swenum - ok
16:53:01.0640 3896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:53:01.0640 3896 swmidi - ok
16:53:01.0640 3896 SwPrv - ok
16:53:01.0687 3896 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:53:01.0687 3896 symc810 - ok
16:53:01.0750 3896 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:53:01.0750 3896 symc8xx - ok
16:53:01.0765 3896 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:53:01.0781 3896 sym_hi - ok
16:53:01.0796 3896 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:53:01.0812 3896 sym_u3 - ok
16:53:01.0828 3896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:53:01.0828 3896 sysaudio - ok
16:53:01.0890 3896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:53:01.0906 3896 SysmonLog - ok
16:53:01.0953 3896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:53:01.0968 3896 TapiSrv - ok
16:53:02.0031 3896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:53:02.0046 3896 Tcpip - ok
16:53:02.0109 3896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:53:02.0109 3896 TDPIPE - ok
16:53:02.0125 3896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:53:02.0140 3896 TDTCP - ok
16:53:02.0171 3896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:53:02.0187 3896 TermDD - ok
16:53:02.0281 3896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:53:02.0281 3896 TermService - ok
16:53:02.0375 3896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:53:02.0375 3896 Themes - ok
16:53:02.0421 3896 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:53:02.0421 3896 TosIde - ok
16:53:02.0453 3896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:53:02.0468 3896 TrkWks - ok
16:53:02.0500 3896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:53:02.0531 3896 Udfs - ok
16:53:02.0546 3896 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:53:02.0562 3896 ultra - ok
16:53:02.0609 3896 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:53:02.0640 3896 UMWdf - ok
16:53:02.0687 3896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:53:02.0703 3896 Update - ok
16:53:02.0750 3896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:53:02.0765 3896 upnphost - ok
16:53:02.0781 3896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:53:02.0796 3896 UPS - ok
16:53:02.0875 3896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:53:02.0875 3896 usbccgp - ok
16:53:02.0953 3896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:53:02.0953 3896 usbehci - ok
16:53:03.0015 3896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:53:03.0015 3896 usbhub - ok
16:53:03.0078 3896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:53:03.0078 3896 usbprint - ok
16:53:03.0093 3896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:53:03.0109 3896 usbscan - ok
16:53:03.0171 3896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:53:03.0171 3896 USBSTOR - ok
16:53:03.0218 3896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:53:03.0218 3896 usbuhci - ok
16:53:03.0250 3896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:53:03.0250 3896 VgaSave - ok
16:53:03.0281 3896 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:53:03.0296 3896 viaagp - ok
16:53:03.0359 3896 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:53:03.0359 3896 ViaIde - ok
16:53:03.0390 3896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:53:03.0390 3896 VolSnap - ok
16:53:03.0421 3896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:53:03.0437 3896 VSS - ok
16:53:03.0531 3896 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:53:03.0546 3896 w32time - ok
16:53:03.0609 3896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:53:03.0609 3896 Wanarp - ok
16:53:03.0656 3896 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:53:03.0656 3896 wanatw - ok
16:53:03.0703 3896 WDICA - ok
16:53:03.0781 3896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:53:03.0781 3896 wdmaud - ok
16:53:03.0828 3896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:53:03.0843 3896 WebClient - ok
16:53:03.0890 3896 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:53:03.0906 3896 winachsf - ok
16:53:03.0968 3896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:53:03.0968 3896 winmgmt - ok
16:53:04.0015 3896 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:53:04.0031 3896 WmdmPmSN - ok
16:53:04.0062 3896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:53:04.0062 3896 WmiApSrv - ok
16:53:04.0093 3896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:53:04.0093 3896 WS2IFSL - ok
16:53:04.0156 3896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:53:04.0171 3896 wscsvc - ok
16:53:04.0187 3896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:53:04.0187 3896 wuauserv - ok
16:53:04.0250 3896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:53:04.0265 3896 WZCSVC - ok
16:53:04.0312 3896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:53:04.0328 3896 xmlprov - ok
16:53:04.0343 3896 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
16:53:04.0375 3896 \Device\Harddisk0\DR0 - ok
16:53:04.0406 3896 Boot (0x1200) (fade24e19c55c9d19d3fb16c6ae316bd) \Device\Harddisk0\DR0\Partition0
16:53:04.0406 3896 \Device\Harddisk0\DR0\Partition0 - ok
16:53:04.0406 3896 ============================================================
16:53:04.0406 3896 Scan finished
16:53:04.0406 3896 ============================================================
16:53:04.0421 2448 Detected object count: 0
16:53:04.0421 2448 Actual detected object count: 0
16:53:13.0453 2632 Deinitialize success
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby frusterated » April 12th, 2012, 10:12 pm

Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=54e4932972b7fb499f22c46a1f0a1504
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-13 01:59:01
# local_time=2012-04-12 09:59:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 66336282 66336282 0 0
# compatibility_mode=6912 16777215 100 0 4602799 4602799 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=71377
# found=0
# cleaned=0
# scan_time=2712
frusterated
Regular Member
 
Posts: 56
Joined: May 28th, 2009, 8:36 pm

Re: computer compromised

Unread postby askey127 » April 13th, 2012, 5:33 am

frusterated,
Looks like your machine is probably OK.
Download and run Malwarebytes so that you have an anti-spyware program on board.
It does not run full time. Update it and run it every week or two.
Used In conjunction with your Avast! antivirus, you should have good protection.

You should maintain ONE antivirus and ONE antispyware program only. More will reduce your protection and may make the system unstable.
As long as you are behind a router with this setup, you shouldn't need a third party firewall.

----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply. (If the log looks OK, you don't need to post it)
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
(If you wish you can still use the Winpatrol 2009 you already have)
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

About startups:
If you right click the Winpatrol "ScottyDog" icon in the system tray, and choose "Startup Info", you will see the list of everything that starts automatically on your machine.
If you highlight any one of them and choose "Disable", that program will no longer start automatically.
The program is still on the machine, and still retained in the list, but now listed as "Disabled".
If you change your mind, you can highlight the same program again and choose "Enable" so it will again start automatically.
In this way you can exercise complete control over which programs start automatically.
You should be able to use this to disable your Apache Server except when you need to use it.
Any program that has startup Disabled can still be used from Start, Programs.

Barring any unexpected results, you should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 387 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware