Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cursor keeps going to the search box in the browser.


  • This topic is locked This topic is locked
13 replies to this topic

#1 ShyG

ShyG

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 27 February 2012 - 08:11 AM

The cursor keeps going to this search box that appears just below the tabs in my browser. I have disaled the search function in the startup menu as well as the browser addons for search. Cannot type anything.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:06:26 PM, on 2/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *****
O17 - HKLM\Software\..\Telephony: DomainName = ********
O17 - HKLM\System\CCS\Services\Tcpip\..\{85C62775-0D91-4D28-AEB1-AE140ACFACC5}: NameServer = 4.2.2.3 121.242.190.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE31161-1139-4B11-AF50-28ECDEB95737}: NameServer = 192.10.100.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *********
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ******
- C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 10205 bytes


*Edit: Moved topic from to the more appropriate forum. ~ Queen-Evie*

Edited by ShyG, 27 February 2012 - 10:45 AM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 29 February 2012 - 07:06 AM

Hello ShyG and welcome to BC.

Sorry about the delay do you still need help? If yes then please read here: http://www.bleepingcomputer.com/forums/topic34773.html

Post the required logs when ready and we will begin from there, thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 ShyG

ShyG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 29 February 2012 - 10:31 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by shyg at 18:10:27 on 2012-02-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2190 [GMT 5.5:30]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: nofind = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: Interfaces\{8DE31161-1139-4B11-AF50-28ECDEB95737} : NameServer = 192.10.100.110
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe -/service [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-10-17 2436536]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-2-16 113536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-17 106104]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-2-17 73216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120228.035\NAVENG.SYS [2012-2-29 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120228.035\NAVEX15.SYS [2012-2-29 1576312]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-2-16 228408]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-2-17 102784]
.
=============== Created Last 30 ================
.
2012-02-28 16:36:17 -------- d-----w- c:\documents and settings\shyg\local settings\application data\Research In Motion
2012-02-28 16:31:14 -------- d-----w- c:\program files\Research In Motion Limited
2012-02-28 16:31:14 -------- d-----w- c:\program files\common files\Research In Motion
2012-02-28 10:30:37 -------- d-----w- c:\program files\CCleaner
2012-02-27 16:19:19 -------- d-----w- c:\documents and settings\shyg\application data\GetRightToGo
2012-02-27 16:12:48 -------- d-----w- c:\windows\system32\appmgmt
2012-02-27 11:06:53 388096 ----a-r- c:\documents and settings\shyg\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-27 11:06:52 -------- d-----w- c:\program files\Trend Micro
2012-02-27 09:59:57 -------- d-----w- c:\windows\pss
2012-02-26 07:22:38 6888300 ----a-w- c:\documents and settings\shyg\backup.reg
2012-02-24 06:34:24 -------- d-----w- c:\program files\Microsoft
2012-02-24 06:33:16 -------- d-----w- c:\program files\HP Photo Creations
2012-02-24 06:33:16 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2012-02-24 06:32:41 -------- d-----w- c:\documents and settings\shyg\application data\HpUpdate
2012-02-24 06:32:21 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-02-24 06:32:21 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-24 06:32:13 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-24 06:32:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-24 06:32:11 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-02-24 06:32:09 267112 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-02-24 06:32:09 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-02-24 06:32:09 213864 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-02-24 06:31:02 -------- d-----w- c:\program files\HP
2012-02-24 06:29:30 -------- d-----w- c:\documents and settings\shyg\local settings\application data\HP
2012-02-21 23:46:28 -------- d-----w- c:\documents and settings\shyg\local settings\application data\Microsoft Help
2012-02-21 03:35:59 -------- d-----w- c:\windows\ie8updates
2012-02-20 16:10:07 -------- d-----w- c:\documents and settings\shyg\local settings\application data\Mozilla
2012-02-20 09:24:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 10:37:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-19 10:37:54 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-02-19 10:15:56 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-19 08:51:15 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-19 08:51:15 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-19 08:51:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-19 08:51:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-19 08:51:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-19 08:51:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-19 05:11:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-18 19:31:51 -------- d-----w- c:\windows\system32\PreInstall
2012-02-18 19:31:48 -------- d--h--w- c:\windows\$hf_mig$
2012-02-18 11:59:19 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-18 11:59:19 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-18 11:59:18 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-02-18 11:59:18 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-18 08:18:19 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2012-02-18 08:17:40 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-18 08:17:40 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 17:02:01 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-02-17 05:46:47 -------- d-----w- c:\program files\Tata Photon+
2012-02-17 05:46:05 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
2012-02-17 05:37:52 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-17 05:08:23 -------- d-sh--w- c:\documents and settings\shyg\IECompatCache
2012-02-17 05:08:13 -------- d-sh--w- c:\documents and settings\shyg\PrivacIE
2012-02-17 05:05:37 327168 ----a-w- c:\windows\IsUninst.exe
2012-02-17 05:05:02 -------- d-sh--w- c:\documents and settings\shyg\IETldCache
2012-02-17 05:01:13 -------- dc-h--w- c:\windows\ie8
2012-02-17 04:59:41 -------- d-----w- c:\documents and settings\shyg\local settings\application data\Symantec
2012-02-17 04:58:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-17 04:58:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-17 04:58:16 -------- d-----w- c:\program files\Symantec
2012-02-17 04:58:16 -------- d-----w- c:\program files\common files\Symantec Shared
2012-02-17 04:58:16 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2012-02-17 04:53:59 -------- d-----w- c:\windows\SchCache
2012-02-17 04:52:10 -------- d-----w- c:\documents and settings\shyg\local settings\application data\Adobe
2012-02-17 04:52:08 -------- d-----w- c:\documents and settings\shyg\Bluetooth Software
.
==================== Find3M ====================
.
2012-01-31 04:19:28 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:10:39.54 ===============

Attached Files



#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 29 February 2012 - 04:32 PM

Sorry I started a new topic with the same issue as I went exactly as the prepration tutorials intructions. Still need help please.


I have merged the two topics. Please continue.

Edited by Budapest, 01 March 2012 - 04:09 AM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 01 March 2012 - 07:57 AM

Thanks for merging the topics, Budapest. :)

==========================================


@ ShyG, do you experience the problem on any browser? Did you install any program or browser add-on before this problem started?

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 ShyG

ShyG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 02 March 2012 - 03:21 AM

Hi :)
Yes I the problem occurs on multiple browsers, Firefox and IE. I installed Firefox before this problem started. So, I uninstalled Firefox thinking it was the problem. Then I completely disabled the search function from Start>Search (which has somehow re-appeared on its own). I followed your instrustions and did a scan and below is the log. However the problem still persist. (Would u like a screenshot of it?)

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ShyG :: ShyG [administrator]

Protection: Enabled

3/2/2012 12:03:08 PM
mbam-log-2012-03-02 (12-03-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217905
Time elapsed: 25 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|nofind (PUM.Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks for the assistance :)

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 02 March 2012 - 08:01 AM

Hi,

Yes, screen shot will be very helpful.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step2: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 ShyG

ShyG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 03 March 2012 - 01:18 AM

Hi, Sorry cant seem to attach a screenshot here so i've uploaded to a google picasa account. I've uploaded the screenshot here : https://picasaweb.google.com/110769659866382654904/Screenshot#5715553966530362610



TDSSKiller Log:

22:03:34.0156 4036 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
22:03:34.0875 4036 ============================================================
22:03:34.0875 4036 Current date / time: 2012/03/02 22:03:34.0875
22:03:34.0875 4036 SystemInfo:
22:03:34.0875 4036
22:03:34.0875 4036 OS Version: 5.1.2600 ServicePack: 3.0
22:03:34.0875 4036 Product type: Workstation
22:03:34.0875 4036 ComputerName: ShyG
22:03:34.0875 4036 UserName: ShyG
22:03:34.0875 4036 Windows directory: C:\WINDOWS
22:03:34.0875 4036 System windows directory: C:\WINDOWS
22:03:34.0875 4036 Processor architecture: Intel x86
22:03:34.0875 4036 Number of processors: 2
22:03:34.0875 4036 Page size: 0x1000
22:03:34.0875 4036 Boot type: Normal boot
22:03:34.0875 4036 ============================================================
22:03:36.0906 4036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:03:36.0921 4036 \Device\Harddisk0\DR0:
22:03:36.0921 4036 MBR used
22:03:36.0921 4036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:03:36.0937 4036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
22:03:37.0015 4036 Initialize success
22:03:37.0015 4036 ============================================================
22:03:39.0921 3608 ============================================================
22:03:39.0921 3608 Scan started
22:03:39.0921 3608 Mode: Manual;
22:03:39.0921 3608 ============================================================
22:03:41.0390 3608 Abiosdsk - ok
22:03:41.0421 3608 abp480n5 - ok
22:03:41.0453 3608 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:41.0468 3608 ACPI - ok
22:03:41.0484 3608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:03:41.0500 3608 ACPIEC - ok
22:03:41.0500 3608 adpu160m - ok
22:03:41.0531 3608 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:03:41.0546 3608 aec - ok
22:03:41.0578 3608 AESTAud (9277c31f1b10ea626c5ea06c5e73b04d) C:\WINDOWS\system32\drivers\AESTAud.sys
22:03:41.0578 3608 AESTAud - ok
22:03:41.0625 3608 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:03:41.0625 3608 AFD - ok
22:03:41.0687 3608 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:03:41.0703 3608 AgereSoftModem - ok
22:03:41.0703 3608 Aha154x - ok
22:03:41.0718 3608 aic78u2 - ok
22:03:41.0718 3608 aic78xx - ok
22:03:41.0734 3608 AliIde - ok
22:03:41.0734 3608 amsint - ok
22:03:41.0750 3608 asc - ok
22:03:41.0765 3608 asc3350p - ok
22:03:41.0765 3608 asc3550 - ok
22:03:41.0796 3608 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:41.0796 3608 AsyncMac - ok
22:03:41.0828 3608 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:41.0828 3608 atapi - ok
22:03:41.0843 3608 Atdisk - ok
22:03:41.0859 3608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:41.0859 3608 Atmarpc - ok
22:03:41.0906 3608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:41.0921 3608 audstub - ok
22:03:41.0953 3608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:03:41.0968 3608 Beep - ok
22:03:42.0031 3608 BTKRNL (ed0bd05be3c494a8fec0674880d5bc4d) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:03:42.0046 3608 BTKRNL - ok
22:03:42.0062 3608 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
22:03:42.0078 3608 BTWUSB - ok
22:03:42.0093 3608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:42.0093 3608 cbidf2k - ok
22:03:42.0109 3608 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:03:42.0109 3608 CCDECODE - ok
22:03:42.0125 3608 cd20xrnt - ok
22:03:42.0156 3608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:42.0156 3608 Cdaudio - ok
22:03:42.0187 3608 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:42.0203 3608 Cdfs - ok
22:03:42.0234 3608 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:42.0250 3608 Cdrom - ok
22:03:42.0250 3608 Changer - ok
22:03:42.0265 3608 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:03:42.0281 3608 CmBatt - ok
22:03:42.0281 3608 CmdIde - ok
22:03:42.0296 3608 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:03:42.0296 3608 Compbatt - ok
22:03:42.0312 3608 Cpqarray - ok
22:03:42.0328 3608 dac2w2k - ok
22:03:42.0328 3608 dac960nt - ok
22:03:42.0343 3608 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:42.0359 3608 Disk - ok
22:03:42.0390 3608 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:03:42.0406 3608 dmboot - ok
22:03:42.0421 3608 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:03:42.0421 3608 dmio - ok
22:03:42.0453 3608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:03:42.0453 3608 dmload - ok
22:03:42.0484 3608 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:03:42.0500 3608 DMusic - ok
22:03:42.0515 3608 dpti2o - ok
22:03:42.0515 3608 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:42.0531 3608 drmkaud - ok
22:03:42.0609 3608 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:03:42.0640 3608 eeCtrl - ok
22:03:42.0656 3608 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:03:42.0671 3608 EraserUtilRebootDrv - ok
22:03:42.0703 3608 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
22:03:42.0718 3608 ew_hwusbdev - ok
22:03:42.0750 3608 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:42.0781 3608 Fastfat - ok
22:03:42.0796 3608 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:03:42.0796 3608 Fdc - ok
22:03:42.0812 3608 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:03:42.0828 3608 Fips - ok
22:03:42.0828 3608 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:03:42.0843 3608 Flpydisk - ok
22:03:42.0859 3608 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:03:42.0875 3608 FltMgr - ok
22:03:42.0921 3608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:42.0921 3608 Fs_Rec - ok
22:03:42.0937 3608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:42.0953 3608 Ftdisk - ok
22:03:42.0984 3608 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:43.0000 3608 Gpc - ok
22:03:43.0046 3608 HBtnKey (fc657b7751729efe54e2ff24f50e5bab) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:03:43.0046 3608 HBtnKey - ok
22:03:43.0062 3608 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:03:43.0078 3608 HDAudBus - ok
22:03:43.0093 3608 hpn - ok
22:03:43.0109 3608 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
22:03:43.0125 3608 HpqKbFiltr - ok
22:03:43.0156 3608 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:43.0171 3608 HTTP - ok
22:03:43.0218 3608 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
22:03:43.0234 3608 huawei_enumerator - ok
22:03:43.0250 3608 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:03:43.0265 3608 hwdatacard - ok
22:03:43.0281 3608 i2omgmt - ok
22:03:43.0296 3608 i2omp - ok
22:03:43.0296 3608 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:43.0312 3608 i8042prt - ok
22:03:43.0515 3608 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:03:43.0593 3608 ialm - ok
22:03:43.0671 3608 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:43.0703 3608 Imapi - ok
22:03:43.0718 3608 ini910u - ok
22:03:43.0718 3608 IntelIde - ok
22:03:43.0734 3608 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:43.0750 3608 intelppm - ok
22:03:43.0750 3608 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:03:43.0765 3608 Ip6Fw - ok
22:03:43.0796 3608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:43.0812 3608 IpFilterDriver - ok
22:03:43.0828 3608 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:43.0843 3608 IpInIp - ok
22:03:43.0859 3608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:43.0906 3608 IpNat - ok
22:03:43.0921 3608 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:43.0953 3608 IPSec - ok
22:03:43.0984 3608 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:43.0984 3608 IRENUM - ok
22:03:44.0031 3608 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:44.0046 3608 isapnp - ok
22:03:44.0093 3608 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:44.0109 3608 Kbdclass - ok
22:03:44.0156 3608 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:03:44.0171 3608 kbdhid - ok
22:03:44.0234 3608 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:03:44.0234 3608 kmixer - ok
22:03:44.0250 3608 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:03:44.0281 3608 KSecDD - ok
22:03:44.0296 3608 lbrtfdc - ok
22:03:44.0343 3608 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:03:44.0359 3608 MBAMProtector - ok
22:03:44.0406 3608 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:03:44.0406 3608 MBAMSwissArmy - ok
22:03:44.0453 3608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:03:44.0468 3608 mnmdd - ok
22:03:44.0500 3608 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:03:44.0500 3608 Modem - ok
22:03:44.0531 3608 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:03:44.0546 3608 Mouclass - ok
22:03:44.0562 3608 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:03:44.0578 3608 MountMgr - ok
22:03:44.0578 3608 mraid35x - ok
22:03:44.0593 3608 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:03:44.0625 3608 MRxDAV - ok
22:03:44.0656 3608 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:44.0687 3608 MRxSmb - ok
22:03:44.0687 3608 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:03:44.0703 3608 Msfs - ok
22:03:44.0734 3608 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:03:44.0734 3608 MSKSSRV - ok
22:03:44.0750 3608 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:03:44.0750 3608 MSPCLOCK - ok
22:03:44.0781 3608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:03:44.0796 3608 MSPQM - ok
22:03:44.0812 3608 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:03:44.0812 3608 mssmbios - ok
22:03:44.0828 3608 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:03:44.0828 3608 MSTEE - ok
22:03:44.0843 3608 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:03:44.0859 3608 Mup - ok
22:03:44.0875 3608 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:03:44.0890 3608 NABTSFEC - ok
22:03:44.0984 3608 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120302.002\NAVENG.SYS
22:03:44.0984 3608 NAVENG - ok
22:03:45.0031 3608 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120302.002\NAVEX15.SYS
22:03:45.0046 3608 NAVEX15 - ok
22:03:45.0093 3608 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:03:45.0109 3608 NDIS - ok
22:03:45.0109 3608 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:03:45.0125 3608 NdisIP - ok
22:03:45.0156 3608 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:45.0171 3608 NdisTapi - ok
22:03:45.0187 3608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:03:45.0187 3608 Ndisuio - ok
22:03:45.0203 3608 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:45.0203 3608 NdisWan - ok
22:03:45.0250 3608 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:03:45.0265 3608 NDProxy - ok
22:03:45.0281 3608 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:03:45.0296 3608 NetBIOS - ok
22:03:45.0312 3608 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:45.0343 3608 NetBT - ok
22:03:45.0515 3608 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
22:03:45.0593 3608 NETw5x32 - ok
22:03:45.0640 3608 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:03:45.0656 3608 Npfs - ok
22:03:45.0703 3608 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:03:45.0718 3608 Ntfs - ok
22:03:45.0750 3608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:03:45.0750 3608 Null - ok
22:03:45.0781 3608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:03:45.0781 3608 NwlnkFlt - ok
22:03:45.0812 3608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:03:45.0812 3608 NwlnkFwd - ok
22:03:45.0859 3608 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:03:45.0875 3608 Parport - ok
22:03:45.0875 3608 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:03:45.0875 3608 PartMgr - ok
22:03:45.0906 3608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:03:45.0906 3608 ParVdm - ok
22:03:45.0937 3608 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:03:45.0937 3608 PCI - ok
22:03:45.0953 3608 PCIDump - ok
22:03:45.0953 3608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:03:45.0968 3608 PCIIde - ok
22:03:45.0984 3608 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:03:46.0000 3608 Pcmcia - ok
22:03:46.0000 3608 PDCOMP - ok
22:03:46.0000 3608 PDFRAME - ok
22:03:46.0015 3608 PDRELI - ok
22:03:46.0015 3608 PDRFRAME - ok
22:03:46.0031 3608 perc2 - ok
22:03:46.0031 3608 perc2hib - ok
22:03:46.0078 3608 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:03:46.0078 3608 PptpMiniport - ok
22:03:46.0093 3608 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:03:46.0093 3608 PSched - ok
22:03:46.0109 3608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:03:46.0125 3608 Ptilink - ok
22:03:46.0125 3608 ql1080 - ok
22:03:46.0156 3608 Ql10wnt - ok
22:03:46.0156 3608 ql12160 - ok
22:03:46.0171 3608 ql1240 - ok
22:03:46.0171 3608 ql1280 - ok
22:03:46.0203 3608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:46.0203 3608 RasAcd - ok
22:03:46.0218 3608 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:03:46.0234 3608 Rasl2tp - ok
22:03:46.0234 3608 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:46.0250 3608 RasPppoe - ok
22:03:46.0250 3608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:03:46.0265 3608 Raspti - ok
22:03:46.0296 3608 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:46.0296 3608 Rdbss - ok
22:03:46.0312 3608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:46.0312 3608 RDPCDD - ok
22:03:46.0343 3608 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:03:46.0343 3608 rdpdr - ok
22:03:46.0375 3608 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:46.0390 3608 RDPWD - ok
22:03:46.0421 3608 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:46.0421 3608 redbook - ok
22:03:46.0453 3608 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:03:46.0468 3608 RimUsb - ok
22:03:46.0500 3608 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:46.0515 3608 Secdrv - ok
22:03:46.0531 3608 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:03:46.0531 3608 Serial - ok
22:03:46.0578 3608 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:46.0578 3608 Sfloppy - ok
22:03:46.0593 3608 Simbad - ok
22:03:46.0609 3608 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:03:46.0625 3608 SLIP - ok
22:03:46.0625 3608 Sparrow - ok
22:03:46.0687 3608 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
22:03:46.0703 3608 SPBBCDrv - ok
22:03:46.0734 3608 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:03:46.0734 3608 splitter - ok
22:03:46.0765 3608 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:46.0765 3608 sr - ok
22:03:46.0781 3608 SRTSP (5e4985a84f13abf5727bed3c50bd7031) C:\WINDOWS\system32\Drivers\SRTSP.SYS
22:03:46.0796 3608 SRTSP - ok
22:03:46.0796 3608 SRTSPL (8117dca2cdf9d11c441c473dc9631655) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
22:03:46.0812 3608 SRTSPL - ok
22:03:46.0828 3608 SRTSPX (5e89104af0dc94b659ea8ec3e66c3eeb) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
22:03:46.0843 3608 SRTSPX - ok
22:03:46.0890 3608 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:46.0890 3608 Srv - ok
22:03:46.0968 3608 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
22:03:46.0984 3608 STHDA - ok
22:03:47.0015 3608 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:03:47.0031 3608 streamip - ok
22:03:47.0062 3608 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:47.0062 3608 swenum - ok
22:03:47.0078 3608 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:03:47.0093 3608 swmidi - ok
22:03:47.0109 3608 symc810 - ok
22:03:47.0125 3608 symc8xx - ok
22:03:47.0171 3608 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:03:47.0187 3608 SymEvent - ok
22:03:47.0234 3608 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
22:03:47.0281 3608 SYMREDRV - ok
22:03:47.0328 3608 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
22:03:47.0343 3608 SYMTDI - ok
22:03:47.0359 3608 sym_hi - ok
22:03:47.0375 3608 sym_u3 - ok
22:03:47.0390 3608 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:47.0406 3608 sysaudio - ok
22:03:47.0453 3608 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:47.0453 3608 Tcpip - ok
22:03:47.0500 3608 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:47.0500 3608 TDPIPE - ok
22:03:47.0515 3608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:47.0531 3608 TDTCP - ok
22:03:47.0562 3608 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:47.0562 3608 TermDD - ok
22:03:47.0578 3608 TosIde - ok
22:03:47.0609 3608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:03:47.0625 3608 Udfs - ok
22:03:47.0625 3608 ultra - ok
22:03:47.0640 3608 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:03:47.0656 3608 Update - ok
22:03:47.0671 3608 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:47.0687 3608 usbccgp - ok
22:03:47.0718 3608 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:47.0718 3608 usbehci - ok
22:03:47.0750 3608 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:47.0750 3608 usbhub - ok
22:03:47.0781 3608 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:03:47.0781 3608 usbprint - ok
22:03:47.0812 3608 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:03:47.0828 3608 usbscan - ok
22:03:47.0859 3608 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:47.0859 3608 USBSTOR - ok
22:03:47.0890 3608 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:47.0906 3608 usbuhci - ok
22:03:47.0937 3608 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:03:47.0953 3608 usbvideo - ok
22:03:48.0000 3608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:03:48.0015 3608 VgaSave - ok
22:03:48.0015 3608 ViaIde - ok
22:03:48.0046 3608 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:48.0062 3608 VolSnap - ok
22:03:48.0093 3608 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:48.0125 3608 Wanarp - ok
22:03:48.0171 3608 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:03:48.0203 3608 Wdf01000 - ok
22:03:48.0218 3608 WDICA - ok
22:03:48.0250 3608 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:48.0265 3608 wdmaud - ok
22:03:48.0312 3608 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:03:48.0328 3608 WmiAcpi - ok
22:03:48.0375 3608 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:03:48.0390 3608 WSTCODEC - ok
22:03:48.0453 3608 yukonwxp (cbfb4178ef3304f27b6a8554b09e5910) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:03:48.0468 3608 yukonwxp - ok
22:03:48.0515 3608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:03:48.0718 3608 \Device\Harddisk0\DR0 - ok
22:03:48.0718 3608 Boot (0x1200) (4fdb460516fd16c16838cb83869cae38) \Device\Harddisk0\DR0\Partition0
22:03:48.0718 3608 \Device\Harddisk0\DR0\Partition0 - ok
22:03:48.0750 3608 Boot (0x1200) (cf62b3ccbfeff54dd5bc2422ee57dc2b) \Device\Harddisk0\DR0\Partition1
22:03:48.0750 3608 \Device\Harddisk0\DR0\Partition1 - ok
22:03:48.0750 3608 ============================================================
22:03:48.0750 3608 Scan finished
22:03:48.0750 3608 ============================================================
22:03:48.0765 2940 Detected object count: 0
22:03:48.0765 2940 Actual detected object count: 0




aswMBR log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 22:05:27
-----------------------------
22:05:27.703 OS Version: Windows 5.1.2600 Service Pack 3
22:05:27.703 Number of processors: 2 586 0xF0D
22:05:27.703 ComputerName: ShyG UserName: ShyG
22:05:28.234 Initialize success
22:05:36.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:05:36.625 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
22:05:36.671 Disk 0 MBR read successfully
22:05:36.687 Disk 0 MBR scan
22:05:36.687 Disk 0 Windows XP default MBR code
22:05:36.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
22:05:36.687 Disk 0 Partition - 00 0F Extended LBA 205236 MB offset 204796620
22:05:36.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 205236 MB offset 204796683
22:05:36.703 Disk 0 scanning sectors +625121280
22:05:36.796 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:43.046 Service scanning
22:05:52.515 Modules scanning
22:05:57.015 Disk 0 trace - called modules:
22:05:57.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:05:57.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4a7ab8]
22:05:57.031 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8a4ae9e8]
22:05:57.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a434940]
22:05:57.031 Scan finished successfully
23:01:14.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ShyG\Desktop\MBR.dat"
23:01:14.156 The log file has been saved successfully to "C:\Documents and Settings\ShyG\Desktop\aswMBR.txt"

Edited by ShyG, 03 March 2012 - 01:35 AM.


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 03 March 2012 - 01:31 AM

Hi,

Please double check the uploaded image, or kindly check the link.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 ShyG

ShyG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 03 March 2012 - 02:07 AM

Sorry i had renamed the picture thats why it gave an error. Editted the link. :)

Also, I am unable to disable the anti-virus program as it has been locked by the admin.

Edited by ShyG, 03 March 2012 - 02:32 AM.


#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 03 March 2012 - 08:42 PM

Hi,

Is this an office/business computer? If yes, did you try to contact the responsible IT guys to fix this machine?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 ShyG

ShyG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 04 March 2012 - 12:36 AM

Yes it is, am out on a trip and will be away for another month or so... Thought I'd try and work it out myself.

Thanks for the help anyways, appreciate the time, Thanx :)

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 04 March 2012 - 12:55 AM

Thanks for letting me know, good luck and have a safe trip. :)

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:06 PM

Posted 04 March 2012 - 10:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users