Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Protection 2011 virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 84xads

84xads

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 18 November 2011 - 10:52 AM

I just got hit with AV Protection 2011 on my PC. I'm running Windows XP.

I ran rKill then Malwarebytes. Malwarebytes did not find any infected files but AV Protection is still there.

Thank you in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 18 November 2011 - 11:21 AM

Hello and welcome. I moved this to th Am I Infected forum.

There are a couple steps you may have missed,especially Safe Mode and step 23.
Let me know after doing ths.

Please follow our Removal Guide here Remove AV Protection 2011 .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 18 November 2011 - 07:08 PM

Looks like I removed AV Protection...here's my TDSS log

15:07:59.0765 1264 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
15:08:00.0375 1264 ============================================================
15:08:00.0375 1264 Current date / time: 2011/11/18 15:08:00.0375
15:08:00.0375 1264 SystemInfo:
15:08:00.0375 1264
15:08:00.0375 1264 OS Version: 5.1.2600 ServicePack: 3.0
15:08:00.0375 1264 Product type: Workstation
15:08:00.0375 1264 ComputerName: DPAHL
15:08:00.0375 1264 UserName: bthompson
15:08:00.0375 1264 Windows directory: C:\WINDOWS
15:08:00.0375 1264 System windows directory: C:\WINDOWS
15:08:00.0375 1264 Processor architecture: Intel x86
15:08:00.0375 1264 Number of processors: 1
15:08:00.0375 1264 Page size: 0x1000
15:08:00.0375 1264 Boot type: Safe boot with network
15:08:00.0375 1264 ============================================================
15:08:03.0265 1264 Initialize success
15:08:18.0078 1124 ============================================================
15:08:18.0078 1124 Scan started
15:08:18.0078 1124 Mode: Manual;
15:08:18.0078 1124 ============================================================
15:08:19.0328 1124 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:08:19.0343 1124 61883 - ok
15:08:19.0906 1124 Abiosdsk - ok
15:08:20.0500 1124 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:08:20.0515 1124 abp480n5 - ok
15:08:21.0156 1124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:21.0234 1124 ACPI - ok
15:08:21.0796 1124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:21.0812 1124 ACPIEC - ok
15:08:22.0421 1124 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:08:22.0453 1124 adpu160m - ok
15:08:23.0187 1124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:08:23.0234 1124 aec - ok
15:08:23.0890 1124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:08:23.0937 1124 AFD - ok
15:08:24.0500 1124 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:08:24.0515 1124 agp440 - ok
15:08:25.0156 1124 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:08:25.0187 1124 agpCPQ - ok
15:08:25.0796 1124 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:08:25.0796 1124 Aha154x - ok
15:08:26.0421 1124 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:08:26.0437 1124 aic78u2 - ok
15:08:27.0109 1124 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:08:27.0125 1124 aic78xx - ok
15:08:27.0781 1124 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:08:27.0781 1124 AliIde - ok
15:08:28.0375 1124 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:08:28.0390 1124 alim1541 - ok
15:08:29.0031 1124 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:08:29.0046 1124 amdagp - ok
15:08:29.0640 1124 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:08:29.0640 1124 amsint - ok
15:08:30.0265 1124 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:08:30.0265 1124 asc - ok
15:08:30.0859 1124 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:08:30.0859 1124 asc3350p - ok
15:08:31.0437 1124 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:08:31.0437 1124 asc3550 - ok
15:08:32.0156 1124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:32.0187 1124 AsyncMac - ok
15:08:32.0812 1124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:32.0812 1124 atapi - ok
15:08:33.0406 1124 Atdisk - ok
15:08:34.0000 1124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:34.0015 1124 Atmarpc - ok
15:08:34.0625 1124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:34.0656 1124 audstub - ok
15:08:35.0250 1124 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:08:35.0265 1124 Avc - ok
15:08:35.0875 1124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:35.0875 1124 Beep - ok
15:08:36.0484 1124 bvrp_pci - ok
15:08:37.0093 1124 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:08:37.0093 1124 cbidf - ok
15:08:37.0671 1124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:37.0671 1124 cbidf2k - ok
15:08:38.0281 1124 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:08:38.0296 1124 CCDECODE - ok
15:08:38.0953 1124 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:08:38.0968 1124 cd20xrnt - ok
15:08:39.0500 1124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:39.0515 1124 Cdaudio - ok
15:08:40.0125 1124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:40.0140 1124 Cdfs - ok
15:08:40.0750 1124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:40.0781 1124 Cdrom - ok
15:08:41.0312 1124 Changer - ok
15:08:42.0000 1124 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:08:42.0015 1124 CmdIde - ok
15:08:42.0640 1124 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:08:42.0656 1124 Cpqarray - ok
15:08:43.0390 1124 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:08:43.0453 1124 ctsfm2k - ok
15:08:44.0078 1124 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
15:08:44.0156 1124 CTUSFSYN - ok
15:08:44.0796 1124 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:08:44.0875 1124 dac2w2k - ok
15:08:45.0484 1124 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:08:45.0500 1124 dac960nt - ok
15:08:46.0203 1124 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
15:08:46.0218 1124 dfmirage - ok
15:08:46.0812 1124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:46.0828 1124 Disk - ok
15:08:47.0718 1124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:48.0015 1124 dmboot - ok
15:08:48.0734 1124 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:08:48.0796 1124 dmio - ok
15:08:49.0343 1124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:08:49.0343 1124 dmload - ok
15:08:49.0953 1124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:08:49.0968 1124 DMusic - ok
15:08:50.0656 1124 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:08:50.0781 1124 dot4 - ok
15:08:51.0375 1124 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys
15:08:51.0390 1124 Dot4 HPH09 - ok
15:08:51.0984 1124 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:08:51.0984 1124 Dot4Print - ok
15:08:52.0578 1124 Dot4Print HPH09 (d559e03b3168bc00011dd2b6f443ac71) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
15:08:52.0593 1124 Dot4Print HPH09 - ok
15:08:53.0265 1124 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:08:53.0312 1124 Dot4Scan - ok
15:08:53.0937 1124 Dot4Storage HPH09 (7e90e0199786c4bda3cf675b93544939) C:\WINDOWS\system32\Drivers\hphs2k09.sys
15:08:53.0953 1124 Dot4Storage HPH09 - ok
15:08:54.0546 1124 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:08:54.0562 1124 dot4usb - ok
15:08:55.0171 1124 Dot4Usb HPH09 (afcaa5b28bd1a3f9645e7ebee217c365) C:\WINDOWS\system32\drivers\hphius09.sys
15:08:55.0171 1124 Dot4Usb HPH09 - ok
15:08:55.0750 1124 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:08:55.0765 1124 dpti2o - ok
15:08:56.0328 1124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:08:56.0328 1124 drmkaud - ok
15:08:57.0015 1124 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:08:57.0046 1124 drvmcdb - ok
15:08:57.0609 1124 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
15:08:57.0625 1124 drvnddm - ok
15:08:58.0234 1124 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:08:58.0343 1124 E100B - ok
15:08:58.0546 1124 eeCtrl - ok
15:08:59.0234 1124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:08:59.0296 1124 Fastfat - ok
15:08:59.0953 1124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:08:59.0968 1124 Fdc - ok
15:09:00.0562 1124 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:09:00.0578 1124 Fips - ok
15:09:01.0203 1124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:09:01.0203 1124 Flpydisk - ok
15:09:01.0875 1124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:09:01.0906 1124 FltMgr - ok
15:09:02.0515 1124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:02.0515 1124 Fs_Rec - ok
15:09:03.0140 1124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:03.0203 1124 Ftdisk - ok
15:09:03.0906 1124 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:09:03.0906 1124 GEARAspiWDM - ok
15:09:04.0453 1124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:04.0468 1124 Gpc - ok
15:09:05.0140 1124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:05.0140 1124 HidUsb - ok
15:09:05.0734 1124 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:09:05.0734 1124 hpn - ok
15:09:06.0343 1124 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:09:06.0359 1124 HPZid412 - ok
15:09:06.0968 1124 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:09:06.0968 1124 HPZipr12 - ok
15:09:07.0562 1124 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:09:07.0562 1124 HPZius12 - ok
15:09:08.0234 1124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:08.0359 1124 HTTP - ok
15:09:09.0078 1124 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:09:09.0078 1124 i2omgmt - ok
15:09:09.0640 1124 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:09:09.0656 1124 i2omp - ok
15:09:10.0265 1124 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:10.0281 1124 i8042prt - ok
15:09:11.0328 1124 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:09:11.0781 1124 ialm - ok
15:09:12.0484 1124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:12.0500 1124 Imapi - ok
15:09:13.0250 1124 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:09:13.0265 1124 ini910u - ok
15:09:14.0421 1124 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
15:09:14.0921 1124 IntelC51 - ok
15:09:15.0968 1124 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
15:09:16.0187 1124 IntelC52 - ok
15:09:16.0984 1124 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
15:09:17.0000 1124 IntelC53 - ok
15:09:17.0718 1124 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:09:17.0718 1124 IntelIde - ok
15:09:18.0265 1124 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:09:18.0281 1124 intelppm - ok
15:09:18.0953 1124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:09:18.0968 1124 Ip6Fw - ok
15:09:19.0531 1124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:19.0531 1124 IpFilterDriver - ok
15:09:20.0125 1124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:20.0140 1124 IpInIp - ok
15:09:20.0750 1124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:20.0812 1124 IpNat - ok
15:09:21.0421 1124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:21.0437 1124 IPSec - ok
15:09:22.0046 1124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:22.0046 1124 IRENUM - ok
15:09:22.0656 1124 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
15:09:22.0687 1124 is3srv - ok
15:09:23.0343 1124 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:23.0343 1124 isapnp - ok
15:09:24.0031 1124 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:24.0046 1124 Kbdclass - ok
15:09:24.0609 1124 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:09:24.0609 1124 kbdhid - ok
15:09:25.0265 1124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:09:25.0359 1124 kmixer - ok
15:09:25.0968 1124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:26.0000 1124 KSecDD - ok
15:09:26.0593 1124 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:09:26.0593 1124 L8042Kbd - ok
15:09:27.0234 1124 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:09:27.0234 1124 L8042mou - ok
15:09:27.0796 1124 lbrtfdc - ok
15:09:28.0453 1124 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:09:28.0453 1124 LHidFilt - ok
15:09:29.0250 1124 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:09:29.0250 1124 LMouFilt - ok
15:09:29.0843 1124 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:09:29.0859 1124 LMouKE - ok
15:09:30.0453 1124 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:09:30.0531 1124 MarvinBus - ok
15:09:31.0171 1124 mcdbus - ok
15:09:31.0781 1124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:09:31.0781 1124 mnmdd - ok
15:09:32.0390 1124 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:09:32.0406 1124 Modem - ok
15:09:32.0984 1124 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:09:33.0000 1124 MODEMCSA - ok
15:09:33.0640 1124 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
15:09:33.0687 1124 mohfilt - ok
15:09:34.0375 1124 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:09:34.0375 1124 Mouclass - ok
15:09:35.0000 1124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:09:35.0000 1124 mouhid - ok
15:09:35.0625 1124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:09:35.0640 1124 MountMgr - ok
15:09:36.0250 1124 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:09:36.0250 1124 mraid35x - ok
15:09:36.0468 1124 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:09:36.0609 1124 MREMP50 - ok
15:09:36.0828 1124 MREMPR5 - ok
15:09:37.0031 1124 MRENDIS5 - ok
15:09:37.0296 1124 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:09:37.0312 1124 MRESP50 - ok
15:09:37.0937 1124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:09:38.0000 1124 MRxDAV - ok
15:09:38.0718 1124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:09:38.0906 1124 MRxSmb - ok
15:09:39.0593 1124 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:09:39.0609 1124 MSDV - ok
15:09:40.0203 1124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:09:40.0218 1124 Msfs - ok
15:09:40.0843 1124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:09:40.0859 1124 MSKSSRV - ok
15:09:41.0468 1124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:09:41.0484 1124 MSPCLOCK - ok
15:09:42.0062 1124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:09:42.0062 1124 MSPQM - ok
15:09:42.0640 1124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:09:42.0656 1124 mssmbios - ok
15:09:43.0296 1124 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:09:43.0296 1124 MSTEE - ok
15:09:43.0937 1124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:09:43.0984 1124 Mup - ok
15:09:44.0671 1124 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:09:44.0703 1124 NABTSFEC - ok
15:09:44.0906 1124 NAVENG - ok
15:09:45.0140 1124 NAVEX15 - ok
15:09:45.0781 1124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:09:45.0875 1124 NDIS - ok
15:09:46.0453 1124 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:09:46.0453 1124 NdisIP - ok
15:09:47.0046 1124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:09:47.0046 1124 NdisTapi - ok
15:09:47.0609 1124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:09:47.0625 1124 Ndisuio - ok
15:09:48.0250 1124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:09:48.0281 1124 NdisWan - ok
15:09:48.0843 1124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:09:48.0859 1124 NDProxy - ok
15:09:49.0468 1124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:09:49.0484 1124 NetBIOS - ok
15:09:50.0156 1124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:09:50.0203 1124 NetBT - ok
15:09:51.0031 1124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:09:51.0062 1124 Npfs - ok
15:09:51.0828 1124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:09:52.0046 1124 Ntfs - ok
15:09:52.0671 1124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:09:52.0671 1124 Null - ok
15:09:55.0515 1124 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:09:57.0796 1124 nv - ok
15:09:58.0359 1124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:09:58.0375 1124 NwlnkFlt - ok
15:09:58.0937 1124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:09:59.0000 1124 NwlnkFwd - ok
15:09:59.0640 1124 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:09:59.0687 1124 ossrv - ok
15:10:00.0765 1124 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
15:10:01.0234 1124 P17xfi - ok
15:10:02.0437 1124 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
15:10:03.0093 1124 p17xfilt - ok
15:10:03.0687 1124 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:10:03.0734 1124 Parport - ok
15:10:04.0328 1124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:10:04.0328 1124 PartMgr - ok
15:10:04.0859 1124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:10:04.0859 1124 ParVdm - ok
15:10:05.0578 1124 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
15:10:05.0593 1124 pavboot - ok
15:10:06.0234 1124 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:10:06.0265 1124 PCI - ok
15:10:06.0781 1124 PCIDump - ok
15:10:07.0390 1124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:10:07.0406 1124 PCIIde - ok
15:10:08.0015 1124 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:10:08.0093 1124 Pcmcia - ok
15:10:08.0625 1124 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS
15:10:08.0859 1124 PCTINDIS5 - ok
15:10:09.0406 1124 PDCOMP - ok
15:10:09.0921 1124 PDFRAME - ok
15:10:10.0546 1124 PDRELI - ok
15:10:11.0062 1124 PDRFRAME - ok
15:10:11.0671 1124 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:10:11.0687 1124 perc2 - ok
15:10:12.0265 1124 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:10:12.0281 1124 perc2hib - ok
15:10:13.0140 1124 PinnacleMarvinAVS (c463f4e36e7a90bed38483939adab014) C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys
15:10:13.0312 1124 PinnacleMarvinAVS - ok
15:10:14.0031 1124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:10:14.0046 1124 PptpMiniport - ok
15:10:14.0718 1124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:10:14.0750 1124 PSched - ok
15:10:15.0421 1124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:10:15.0437 1124 Ptilink - ok
15:10:16.0015 1124 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:10:16.0046 1124 PxHelp20 - ok
15:10:16.0656 1124 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:10:16.0671 1124 ql1080 - ok
15:10:17.0250 1124 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:10:17.0265 1124 Ql10wnt - ok
15:10:17.0859 1124 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:10:17.0875 1124 ql12160 - ok
15:10:18.0531 1124 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:10:18.0531 1124 ql1240 - ok
15:10:19.0156 1124 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:10:19.0171 1124 ql1280 - ok
15:10:19.0781 1124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:10:19.0781 1124 RasAcd - ok
15:10:20.0531 1124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:10:20.0546 1124 Rasl2tp - ok
15:10:21.0156 1124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:10:21.0171 1124 RasPppoe - ok
15:10:21.0718 1124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:10:21.0718 1124 Raspti - ok
15:10:22.0406 1124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:10:22.0484 1124 Rdbss - ok
15:10:23.0046 1124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:10:23.0093 1124 RDPCDD - ok
15:10:23.0765 1124 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:10:23.0859 1124 rdpdr - ok
15:10:24.0500 1124 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:10:24.0546 1124 RDPWD - ok
15:10:25.0187 1124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:10:25.0203 1124 redbook - ok
15:10:25.0828 1124 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:10:25.0843 1124 Revoflt - ok
15:10:26.0062 1124 SAVRT - ok
15:10:26.0187 1124 SAVRTPEL - ok
15:10:26.0828 1124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:10:26.0843 1124 Secdrv - ok
15:10:27.0687 1124 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
15:10:28.0000 1124 senfilt - ok
15:10:28.0609 1124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:10:28.0625 1124 serenum - ok
15:10:29.0218 1124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:10:29.0250 1124 Serial - ok
15:10:29.0875 1124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:10:29.0890 1124 Sfloppy - ok
15:10:30.0625 1124 Simbad - ok
15:10:31.0203 1124 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:10:31.0218 1124 sisagp - ok
15:10:31.0781 1124 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:10:31.0781 1124 SLIP - ok
15:10:32.0531 1124 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
15:10:32.0625 1124 smwdm - ok
15:10:33.0234 1124 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:10:33.0250 1124 Sparrow - ok
15:10:33.0375 1124 SPBBCDrv - ok
15:10:33.0968 1124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:10:33.0968 1124 splitter - ok
15:10:34.0921 1124 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
15:10:35.0359 1124 sptd - ok
15:10:36.0000 1124 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:10:36.0046 1124 sr - ok
15:10:36.0765 1124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:10:36.0906 1124 Srv - ok
15:10:37.0484 1124 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:10:37.0484 1124 sscdbhk5 - ok
15:10:38.0078 1124 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
15:10:38.0109 1124 ssrtln - ok
15:10:38.0687 1124 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:10:38.0687 1124 streamip - ok
15:10:39.0250 1124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:10:39.0250 1124 swenum - ok
15:10:39.0828 1124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:10:39.0843 1124 swmidi - ok
15:10:40.0640 1124 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:10:40.0640 1124 symc810 - ok
15:10:41.0234 1124 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:10:41.0234 1124 symc8xx - ok
15:10:41.0437 1124 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
15:10:41.0531 1124 SymEvent - ok
15:10:42.0156 1124 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:10:42.0187 1124 SYMREDRV - ok
15:10:42.0828 1124 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:10:42.0828 1124 SYMTDI - ok
15:10:43.0437 1124 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:10:43.0437 1124 sym_hi - ok
15:10:44.0015 1124 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:10:44.0031 1124 sym_u3 - ok
15:10:44.0625 1124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:10:44.0671 1124 sysaudio - ok
15:10:45.0296 1124 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
15:10:45.0328 1124 szkg5 - ok
15:10:46.0031 1124 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
15:10:46.0046 1124 szkgfs - ok
15:10:46.0796 1124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:10:46.0937 1124 Tcpip - ok
15:10:47.0515 1124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:10:47.0531 1124 TDPIPE - ok
15:10:48.0078 1124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:10:48.0093 1124 TDTCP - ok
15:10:48.0687 1124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:10:48.0703 1124 TermDD - ok
15:10:49.0281 1124 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
15:10:49.0328 1124 tfsnboio - ok
15:10:49.0843 1124 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
15:10:49.0859 1124 tfsncofs - ok
15:10:50.0484 1124 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
15:10:50.0484 1124 tfsndrct - ok
15:10:51.0078 1124 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
15:10:51.0093 1124 tfsndres - ok
15:10:51.0656 1124 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
15:10:51.0687 1124 tfsnifs - ok
15:10:52.0234 1124 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
15:10:52.0250 1124 tfsnopio - ok
15:10:52.0750 1124 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
15:10:52.0750 1124 tfsnpool - ok
15:10:53.0312 1124 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
15:10:53.0343 1124 tfsnudf - ok
15:10:53.0890 1124 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:10:53.0921 1124 tfsnudfa - ok
15:10:54.0546 1124 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:10:54.0546 1124 TosIde - ok
15:10:55.0187 1124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:10:55.0218 1124 Udfs - ok
15:10:55.0828 1124 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:10:55.0843 1124 ultra - ok
15:10:56.0531 1124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:10:56.0671 1124 Update - ok
15:10:57.0296 1124 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:10:57.0328 1124 USBAAPL - ok
15:10:57.0890 1124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:10:57.0906 1124 usbccgp - ok
15:10:58.0484 1124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:58.0500 1124 usbehci - ok
15:10:59.0093 1124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:59.0109 1124 usbhub - ok
15:10:59.0718 1124 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:10:59.0734 1124 usbprint - ok
15:11:00.0328 1124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:11:00.0343 1124 usbscan - ok
15:11:00.0984 1124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:11:00.0984 1124 USBSTOR - ok
15:11:01.0593 1124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:11:01.0593 1124 usbuhci - ok
15:11:02.0281 1124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:11:02.0281 1124 VgaSave - ok
15:11:02.0859 1124 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:11:02.0890 1124 viaagp - ok
15:11:03.0437 1124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:11:03.0437 1124 ViaIde - ok
15:11:04.0046 1124 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
15:11:04.0093 1124 viamraid - ok
15:11:04.0703 1124 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:11:04.0718 1124 VolSnap - ok
15:11:05.0406 1124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:11:05.0421 1124 Wanarp - ok
15:11:05.0937 1124 wanatw - ok
15:11:06.0718 1124 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:11:06.0718 1124 Wdf01000 - ok
15:11:07.0250 1124 WDICA - ok
15:11:07.0875 1124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:11:07.0890 1124 wdmaud - ok
15:11:08.0765 1124 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:11:08.0765 1124 WSTCODEC - ok
15:11:09.0375 1124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:11:09.0406 1124 WudfPf - ok
15:11:09.0984 1124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:11:10.0015 1124 WudfRd - ok
15:11:10.0812 1124 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
15:11:11.0062 1124 ZD1211BU(ZyDAS) - ok
15:11:11.0218 1124 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
15:11:11.0265 1124 \Device\Harddisk0\DR0 - ok
15:11:11.0312 1124 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
15:11:11.0312 1124 \Device\Harddisk1\DR4 - ok
15:11:11.0343 1124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
15:11:12.0062 1124 \Device\Harddisk2\DR5 - ok
15:11:12.0093 1124 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk3\DR6
15:11:12.0109 1124 \Device\Harddisk3\DR6 - ok
15:11:12.0156 1124 Boot (0x1200) (19f98e600164ec0f35943ff23c1fb765) \Device\Harddisk0\DR0\Partition0
15:11:12.0156 1124 \Device\Harddisk0\DR0\Partition0 - ok
15:11:12.0171 1124 Boot (0x1200) (971956ae5e495406fa5603eac2bf5f27) \Device\Harddisk1\DR4\Partition0
15:11:12.0187 1124 \Device\Harddisk1\DR4\Partition0 - ok
15:11:12.0218 1124 Boot (0x1200) (ba40b0c37a4034bff768bd6da038b580) \Device\Harddisk2\DR5\Partition0
15:11:12.0218 1124 \Device\Harddisk2\DR5\Partition0 - ok
15:11:12.0234 1124 Boot (0x1200) (e5ddddf7269fc94563376397681146c9) \Device\Harddisk3\DR6\Partition0
15:11:12.0250 1124 \Device\Harddisk3\DR6\Partition0 - ok
15:11:12.0265 1124 ============================================================
15:11:12.0265 1124 Scan finished
15:11:12.0265 1124 ============================================================
15:11:12.0328 0504 Detected object count: 0
15:11:12.0328 0504 Actual detected object count: 0
15:11:35.0250 0976 Deinitialize success

#4 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 18 November 2011 - 07:11 PM

Here's my MBAM log's

I had to run it twice because I forgot to update

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4313

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/18/2011 1:37:45 PM
mbam-log-2011-11-18 (13-37-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 399492
Time elapsed: 2 hour(s), 34 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.








Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8190

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/18/2011 5:33:10 PM
mbam-log-2011-11-18 (17-33-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 524189
Time elapsed: 2 hour(s), 17 minute(s), 31 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
c:\program files\D48E5\lvvm.exe (Trojan.Dropper) -> 272 -> Unloaded process successfully.
c:\program files\LP\6389\320.exe (Trojan.Dropper) -> 396 -> Unloaded process successfully.
c:\documents and settings\bthompson\application data\989D4\7E263.exe (Trojan.Dropper) -> 212 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320.exe (Trojan.Dropper) -> Value: 320.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwIrOtAuSiFpGQ68234A (Exploit.Drop) -> Value: nwIrOtAuSiFpGQ68234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xgZhXkVlB0c1b3n (Trojan.Dropper) -> Value: xgZhXkVlB0c1b3n -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\D48E5\lvvm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\320.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\bthompson\application data\989D4\7E263.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\av protection 2011v121.exe (Exploit.Drop) -> Quarantined and deleted successfully.
c:\documents and settings\bthompson\application data\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\inusbw32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\bthompson\application data\Sun\Java\deployment\cache\6.0\24\61086898-70ab330f (Exploit.Drop) -> Quarantined and deleted successfully.
c:\documents and settings\bthompson\local settings\temp\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\26.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\27.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\2D.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\LP\6389\2E.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\bthompson\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 18 November 2011 - 09:53 PM

Nice as you now see always update any scan tool prior to the scan.

Please do one more before we mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 20 November 2011 - 11:05 AM

Here's what the ESET scan found:

C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\1\2526d401-4d73c17f multiple threats deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\10\7c88068a-75c5382f Java/Agent.BV trojan deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\16\1526f290-1b0525df multiple threats deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\35\2b29fca3-54aa9600 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\44\38e63bec-1da2f5e1 Java/Agent.BV trojan deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\51\4c81ed73-6d5d0adb probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\bthompson\Application Data\Sun\Java\Deployment\cache\6.0\56\5ad4b738-6f1e6dec Java/Agent.BV trojan deleted - quarantined
C:\temp\UBCD4WinV360.exe Win32/PrcView application deleted - quarantined
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined
F:\Torrents\9-5_Annihilation\AutoFollow\AutoFollow\9-5 Annihilation - Follow Automation Tool.exe a variant of MSIL/Ubot.A application cleaned by deleting - quarantined
F:\Temp\undrm.zip probably a variant of Win32/Agent.KQOGGCB trojan deleted - quarantined
F:\Temp\Nero8.exe Win32/Toolbar.AskSBar application deleted - quarantined

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 20 November 2011 - 08:25 PM

OK, that was good, How is it running now?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 21 November 2011 - 09:49 AM

It's running great now - no more AV Protection popups...here's the results.txt log from MiniToolBox

MiniToolBox by Farbar
Ran by bthompson (administrator) on 21-11-2011 at 08:45:13
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dpahl

Primary Dns Suffix . . . . . . . : supersuppers.com

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : supersuppers.com

gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-7E-26-38

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.70

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Sunday, November 20, 2011 10:10:37 PM

Lease Expires . . . . . . . . . . : Monday, November 21, 2011 10:10:37 PM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.225.105, 209.85.225.106, 209.85.225.147, 209.85.225.99
209.85.225.103, 209.85.225.104



Pinging google.com [209.85.225.99] with 32 bytes of data:



Reply from 209.85.225.99: bytes=32 time=57ms TTL=47

Reply from 209.85.225.99: bytes=32 time=56ms TTL=47



Ping statistics for 209.85.225.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 57ms, Average = 56ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=72ms TTL=54

Reply from 98.137.149.56: bytes=32 time=109ms TTL=54



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 109ms, Average = 90ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 7e 26 38 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.70 192.168.1.70 20
192.168.1.0 255.255.255.0 192.168.1.70 192.168.1.70 20
192.168.1.70 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.70 192.168.1.70 20
224.0.0.0 240.0.0.0 192.168.1.70 192.168.1.70 20
255.255.255.255 255.255.255.255 192.168.1.70 192.168.1.70 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/21/2011 02:10:56 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/20/2011 06:10:57 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/20/2011 02:50:39 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 06:50:45 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 11:06:25 AM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6562.5003, stamp 4e2f99fb, faulting module msvcr80.dll, version 8.0.50727.6195, stamp 4dcddbf3, debug? 0, fault address 0x00015076.

Error: (11/19/2011 10:50:43 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/19/2011 02:50:38 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/18/2011 06:36:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Unexpected or missing value (name: 'PackageCode', value: '') in key 'HKLM\Software\Classes\Installer\Products\56A6209C9A7D89145807EAAAC025F3EF'

Error: (11/18/2011 06:36:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Unexpected or missing value (name: 'PackageCode', value: '') in key 'HKLM\Software\Classes\Installer\Products\2E9EA578198BA10479DB35C323942803'

Error: (11/18/2011 06:05:05 PM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/21/2011 06:41:12 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/21/2011 02:56:02 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/21/2011 01:41:12 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 08:41:22 PM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 03:41:12 PM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:41:15 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:12:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl
IntelIde
SAVRT
SAVRTPEL

Error: (11/20/2011 10:12:33 AM) (Source: Service Control Manager) (User: )
Description: The Intel USB3 Device Service service terminated with the following error:
%%126

Error: (11/20/2011 10:11:43 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/20/2011 10:05:46 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain SUPERSUPPERS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (11/19/2011 11:04:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 41809 seconds with 840 seconds of active time. This session ended with a crash.

Error: (09/14/2011 03:03:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 178459 seconds with 6120 seconds of active time. This session ended with a crash.

Error: (09/01/2011 08:30:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 74303 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (08/31/2011 11:51:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 271182 seconds with 4260 seconds of active time. This session ended with a crash.

Error: (07/07/2011 02:23:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 56405 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (05/09/2011 08:41:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 161130 seconds with 4080 seconds of active time. This session ended with a crash.

Error: (05/07/2011 11:55:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 223007 seconds with 9000 seconds of active time. This session ended with a crash.

Error: (04/29/2011 07:48:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 543 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/29/2011 07:32:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146540 seconds with 8820 seconds of active time. This session ended with a crash.

Error: (04/27/2011 02:50:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 543668 seconds with 15540 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.3.183.11)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Amazon Kindle For PC
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
Bonjour (Version: 2.0.4.0)
Business Plan Pro 15th Anniversary Edition (Version: 11.25.0009)
Cobian Backup 8
Documents To Go Desktop for iPhone (Version: 2.0000.006)
ESET Online Scanner v3
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
Google Chrome (Version: 15.0.874.121)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
HP USB Disk Storage Format Tool
Internet Information Services (IIS) 7 Manager (Version: 7.0.0.0)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Kindle PC Converter (Version: )
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Market Samurai (Version: 0.87.5)
Marketing Plan Pro 9.0 (Version: 9.02.0004)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Project Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (PROVIDUSSTD) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-US))
MSXML 6.0 Parser
NCH Toolbox
Nitro PDF Professional (Version: 6.2.1.10)
Palo Alto Software's Application Manager 8.2 (Version: 8.45.0004)
Panda ActiveScan 2.0 (Version: 01.04.00.0000)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller Pro 2.5.5 (Version: 2.5.5)
S3 Ripper 1.3
Safari (Version: 5.33.21.1)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.111)
SoundFont Bank Manager
STOPzilla (Version: 5.0.92.3)
WebFldrs XP
WebMoney Agent (Version: 3.5)
Windows Defender (Version: 1.1.1593.21)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 2045.98 MB
Available physical RAM: 839.96 MB
Total Pagefile: 3044.24 MB
Available Pagefile: 1888.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.87 GB) (Free:27.62 GB) NTFS
3 Drive e: () (Fixed) (Total:93.15 GB) (Free:17.86 GB) NTFS
4 Drive f: (My Book) (Fixed) (Total:232.83 GB) (Free:103.32 GB) FAT32
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:1.9 GB) (Free:1.74 GB) FAT

========================= Users: ========================================

User accounts for \\DPAHL

Administrator ASPNET Guest
HelpAssistant IUSR_DPAHL IWAM_DPAHL
QBDataServiceUser SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 21 November 2011 - 03:08 PM

Hello,
That log shows hijacked winsock entries possibly by a ZeroAcess rootkit.

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()


We should do this now to be sure it's not lurking and waiting to come out.



We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.
Include the above MiniToolbox log.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:27 AM

Posted 22 November 2011 - 01:17 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic428848.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users