Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP, all files hidden and cascading 'error' windows


  • Please log in to reply
7 replies to this topic

#1 devessi

devessi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 July 2012 - 07:16 PM

A few hours ago while I was playing an online game and watching Netflix, Microsoft Security Essentials popped up saying that it was taking care of detected threats and that no further action was necessary. Twenty minutes after that, I got a cascade of windows across my screen (12-15, at least) saying the same message: 'System Error. Hard disk failure detected'. Then my desktop background disappeared. Then my desktop icons. Then my start menu items systematically vanished. I ran a full scan with an updated Microsoft Security Essentials, it picked up nothing. I immediately rebooted into Safe mode with Networking and repeated the scan. Still nothing. I downloaded Malwarebytes and TDSSKiller after Googling the error message and getting an idea of what it was, except TDSSKiller came up clean, as did Malwarebytes. I rebooted into normal mode again and again got the cascade of fake error messages. Went back into Safe Mode, ran all three scans again. Still nothing. I was thoroughly confused at this point and figured I would just do a system restore. I realized that every link in my start menu had been moved elsewhere. I located the temp folder they were in, accessed system restore through that, and.. nothing. I choose a date, click the Next button, and nothing happens. I have adminstrator access. Argh. Help, please, before I tear my hair out. Thank you.

ETA:
Oh, I almost forgot. I have to use Internet Explorer to write this, since anytime I try and open Firefox it gives me a message that it's already running but not responding. There's no Firefox process showing under task manager.

Edited by devessi, 01 July 2012 - 07:25 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:38 PM

Posted 01 July 2012 - 08:03 PM

Boot into safemode with networking

Press Windows+R key and type

%temp% and click ok

Copy SMTMP folder to a safe location


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 devessi

devessi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 July 2012 - 04:15 AM

21:19:51.0796 1016 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:19:52.0093 1016 ============================================================
21:19:52.0093 1016 Current date / time: 2012/07/01 21:19:52.0093
21:19:52.0093 1016 SystemInfo:
21:19:52.0093 1016
21:19:52.0093 1016 OS Version: 5.1.2600 ServicePack: 3.0
21:19:52.0093 1016 Product type: Workstation
21:19:52.0093 1016 ComputerName: LYNNESCORE
21:19:52.0093 1016 UserName: Lynne
21:19:52.0093 1016 Windows directory: C:\WINDOWS
21:19:52.0093 1016 System windows directory: C:\WINDOWS
21:19:52.0093 1016 Processor architecture: Intel x86
21:19:52.0093 1016 Number of processors: 2
21:19:52.0093 1016 Page size: 0x1000
21:19:52.0093 1016 Boot type: Safe boot with network
21:19:52.0093 1016 ============================================================
21:19:53.0781 1016 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:19:53.0796 1016 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:19:53.0796 1016 ============================================================
21:19:53.0796 1016 \Device\Harddisk0\DR0:
21:19:53.0796 1016 MBR partitions:
21:19:53.0796 1016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
21:19:53.0796 1016 \Device\Harddisk1\DR1:
21:19:53.0796 1016 MBR partitions:
21:19:53.0796 1016 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:19:53.0796 1016 ============================================================
21:19:53.0984 1016 E: <-> \Device\Harddisk0\DR0\Partition0
21:19:54.0031 1016 C: <-> \Device\Harddisk1\DR1\Partition0
21:19:54.0093 1016 ============================================================
21:19:54.0093 1016 Initialize success
21:19:54.0093 1016 ============================================================
21:20:30.0984 1172 ============================================================
21:20:30.0984 1172 Scan started
21:20:30.0984 1172 Mode: Manual; TDLFS;
21:20:30.0984 1172 ============================================================
21:20:31.0218 1172 Abiosdsk - ok
21:20:31.0234 1172 abp480n5 - ok
21:20:31.0296 1172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:20:31.0296 1172 ACPI - ok
21:20:31.0328 1172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:20:31.0328 1172 ACPIEC - ok
21:20:31.0437 1172 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:31.0437 1172 AdobeFlashPlayerUpdateSvc - ok
21:20:31.0453 1172 adpu160m - ok
21:20:31.0500 1172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:20:31.0515 1172 aec - ok
21:20:31.0562 1172 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:20:31.0562 1172 AegisP - ok
21:20:31.0593 1172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:20:31.0593 1172 AFD - ok
21:20:31.0609 1172 Aha154x - ok
21:20:31.0625 1172 aic78u2 - ok
21:20:31.0625 1172 aic78xx - ok
21:20:31.0687 1172 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:20:31.0687 1172 Alerter - ok
21:20:31.0718 1172 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:20:31.0718 1172 ALG - ok
21:20:31.0734 1172 AliIde - ok
21:20:31.0921 1172 Amazon Download Agent (820ad5c77de87f1986d7efd0b994e613) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
21:20:31.0921 1172 Amazon Download Agent - ok
21:20:32.0000 1172 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:20:32.0031 1172 Ambfilt - ok
21:20:32.0078 1172 amsint - ok
21:20:32.0156 1172 Apple Mobile Device (b8e865d24f2753a35cc2a9a6a3ce1ad4) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:20:32.0171 1172 Apple Mobile Device - ok
21:20:32.0171 1172 AppMgmt - ok
21:20:32.0187 1172 asc - ok
21:20:32.0203 1172 asc3350p - ok
21:20:32.0218 1172 asc3550 - ok
21:20:32.0312 1172 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:20:32.0343 1172 aspnet_state - ok
21:20:32.0390 1172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:20:32.0390 1172 AsyncMac - ok
21:20:32.0437 1172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:20:32.0437 1172 atapi - ok
21:20:32.0437 1172 Atdisk - ok
21:20:32.0484 1172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:20:32.0484 1172 Atmarpc - ok
21:20:32.0515 1172 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:20:32.0515 1172 AudioSrv - ok
21:20:32.0562 1172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:20:32.0562 1172 audstub - ok
21:20:32.0609 1172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:20:32.0609 1172 Beep - ok
21:20:32.0656 1172 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:20:32.0812 1172 BITS - ok
21:20:32.0875 1172 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
21:20:32.0875 1172 Bonjour Service - ok
21:20:32.0890 1172 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:20:32.0890 1172 Browser - ok
21:20:32.0921 1172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:20:32.0921 1172 cbidf2k - ok
21:20:32.0937 1172 cd20xrnt - ok
21:20:32.0953 1172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:20:32.0953 1172 Cdaudio - ok
21:20:32.0984 1172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:20:32.0984 1172 Cdfs - ok
21:20:33.0015 1172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:20:33.0015 1172 Cdrom - ok
21:20:33.0015 1172 Changer - ok
21:20:33.0062 1172 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:20:33.0062 1172 CiSvc - ok
21:20:33.0078 1172 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:20:33.0078 1172 ClipSrv - ok
21:20:33.0156 1172 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:33.0265 1172 clr_optimization_v2.0.50727_32 - ok
21:20:33.0281 1172 CmdIde - ok
21:20:33.0296 1172 COMSysApp - ok
21:20:33.0312 1172 Cpqarray - ok
21:20:33.0359 1172 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:20:33.0359 1172 CryptSvc - ok
21:20:33.0359 1172 dac2w2k - ok
21:20:33.0375 1172 dac960nt - ok
21:20:33.0531 1172 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\program files\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
21:20:33.0531 1172 DAUpdaterSvc - ok
21:20:33.0562 1172 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:20:33.0578 1172 DcomLaunch - ok
21:20:33.0625 1172 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:20:33.0625 1172 Dhcp - ok
21:20:33.0640 1172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:20:33.0656 1172 Disk - ok
21:20:33.0656 1172 dmadmin - ok
21:20:33.0703 1172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:20:33.0718 1172 dmboot - ok
21:20:33.0734 1172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:20:33.0750 1172 dmio - ok
21:20:33.0765 1172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:20:33.0781 1172 dmload - ok
21:20:33.0812 1172 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:20:33.0812 1172 dmserver - ok
21:20:33.0828 1172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:20:33.0828 1172 DMusic - ok
21:20:33.0859 1172 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:20:33.0859 1172 Dnscache - ok
21:20:33.0906 1172 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:20:33.0906 1172 Dot3svc - ok
21:20:33.0921 1172 dpti2o - ok
21:20:33.0953 1172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:20:33.0953 1172 drmkaud - ok
21:20:33.0968 1172 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:20:33.0968 1172 EapHost - ok
21:20:34.0000 1172 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:20:34.0000 1172 ERSvc - ok
21:20:34.0031 1172 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:20:34.0031 1172 Eventlog - ok
21:20:34.0078 1172 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:20:34.0078 1172 EventSystem - ok
21:20:34.0109 1172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:20:34.0109 1172 Fastfat - ok
21:20:34.0140 1172 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:20:34.0156 1172 FastUserSwitchingCompatibility - ok
21:20:34.0171 1172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:20:34.0171 1172 Fdc - ok
21:20:34.0187 1172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:20:34.0187 1172 Fips - ok
21:20:34.0203 1172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:20:34.0203 1172 Flpydisk - ok
21:20:34.0234 1172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:20:34.0234 1172 FltMgr - ok
21:20:34.0328 1172 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:34.0328 1172 FontCache3.0.0.0 - ok
21:20:34.0453 1172 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
21:20:34.0453 1172 ForcewareWebInterface - ok
21:20:34.0484 1172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:20:34.0484 1172 Fs_Rec - ok
21:20:34.0500 1172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:20:34.0500 1172 Ftdisk - ok
21:20:34.0546 1172 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:20:34.0546 1172 GEARAspiWDM - ok
21:20:34.0562 1172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:20:34.0562 1172 Gpc - ok
21:20:34.0578 1172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:20:34.0578 1172 HDAudBus - ok
21:20:34.0609 1172 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:20:34.0609 1172 helpsvc - ok
21:20:34.0625 1172 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:20:34.0625 1172 HidServ - ok
21:20:34.0656 1172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:20:34.0656 1172 HidUsb - ok
21:20:34.0703 1172 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:20:34.0703 1172 hkmsvc - ok
21:20:34.0718 1172 hpn - ok
21:20:34.0765 1172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:20:34.0781 1172 HTTP - ok
21:20:34.0781 1172 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:20:34.0796 1172 HTTPFilter - ok
21:20:34.0796 1172 i2omgmt - ok
21:20:34.0812 1172 i2omp - ok
21:20:34.0859 1172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:20:34.0859 1172 i8042prt - ok
21:20:34.0921 1172 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:20:34.0921 1172 IDriverT - ok
21:20:35.0078 1172 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:35.0093 1172 idsvc - ok
21:20:35.0140 1172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:35.0140 1172 Imapi - ok
21:20:35.0187 1172 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:20:35.0187 1172 ImapiService - ok
21:20:35.0203 1172 ini910u - ok
21:20:35.0437 1172 IntcAzAudAddService (063dd51cbdc37b8668e09148e0a118bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:20:35.0531 1172 IntcAzAudAddService - ok
21:20:35.0593 1172 IntelIde - ok
21:20:35.0640 1172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:20:35.0640 1172 intelppm - ok
21:20:35.0671 1172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:20:35.0671 1172 Ip6Fw - ok
21:20:35.0703 1172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:35.0703 1172 IpFilterDriver - ok
21:20:35.0734 1172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:35.0734 1172 IpInIp - ok
21:20:35.0765 1172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:35.0765 1172 IpNat - ok
21:20:35.0859 1172 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
21:20:35.0875 1172 iPod Service - ok
21:20:35.0875 1172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:35.0875 1172 IPSec - ok
21:20:35.0906 1172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:35.0906 1172 IRENUM - ok
21:20:35.0953 1172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:35.0953 1172 isapnp - ok
21:20:36.0078 1172 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:20:36.0078 1172 JavaQuickStarterService - ok
21:20:36.0093 1172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:36.0093 1172 Kbdclass - ok
21:20:36.0109 1172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:20:36.0140 1172 kmixer - ok
21:20:36.0156 1172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:36.0156 1172 KSecDD - ok
21:20:36.0203 1172 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:20:36.0203 1172 lanmanserver - ok
21:20:36.0234 1172 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:20:36.0234 1172 lanmanworkstation - ok
21:20:36.0250 1172 lbrtfdc - ok
21:20:36.0296 1172 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:20:36.0296 1172 LmHosts - ok
21:20:36.0328 1172 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:20:36.0328 1172 Messenger - ok
21:20:36.0359 1172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:36.0359 1172 mnmdd - ok
21:20:36.0390 1172 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:20:36.0390 1172 mnmsrvc - ok
21:20:36.0421 1172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:20:36.0421 1172 Modem - ok
21:20:36.0500 1172 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:20:36.0531 1172 Monfilt - ok
21:20:36.0609 1172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:36.0609 1172 Mouclass - ok
21:20:36.0656 1172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:36.0656 1172 mouhid - ok
21:20:36.0671 1172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:36.0671 1172 MountMgr - ok
21:20:36.0750 1172 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:20:36.0765 1172 MozillaMaintenance - ok
21:20:36.0828 1172 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:20:36.0843 1172 MpFilter - ok
21:20:36.0843 1172 mraid35x - ok
21:20:36.0859 1172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:36.0859 1172 MRxDAV - ok
21:20:36.0906 1172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:36.0906 1172 MRxSmb - ok
21:20:36.0953 1172 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:20:36.0953 1172 MSDTC - ok
21:20:36.0968 1172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:20:36.0968 1172 Msfs - ok
21:20:36.0984 1172 MSIServer - ok
21:20:37.0000 1172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:37.0000 1172 MSKSSRV - ok
21:20:37.0062 1172 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:20:37.0062 1172 MsMpSvc - ok
21:20:37.0109 1172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:37.0109 1172 MSPCLOCK - ok
21:20:37.0125 1172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:37.0125 1172 MSPQM - ok
21:20:37.0171 1172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:37.0171 1172 mssmbios - ok
21:20:37.0187 1172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:20:37.0187 1172 Mup - ok
21:20:37.0250 1172 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:20:37.0250 1172 napagent - ok
21:20:37.0265 1172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:20:37.0265 1172 NDIS - ok
21:20:37.0312 1172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:37.0312 1172 NdisTapi - ok
21:20:37.0328 1172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:37.0328 1172 Ndisuio - ok
21:20:37.0343 1172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:37.0343 1172 NdisWan - ok
21:20:37.0375 1172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:37.0375 1172 NDProxy - ok
21:20:37.0390 1172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:37.0390 1172 NetBIOS - ok
21:20:37.0406 1172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:37.0421 1172 NetBT - ok
21:20:37.0453 1172 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:20:37.0453 1172 NetDDE - ok
21:20:37.0468 1172 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:20:37.0468 1172 NetDDEdsdm - ok
21:20:37.0500 1172 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:20:37.0500 1172 Netlogon - ok
21:20:37.0531 1172 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:20:37.0531 1172 Netman - ok
21:20:37.0656 1172 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:37.0656 1172 NetTcpPortSharing - ok
21:20:37.0703 1172 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:20:37.0703 1172 Nla - ok
21:20:37.0718 1172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:20:37.0718 1172 Npfs - ok
21:20:37.0734 1172 npggsvc - ok
21:20:37.0859 1172 nSvcLog (381a4edac8c5d4327e27387686087a99) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
21:20:37.0859 1172 nSvcLog - ok
21:20:37.0921 1172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:37.0921 1172 Ntfs - ok
21:20:37.0937 1172 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:20:37.0937 1172 NtLmSsp - ok
21:20:37.0984 1172 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:20:37.0984 1172 NtmsSvc - ok
21:20:38.0046 1172 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:20:38.0046 1172 NuidFltr - ok
21:20:38.0093 1172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:20:38.0093 1172 Null - ok
21:20:38.0578 1172 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:20:39.0062 1172 nv - ok
21:20:39.0156 1172 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:20:39.0156 1172 nvata - ok
21:20:39.0203 1172 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:20:39.0203 1172 NVENETFD - ok
21:20:39.0265 1172 NVHDA (fb61db41abb47ff893a35dca09628d12) C:\WINDOWS\system32\drivers\nvhda32.sys
21:20:39.0265 1172 NVHDA - ok
21:20:39.0281 1172 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:20:39.0281 1172 nvnetbus - ok
21:20:39.0328 1172 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
21:20:39.0328 1172 NVSvc - ok
21:20:39.0484 1172 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:20:39.0515 1172 nvUpdatusService - ok
21:20:39.0546 1172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:39.0546 1172 NwlnkFlt - ok
21:20:39.0546 1172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:39.0546 1172 NwlnkFwd - ok
21:20:39.0625 1172 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:39.0625 1172 ose - ok
21:20:39.0671 1172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:39.0671 1172 Parport - ok
21:20:39.0687 1172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:39.0687 1172 PartMgr - ok
21:20:39.0718 1172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:39.0718 1172 ParVdm - ok
21:20:39.0734 1172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:39.0734 1172 PCI - ok
21:20:39.0750 1172 PCIDump - ok
21:20:39.0781 1172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:39.0781 1172 PCIIde - ok
21:20:39.0812 1172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:39.0812 1172 Pcmcia - ok
21:20:39.0828 1172 PDCOMP - ok
21:20:39.0828 1172 PDFRAME - ok
21:20:39.0843 1172 PDRELI - ok
21:20:39.0859 1172 PDRFRAME - ok
21:20:39.0875 1172 perc2 - ok
21:20:39.0890 1172 perc2hib - ok
21:20:39.0953 1172 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:20:39.0953 1172 PlugPlay - ok
21:20:39.0968 1172 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:20:39.0968 1172 PolicyAgent - ok
21:20:39.0984 1172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:39.0984 1172 PptpMiniport - ok
21:20:40.0000 1172 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:20:40.0000 1172 ProtectedStorage - ok
21:20:40.0015 1172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:40.0015 1172 PSched - ok
21:20:40.0031 1172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:40.0031 1172 Ptilink - ok
21:20:40.0109 1172 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:20:40.0109 1172 PxHelp20 - ok
21:20:40.0109 1172 ql1080 - ok
21:20:40.0125 1172 Ql10wnt - ok
21:20:40.0140 1172 ql12160 - ok
21:20:40.0156 1172 ql1240 - ok
21:20:40.0171 1172 ql1280 - ok
21:20:40.0234 1172 RalinkRegistryWriter (81bebbffe45855b7faf204c517fbeef1) C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe
21:20:40.0234 1172 RalinkRegistryWriter - ok
21:20:40.0265 1172 RAPIProtocol (488090449877fb7f9c2aff9ebf6689da) C:\WINDOWS\system32\DRIVERS\RAPIProtocol.sys
21:20:40.0265 1172 RAPIProtocol - ok
21:20:40.0296 1172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:40.0296 1172 RasAcd - ok
21:20:40.0328 1172 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:20:40.0343 1172 RasAuto - ok
21:20:40.0359 1172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:40.0359 1172 Rasl2tp - ok
21:20:40.0406 1172 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:20:40.0421 1172 RasMan - ok
21:20:40.0421 1172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:40.0437 1172 RasPppoe - ok
21:20:40.0437 1172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:40.0437 1172 Raspti - ok
21:20:40.0468 1172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:40.0468 1172 Rdbss - ok
21:20:40.0484 1172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:40.0484 1172 RDPCDD - ok
21:20:40.0531 1172 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:40.0531 1172 RDPWD - ok
21:20:40.0562 1172 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:20:40.0562 1172 RDSessMgr - ok
21:20:40.0578 1172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:40.0578 1172 redbook - ok
21:20:40.0609 1172 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:20:40.0609 1172 RemoteAccess - ok
21:20:40.0687 1172 RichVideo (1d4061cc5bc8e823d05e1e6e6c1224e3) C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:20:40.0687 1172 RichVideo - ok
21:20:40.0703 1172 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:20:40.0703 1172 RpcLocator - ok
21:20:40.0750 1172 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:20:40.0750 1172 RpcSs - ok
21:20:40.0765 1172 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:20:40.0781 1172 RSVP - ok
21:20:40.0843 1172 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:20:40.0859 1172 rt2870 - ok
21:20:40.0890 1172 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:20:40.0890 1172 SamSs - ok
21:20:40.0921 1172 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:20:40.0921 1172 SCardSvr - ok
21:20:40.0953 1172 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:20:40.0953 1172 Schedule - ok
21:20:40.0984 1172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:40.0984 1172 Secdrv - ok
21:20:41.0000 1172 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:20:41.0000 1172 seclogon - ok
21:20:41.0015 1172 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:20:41.0015 1172 SENS - ok
21:20:41.0046 1172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:41.0046 1172 serenum - ok
21:20:41.0062 1172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:20:41.0062 1172 Serial - ok
21:20:41.0093 1172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:41.0093 1172 Sfloppy - ok
21:20:41.0140 1172 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:20:41.0156 1172 SharedAccess - ok
21:20:41.0187 1172 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:20:41.0187 1172 ShellHWDetection - ok
21:20:41.0203 1172 Simbad - ok
21:20:41.0218 1172 Sparrow - ok
21:20:41.0265 1172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:20:41.0281 1172 splitter - ok
21:20:41.0281 1172 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:20:41.0281 1172 Spooler - ok
21:20:41.0328 1172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:41.0328 1172 sr - ok
21:20:41.0359 1172 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:20:41.0359 1172 srservice - ok
21:20:41.0406 1172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:41.0406 1172 Srv - ok
21:20:41.0453 1172 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:20:41.0453 1172 SSDPSRV - ok
21:20:41.0500 1172 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:20:41.0500 1172 stisvc - ok
21:20:41.0546 1172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:41.0546 1172 swenum - ok
21:20:41.0562 1172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:20:41.0562 1172 swmidi - ok
21:20:41.0578 1172 SwPrv - ok
21:20:41.0593 1172 symc810 - ok
21:20:41.0609 1172 symc8xx - ok
21:20:41.0625 1172 sym_hi - ok
21:20:41.0640 1172 sym_u3 - ok
21:20:41.0640 1172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:41.0656 1172 sysaudio - ok
21:20:41.0687 1172 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:20:41.0687 1172 SysmonLog - ok
21:20:41.0718 1172 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:20:41.0718 1172 TapiSrv - ok
21:20:41.0750 1172 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
21:20:41.0750 1172 tapvpn - ok
21:20:41.0796 1172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:41.0812 1172 Tcpip - ok
21:20:41.0843 1172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:41.0843 1172 TDPIPE - ok
21:20:41.0859 1172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:41.0875 1172 TDTCP - ok
21:20:41.0875 1172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:41.0875 1172 TermDD - ok
21:20:41.0921 1172 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:20:41.0921 1172 TermService - ok
21:20:41.0968 1172 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:20:41.0968 1172 Themes - ok
21:20:41.0968 1172 TosIde - ok
21:20:42.0015 1172 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:20:42.0015 1172 TrkWks - ok
21:20:42.0046 1172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:20:42.0046 1172 Udfs - ok
21:20:42.0062 1172 ultra - ok
21:20:42.0109 1172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:20:42.0125 1172 Update - ok
21:20:42.0156 1172 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:20:42.0171 1172 upnphost - ok
21:20:42.0187 1172 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:20:42.0187 1172 UPS - ok
21:20:42.0218 1172 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:20:42.0218 1172 USBAAPL - ok
21:20:42.0265 1172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:20:42.0265 1172 usbaudio - ok
21:20:42.0296 1172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:42.0296 1172 usbccgp - ok
21:20:42.0343 1172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:42.0343 1172 usbehci - ok
21:20:42.0359 1172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:42.0359 1172 usbhub - ok
21:20:42.0390 1172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:20:42.0406 1172 usbohci - ok
21:20:42.0406 1172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:42.0421 1172 usbscan - ok
21:20:42.0437 1172 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:42.0453 1172 usbstor - ok
21:20:42.0484 1172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:20:42.0484 1172 VgaSave - ok
21:20:42.0484 1172 ViaIde - ok
21:20:42.0578 1172 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
21:20:42.0578 1172 Viewpoint Manager Service - ok
21:20:42.0593 1172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:42.0593 1172 VolSnap - ok
21:20:42.0640 1172 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:20:42.0640 1172 VSS - ok
21:20:42.0703 1172 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:20:42.0703 1172 W32Time - ok
21:20:42.0718 1172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:42.0718 1172 Wanarp - ok
21:20:42.0781 1172 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:20:42.0796 1172 Wdf01000 - ok
21:20:42.0796 1172 WDICA - ok
21:20:42.0843 1172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:42.0843 1172 wdmaud - ok
21:20:42.0859 1172 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:20:42.0875 1172 WebClient - ok
21:20:42.0953 1172 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:42.0953 1172 winmgmt - ok
21:20:43.0015 1172 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:20:43.0015 1172 WmdmPmSN - ok
21:20:43.0062 1172 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:20:43.0062 1172 WmiApSrv - ok
21:20:43.0187 1172 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:20:43.0203 1172 WMPNetworkSvc - ok
21:20:43.0250 1172 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:20:43.0250 1172 WS2IFSL - ok
21:20:43.0296 1172 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:20:43.0312 1172 wscsvc - ok
21:20:43.0343 1172 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:20:43.0343 1172 wuauserv - ok
21:20:43.0375 1172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:20:43.0375 1172 WudfPf - ok
21:20:43.0390 1172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:20:43.0390 1172 WudfRd - ok
21:20:43.0437 1172 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:20:43.0531 1172 WudfSvc - ok
21:20:43.0578 1172 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:20:43.0593 1172 WZCSVC - ok
21:20:43.0625 1172 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:20:43.0687 1172 xmlprov - ok
21:20:43.0828 1172 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
21:20:43.0828 1172 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
21:20:43.0859 1172 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
21:20:46.0421 1172 \Device\Harddisk0\DR0 - ok
21:20:46.0453 1172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:20:46.0765 1172 \Device\Harddisk1\DR1 - ok
21:20:46.0765 1172 Boot (0x1200) (6c7f32bb7d7af91e1a0f43a2dafe9f2c) \Device\Harddisk0\DR0\Partition0
21:20:46.0765 1172 \Device\Harddisk0\DR0\Partition0 - ok
21:20:46.0781 1172 Boot (0x1200) (184f9f3223ea0e1d2b623375e165051a) \Device\Harddisk1\DR1\Partition0
21:20:46.0781 1172 \Device\Harddisk1\DR1\Partition0 - ok
21:20:46.0796 1172 ============================================================
21:20:46.0796 1172 Scan finished
21:20:46.0796 1172 ============================================================
21:20:46.0812 1100 Detected object count: 0
21:20:46.0812 1100 Actual detected object count: 0
21:20:56.0546 1012 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 21:21:51
-----------------------------
21:21:51.203 OS Version: Windows 5.1.2600 Service Pack 3
21:21:51.203 Number of processors: 2 586 0xF06
21:21:51.203 ComputerName: LYNNESCORE UserName: Lynne
21:21:51.953 Initialize success
21:23:56.781 AVAST engine defs: 12070101
21:24:11.140 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
21:24:11.140 Disk 0 Vendor: MAXTOR_STM3200820A 3.AAE Size: 190782MB BusType: 3
21:24:11.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000005f
21:24:11.171 Disk 1 Vendor: HDS725050KLA360 K2AOAB0A Size: 476940MB BusType: 3
21:24:11.187 Disk 1 MBR read successfully
21:24:11.203 Disk 1 MBR scan
21:24:11.234 Disk 1 Windows XP default MBR code
21:24:11.234 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
21:24:11.250 Disk 1 scanning sectors +976752000
21:24:11.312 Disk 1 scanning C:\WINDOWS\system32\drivers
21:24:19.281 Service scanning
21:24:35.125 Modules scanning
21:24:36.734 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
21:24:37.859 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
21:24:38.250 Disk 1 trace - called modules:
21:24:38.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
21:24:39.062 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfc971ab8]
21:24:39.484 3 CLASSPNP.SYS[f62c6fd7] -> nt!IofCallDriver -> \Device\00000060[0xfc8eeeb0]
21:24:39.890 5 ACPI.sys[f623d620] -> nt!IofCallDriver -> \Device\0000005f[0xfc943030]
21:24:40.906 AVAST engine scan C:\WINDOWS
21:25:01.734 AVAST engine scan C:\WINDOWS\system32
21:27:23.875 AVAST engine scan C:\WINDOWS\system32\drivers
21:27:43.140 AVAST engine scan C:\Documents and Settings\Lynne
22:11:48.750 AVAST engine scan C:\Documents and Settings\All Users
22:13:49.828 File: C:\Documents and Settings\All Users\Application Data\UcRvpnRyCbmfJu.exe **INFECTED** Win32:FakeAlert-CTE [Trj]
22:14:25.796 Scan finished successfully
22:15:52.687 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Lynne\My Documents\MBR.dat"
22:15:52.687 The log file has been saved successfully to "C:\Documents and Settings\Lynne\My Documents\aswMBR.txt"

C:\Documents and Settings\All Users\Application Data\UcRvpnRyCbmfJu.exe a variant of Win32/Kryptik.AHRE trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:38 PM

Posted 02 July 2012 - 11:38 AM

Do you have the SMTMP FOLDER?

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 devessi

devessi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 03 July 2012 - 04:27 AM

Thank you for your continued help. Yes, I saved the smtmp folder.

I ran MBAM from Safe Mode with Networking and found nothing. I rebooted into normal mode and scanned with it again, also found nothing. Scanning with that was the first thing I did when I got infected though, and it found nothing then either. However, when I rebooted into normal mode I did not get the cascade of fake popup errors.

MiniToolBox by Farbar Version: 25-06-2012
Ran by Lynne (administrator) on 03-07-2012 at 05:22:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.ftp_port", 80
"network.proxy.gopher", ""
"network.proxy.gopher_port", 80
"network.proxy.http_port", 80
"network.proxy.socks_port", 80
"network.proxy.ssl_port", 80

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

206.127.155.34 aion.patcher.ncsoft.com
127.0.0.1 localhost

========================= IP Configuration: ================================

INTELLINET 802.11n Wireless LAN Card = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : lynnescore

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.nh.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-19-21-3D-5A-C3



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.nh.comcast.net.

Description . . . . . . . . . . . : INTELLINET 802.11n Wireless LAN Card

Physical Address. . . . . . . . . : 00-1F-1F-C0-F5-9B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.196

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Monday, July 02, 2012 9:56:16 PM

Lease Expires . . . . . . . . . . : Tuesday, July 03, 2012 9:56:16 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.43.4, 173.194.43.1, 173.194.43.9, 173.194.43.3
173.194.43.14, 173.194.43.2, 173.194.43.8, 173.194.43.6, 173.194.43.5
173.194.43.7, 173.194.43.0



Pinging google.com [173.194.43.8] with 32 bytes of data:



Reply from 173.194.43.8: bytes=32 time=35ms TTL=56

Reply from 173.194.43.8: bytes=32 time=17ms TTL=56



Ping statistics for 173.194.43.8:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 35ms, Average = 26ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=116ms TTL=51

Reply from 72.30.38.140: bytes=32 time=119ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 116ms, Maximum = 119ms, Average = 117ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 21 3d 5a c3 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x20004 ...00 1f 1f c0 f5 9b ...... INTELLINET 802.11n Wireless LAN Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.196 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.196 192.168.0.196 20
192.168.0.0 255.255.255.0 192.168.0.196 192.168.0.196 20
192.168.0.196 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.196 192.168.0.196 20
224.0.0.0 240.0.0.0 192.168.0.196 192.168.0.196 20
255.255.255.255 255.255.255.255 192.168.0.196 2 1
255.255.255.255 255.255.255.255 192.168.0.196 192.168.0.196 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/02/2012 07:15:21 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.0.1526.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/01/2012 07:41:07 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8502.0, P3 1.129.804.0, P4 1.129.804.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (07/01/2012 05:37:50 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8502.0, P3 1.129.804.0, P4 1.129.804.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (07/01/2012 05:26:38 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8502.0, P3 1.129.804.0, P4 1.129.804.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (07/01/2012 04:45:53 PM) (Source: Application Error) (User: )
Description: Faulting application intellinet_ui.exe, version 2.2.2.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [intellinet_ui.exe!ws!]

Error: (07/01/2012 04:22:04 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module unknown, version 0.0.0.0, fault address 0x007b61d4.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (07/01/2012 04:22:01 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module unknown, version 0.0.0.0, fault address 0x007b61d4.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (07/01/2012 00:22:02 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module unknown, version 0.0.0.0, fault address 0x007b61d4.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/30/2012 07:22:03 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module unknown, version 0.0.0.0, fault address 0x007b61d4.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/30/2012 06:22:01 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module unknown, version 0.0.0.0, fault address 0x007b61d4.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]


System errors:
=============
Error: (07/02/2012 07:00:35 PM) (Source: Service Control Manager) (User: )
Description: The Forceware Web Interface service terminated with service-specific error 1 (0x1).

Error: (07/02/2012 06:59:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/02/2012 05:42:16 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:40:45 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:38:42 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:34:38 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:32:33 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:32:27 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:32:03 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/02/2012 05:31:53 PM) (Source: DCOM) (User: LYNNESCORE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (07/02/2012 07:15:21 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.0.1526.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (07/01/2012 07:41:07 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8502.01.129.804.01.129.804.0trojan_win32_fakesysdefNILNILNILNILNIL

Error: (07/01/2012 05:37:50 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8502.01.129.804.01.129.804.0trojan_win32_fakesysdefNILNILNILNILNIL

Error: (07/01/2012 05:26:38 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8502.01.129.804.01.129.804.0trojan_win32_fakesysdefNILNILNILNILNIL

Error: (07/01/2012 04:45:53 PM) (Source: Application Error)(User: )
Description: intellinet_ui.exe2.2.2.0ntdll.dll5.1.2600.6055000101b3

Error: (07/01/2012 04:22:04 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262unknown0.0.0.0007b61d4

Error: (07/01/2012 04:22:01 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262unknown0.0.0.0007b61d4

Error: (07/01/2012 00:22:02 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262unknown0.0.0.0007b61d4

Error: (06/30/2012 07:22:03 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262unknown0.0.0.0007b61d4

Error: (06/30/2012 06:22:01 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262unknown0.0.0.0007b61d4


=========================== Installed Programs ============================

7-Zip 9.20
ABC Amber LIT Converter
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Shockwave Player (Version: 10.2.0.22)
AIM 7
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon Kindle
Amnesia: The Dark Descent
Apple Mobile Device Support (Version: 2.1.1.13)
Apple Software Update (Version: 2.1.1.116)
Applian FLV Player (Version: 2.0.24)
Audacity 1.2.6
AutoHotkey 1.0.47.06 (Version: 1.0.47.06)
AutoUpdate (Version: 1.1)
Bastion
Bonjour (Version: 1.0.105)
Braid
CDisplay 1.8
Combined Community Codec Pack 2007-02-22 (Version: 2007-02-22 23:00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dear Esther
Diablo III (Version: 1.0.2.9858)
DivX Codec (Version: 6.8.0)
DivX Converter (Version: 6.6.0)
DivX Player (Version: 6.7.0)
DivX Web Player (Version: 1.5.0)
Download Manager 2.3.9 (Version: 2.3.9)
Download Updater (AOL LLC)
Dragon Age: Origins - Ultimate Edition
Dungeon Defenders
Dungeons of Dredmor
EA Download Manager (Version: 4.0.0.395)
ESET Online Scanner v3
EVGA Display Driver (Version: 1.00.000)
Fallen Earth
FileZilla Client 3.1.6 (Version: 3.1.6)
GCPP Knightfish
Google Chrome (Version: 20.0.1132.47)
Heroes of Newerth (Version: 0.9.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
INTELLINET 802.11 WIRELESS LAN CARD (Version: 1.0.8.0)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 8.0.1.11)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
K-Lite Codec Pack 8.4.0 (Full) (Version: 8.4.0)
Knit Design Studio (Version: 1.0.0.0)
League of Legends (Version: 1.0022)
LIMBO
Lone Survivor
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MaxBlast 4
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mumble 1.2.3 (Version: 1.2.3)
NCsoft Launcher (Version: 1.5.19002)
Neverwinter Nights 2 (Version: 1.00.0000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA ForceWare Network Access Manager (Version: 2.03.5023)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Octoshape add-in for Adobe Flash Player
Origin (Version: 8.4.1.210)
Planescape - Torment
PowerDVD (Version: 7.30.0000)
Psychonauts
QuickTime (Version: 7.55.90.70)
Realtek High Definition Audio Driver (Version: 5.10.0.6662)
Ruby 1.8.7-p352
Sid Meier's Civilization V
Skype™ 5.8 (Version: 5.8.156)
SmartFTP Client (Version: 3.0.1023.4)
SmartFTP Client 3.0 Setup Files (remove only) (Version: 3.0)
Speccy (Version: 1.16)
Steam (Version: 1.0.0.0)
StormFront
SUPER © Version 2008.bld.30 (Mar 22, 2008) (Version: Version 2008.bld.30 (Mar 22, 2008))
Super Meat Boy
Super Meat Boy Editor
Superbrothers: Sword & Sworcery EP
System Requirements Lab
TBS WMP Plug-in (Version: 1.00.676)
The Lord of the Rings Online™ v03.05.01.8027 (Version: 03.05.01.8027)
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 Seasons
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Teen Style Stuff
The Sims™ 3 (Version: 1.0.631)
TRAUMA
UnzipThemAll 1.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client (Version: 3.0.0)
Viewpoint Media Player
Warcraft III: All Products
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3071.48 MB
Available physical RAM: 1904.25 MB
Total Pagefile: 4483.78 MB
Available Pagefile: 3428.39 MB
Total Virtual: 2175.88 MB
Available Virtual: 2094.86 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:164.24 GB) NTFS
4 Drive e: (DRV2_VOL1) (Fixed) (Total:186.31 GB) (Free:41.45 GB) NTFS

========================= Users: ========================================

User accounts for \\LYNNESCORE

Administrator ASPNET Guest
HelpAssistant Lynne SUPPORT_388945a0
UpdatusUser


**** End of log ****

Edited by devessi, 03 July 2012 - 04:28 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:38 PM

Posted 03 July 2012 - 04:30 AM

Please run MBAM in normal mode>>FULL SCAN and post the log

Open SMTMP folder,you should have 1,2 and 4 sub folders

Copy contents of

folder named 1 to

C:\Documents and Settings\all users\startmenu

Click YES for replacing the programs folder

contents of folder named 2 to

C:\Documents and Settings\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch

contents of folder named 4 to

C:\Documents and Settings\all users\desktop

good luck

Let me know if you have any current issues

Edited by narenxp, 03 July 2012 - 04:31 AM.


#7 devessi

devessi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 03 July 2012 - 05:09 AM

This is the log of the full scan I ran in normal mode that finished up before I made my last post. Sorry, forgot to add it into the last one. I've replaced my desktop and start menu items, and it seems the only casualty is my desktop wallpaper. I appreciate your help, I hope this thing is actually gone.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lynne :: LYNNESCORE [administrator]

7/2/2012 7:02:29 PM
mbam-log-2012-07-02 (19-02-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459090
Time elapsed: 3 hour(s), 14 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:38 PM

Posted 03 July 2012 - 09:34 AM

Press Windows+R key and type

regedit and click ok

Navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Delete the value NoDesktop & NoActiveDesktop on right side

Go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Delete the value NoChangingWallPaper

Restart the PC and try to change your wallpaper.

Edited by narenxp, 03 July 2012 - 09:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users