Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection?


  • Please log in to reply
19 replies to this topic

#1 Soul Reaver

Soul Reaver

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 08 June 2012 - 10:55 PM

I'm currently running Windows XP SP3

After restarting my computer today, I noticed Microsoft Security Essentials wasn't running (ie, it was in the system tray, but it was red with a cross through it). I wasn't able to start it up, which I found rather suspicious.

So I went to add/remove programs, removed Microsoft Security Essentials (I'll refer to it as MSE from now on), then reinstalled it (from a fresh download). This worked fine. MSE updated itself and ran an automatic quick scan, and detected several instances of Trojan: Win32/Sirefef

Specifically, it listed:
Win32/Sirefef
Win32/Sirefef.P
Win32/Sirefef.AG
Win32/Sirefef.AL

These were quarantined, and I removed them. However, I got an error message during the install of MSE saying that the Windows Firewall could not be initalized. When I tried to initalize it manually (through the control panel) I got the error: "Due to an unidentified problem, Windows cannot display Windows Firewall settings".

I restarted the computer, thinking that this might help. When I opened the history tab in MSE, it showed that it had found and quarantied the same list of four trojans again. Thinking it was time for a full scan, I started running a full MSE system scan, but that seemed to freeze my computer (admittedly, it was still starting up, so that might have been partially to blame) and wasn't progressing. I was unable to open Internet Explorer, though I got Firefox open - at this point I stopped the MSE scan, thinking perhaps that this was causing performance issues. I started looking up Sirefef in Firefox, but the computer was responding very sluggishly. I tried to bring up the task manager to no avail. So I cut my losses and hit the power button on my computer.

Before turning the computer back on, I unplugged the internet cable to ensure I was offline from now on. After the computer restarted, I tried out Internet Explorer, which was working fine now (though obviously I couldn't go online, since I was unplugged). I ran another full scan with MSE, which reported early into the scan (in an urgent alert window) that it had found Sirefef.P and needed a restart to remove it. I restarted the computer.

Again, after the restart, MSE reported finding the same four trojans. I'm currently running another full scan with MSE but it looks like this will take several hours to complete (it's at 3 1/2 hours at the moment and counting).

I've checked online on a secondary computer about this virus and while I've found various bits of advice (asking to look for various processes, registry entries, etc) I can't seem to find those on my computer. I've also run a number of removal tools including 'AntiZeroAccess', McAfee's 'Rootkitremover', ESET's 'ESETSireferRemover', but none of them found or removed anything. AntiZeroAccess did have one error while running - when it checked file 'uusbd.sys' it got an Error, but that didn't stop the program from finishing, and it still reported that my system is not infected.

MSE seems to run fine, but I'm still concerned that these same four trojans are being picked up after every restart, and I still can't activate the Windows Firewall. Any advice on how to proceed?

UPDATE: Full scan finally finished. It found Sirefef.P, which I told it to remove. After this it asked me to restart my computer. I did so, but started it up in Safe Mode, where I also ran TDSSKiller. This didn't find any infections.

Restarted again, running another full MSE scan...

Edited by Soul Reaver, 09 June 2012 - 01:03 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 09 June 2012 - 02:23 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 09 June 2012 - 06:06 AM

Thank you for the swift reply. Just to update, I did run TDSSKiller and generated a log, but while running GMER my computer froze mid (multi-hour) scan.

I've restarted my computer and will re-run the scans again overnight. Will hopefully be able to post the logs tomorrow. Sorry for the delay.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 09 June 2012 - 06:19 AM

If you have issues running GMER or aswmbr scan in normal mode,use safemode with networking :thumbup2:

#5 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 09 June 2012 - 09:00 PM

I restarted the computer in Safe Mode with Networking, and plugged my internet cable back in. I ran another TDSSKiller scan, then left a GMER scan running overnight.

When I got up this morning, it had frozen 3 hours after starting, though it seemed to have finished and was displaying the message "GMER hasn't found any system modifications". However, since it had frozen, I couldn't post a log.

Restarted the computer this mornign, ran another TDSSKiller scan, started another GMER scan. Again, this froze after approx. 3 hours (without finishing).

Most of the scan duration seems to be going through websites I've got backed up on my computer (which contains thousands of tiny files). These are old backups and unlikely to be the source of any malware, and since these are slowing the scan so considerably (it takes about 1 1/2 - 2 hours to scan through them due to the sheer amount of files), I've backed up these files on an external HD and deleted them from my computer. Hopefully this will now allow the GMER scan to finish before it inevitably freezes again.

I've restarted my computer in safe mode with networking, run another TDSSKiller scan, and have started a new GMER scan.

Edited by Soul Reaver, 09 June 2012 - 09:02 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 09 June 2012 - 09:03 PM

If GMER gets stuck again,ignore GMER ,post tdsskiller and aswmbr logs :thumbup2:

#7 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 10 June 2012 - 03:45 AM

Thanks for all your patience. GMER froze again after completing (again with the message "GMER hasn't found any system modifications") so I'm giving up on posting a GMER log. Note that my computer doesn't tend to freeze like this normally, so I think it just doesn't like GMER for some reason.

Below are the TDSSKiller and aswMBR log. Both of these were run under Safe Mode with Networking:

TDSSkiller log:

18:39:45.0718 0152 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:39:46.0687 0152 ============================================================
18:39:46.0687 0152 Current date / time: 2012/06/10 18:39:46.0687
18:39:46.0687 0152 SystemInfo:
18:39:46.0687 0152
18:39:46.0687 0152 OS Version: 5.1.2600 ServicePack: 3.0
18:39:46.0687 0152 Product type: Workstation
18:39:46.0687 0152 ComputerName: SOULREAVER
18:39:46.0687 0152 UserName: Soul Reaver
18:39:46.0687 0152 Windows directory: C:\WINDOWS
18:39:46.0687 0152 System windows directory: C:\WINDOWS
18:39:46.0687 0152 Processor architecture: Intel x86
18:39:46.0687 0152 Number of processors: 4
18:39:46.0687 0152 Page size: 0x1000
18:39:46.0687 0152 Boot type: Safe boot with network
18:39:46.0687 0152 ============================================================
18:39:49.0828 0152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags

0x00000054
18:39:49.0843 0152 ============================================================
18:39:49.0843 0152 \Device\Harddisk0\DR0:
18:39:49.0843 0152 MBR partitions:
18:39:49.0843 0152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x731AA7C1
18:39:49.0843 0152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x731AA800, BlocksNum 0x155B000
18:39:49.0843 0152 ============================================================
18:39:49.0906 0152 C: <-> \Device\Harddisk0\DR0\Partition0
18:39:49.0968 0152 H: <-> \Device\Harddisk0\DR0\Partition1
18:39:50.0015 0152 ============================================================
18:39:50.0015 0152 Initialize success
18:39:50.0015 0152 ============================================================
18:39:55.0140 0280 ============================================================
18:39:55.0140 0280 Scan started
18:39:55.0140 0280 Mode: Manual; TDLFS;
18:39:55.0140 0280 ============================================================
18:39:56.0000 0280 Abiosdsk - ok
18:39:56.0015 0280 abp480n5 - ok
18:39:56.0046 0280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:39:56.0062 0280 ACPI - ok
18:39:56.0109 0280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:39:56.0109 0280 ACPIEC - ok
18:39:56.0218 0280 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:56.0218 0280 AdobeFlashPlayerUpdateSvc - ok
18:39:56.0218 0280 adpu160m - ok
18:39:56.0281 0280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:39:56.0281 0280 aec - ok
18:39:56.0312 0280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:39:56.0312 0280 AFD - ok
18:39:56.0328 0280 Aha154x - ok
18:39:56.0328 0280 aic78u2 - ok
18:39:56.0343 0280 aic78xx - ok
18:39:56.0390 0280 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:39:56.0406 0280 Alerter - ok
18:39:56.0437 0280 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:39:56.0437 0280 ALG - ok
18:39:56.0437 0280 AliIde - ok
18:39:56.0453 0280 amsint - ok
18:39:56.0546 0280 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:56.0546 0280 Apple Mobile Device - ok
18:39:56.0578 0280 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:39:56.0578 0280 AppMgmt - ok
18:39:56.0593 0280 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:39:56.0593 0280 Arp1394 - ok
18:39:56.0609 0280 asc - ok
18:39:56.0625 0280 asc3350p - ok
18:39:56.0640 0280 asc3550 - ok
18:39:56.0765 0280 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:39:56.0796 0280 aspnet_state - ok
18:39:56.0828 0280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:39:56.0843 0280 AsyncMac - ok
18:39:56.0843 0280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:39:56.0843 0280 atapi - ok
18:39:56.0875 0280 Atdisk - ok
18:39:56.0906 0280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:39:56.0906 0280 Atmarpc - ok
18:39:56.0921 0280 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:39:56.0921 0280 AudioSrv - ok
18:39:56.0953 0280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:39:56.0953 0280 audstub - ok
18:39:57.0000 0280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:39:57.0000 0280 Beep - ok
18:39:57.0031 0280 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:39:57.0140 0280 BITS - ok
18:39:57.0171 0280 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
18:39:57.0171 0280 Bonjour Service - ok
18:39:57.0203 0280 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:39:57.0203 0280 Browser - ok
18:39:57.0218 0280 brrsdtjz - ok
18:39:57.0234 0280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:39:57.0234 0280 cbidf2k - ok
18:39:57.0250 0280 cd20xrnt - ok
18:39:57.0281 0280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:39:57.0281 0280 Cdaudio - ok
18:39:57.0296 0280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:39:57.0296 0280 Cdfs - ok
18:39:57.0312 0280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:39:57.0312 0280 Cdrom - ok
18:39:57.0328 0280 Changer - ok
18:39:57.0343 0280 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:39:57.0359 0280 CiSvc - ok
18:39:57.0375 0280 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:39:57.0375 0280 ClipSrv - ok
18:39:57.0421 0280 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:57.0437 0280 clr_optimization_v2.0.50727_32 - ok
18:39:57.0453 0280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:57.0515 0280 clr_optimization_v4.0.30319_32 - ok
18:39:57.0531 0280 CmdIde - ok
18:39:57.0546 0280 COMSysApp - ok
18:39:57.0578 0280 Cpqarray - ok
18:39:57.0625 0280 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\PC Wizard 2010\pcwiz_x32.sys
18:39:57.0625 0280 cpuz134 - ok
18:39:57.0640 0280 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:39:57.0640 0280 CryptSvc - ok
18:39:57.0656 0280 dac2w2k - ok
18:39:57.0671 0280 dac960nt - ok
18:39:57.0718 0280 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:39:57.0718 0280 DcomLaunch - ok
18:39:57.0765 0280 dg_ssudbus (99e30e03d38fca9474e144c78a67fa18) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:39:57.0765 0280 dg_ssudbus - ok
18:39:57.0796 0280 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:39:57.0796 0280 Dhcp - ok
18:39:57.0812 0280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:39:57.0812 0280 Disk - ok
18:39:57.0828 0280 dmadmin - ok
18:39:57.0875 0280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:39:57.0890 0280 dmboot - ok
18:39:57.0906 0280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:39:57.0906 0280 dmio - ok
18:39:57.0921 0280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:39:57.0921 0280 dmload - ok
18:39:57.0953 0280 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:39:57.0953 0280 dmserver - ok
18:39:57.0968 0280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:39:57.0968 0280 DMusic - ok
18:39:58.0000 0280 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:39:58.0000 0280 Dnscache - ok
18:39:58.0031 0280 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:39:58.0031 0280 Dot3svc - ok
18:39:58.0046 0280 dpti2o - ok
18:39:58.0078 0280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:39:58.0078 0280 drmkaud - ok
18:39:58.0125 0280 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
18:39:58.0125 0280 dtsoftbus01 - ok
18:39:58.0156 0280 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:39:58.0156 0280 EapHost - ok
18:39:58.0171 0280 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:39:58.0171 0280 ERSvc - ok
18:39:58.0203 0280 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:39:58.0203 0280 Eventlog - ok
18:39:58.0234 0280 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:39:58.0234 0280 EventSystem - ok
18:39:58.0265 0280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:39:58.0265 0280 Fastfat - ok
18:39:58.0281 0280 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:39:58.0281 0280 FastUserSwitchingCompatibility - ok
18:39:58.0312 0280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:39:58.0312 0280 Fdc - ok
18:39:58.0328 0280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:39:58.0328 0280 Fips - ok
18:39:58.0343 0280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:39:58.0343 0280 Flpydisk - ok
18:39:58.0359 0280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:39:58.0359 0280 FltMgr - ok
18:39:58.0421 0280 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:39:58.0421 0280 FontCache3.0.0.0 - ok
18:39:58.0484 0280 ForceWare Intelligent Application Manager (IAM) (b53d64a7ba4bc661b0baf6453f6fc743) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:39:58.0500 0280 ForceWare Intelligent Application Manager (IAM) - ok
18:39:58.0515 0280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:39:58.0515 0280 Fs_Rec - ok
18:39:58.0531 0280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:39:58.0531 0280 Ftdisk - ok
18:39:58.0578 0280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:39:58.0578 0280 GEARAspiWDM - ok
18:39:58.0609 0280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:39:58.0625 0280 Gpc - ok
18:39:58.0640 0280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:39:58.0640 0280 HDAudBus - ok
18:39:58.0687 0280 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:39:58.0687 0280 helpsvc - ok
18:39:58.0703 0280 HidServ - ok
18:39:58.0718 0280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:39:58.0718 0280 HidUsb - ok
18:39:58.0750 0280 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:39:58.0750 0280 hkmsvc - ok
18:39:58.0765 0280 hpn - ok
18:39:58.0812 0280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:39:58.0812 0280 HTTP - ok
18:39:58.0828 0280 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:39:58.0843 0280 HTTPFilter - ok
18:39:58.0843 0280 i2omgmt - ok
18:39:58.0859 0280 i2omp - ok
18:39:58.0875 0280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:39:58.0890 0280 i8042prt - ok
18:39:58.0968 0280 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:39:58.0968 0280 IDriverT - ok
18:39:59.0031 0280 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:39:59.0046 0280 idsvc - ok
18:39:59.0046 0280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:39:59.0062 0280 Imapi - ok
18:39:59.0093 0280 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:39:59.0093 0280 ImapiService - ok
18:39:59.0109 0280 ini910u - ok
18:39:59.0281 0280 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:39:59.0359 0280 IntcAzAudAddService - ok
18:39:59.0406 0280 IntelIde - ok
18:39:59.0421 0280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:39:59.0421 0280 intelppm - ok
18:39:59.0453 0280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:39:59.0453 0280 Ip6Fw - ok
18:39:59.0484 0280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:39:59.0484 0280 IpFilterDriver - ok
18:39:59.0500 0280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:39:59.0500 0280 IpInIp - ok
18:39:59.0531 0280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:39:59.0531 0280 IpNat - ok
18:39:59.0578 0280 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
18:39:59.0593 0280 iPod Service - ok
18:39:59.0609 0280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:39:59.0609 0280 IPSec - ok
18:39:59.0640 0280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:39:59.0640 0280 IRENUM - ok
18:39:59.0656 0280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:39:59.0656 0280 isapnp - ok
18:39:59.0734 0280 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:39:59.0734 0280 JavaQuickStarterService - ok
18:39:59.0750 0280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:39:59.0750 0280 Kbdclass - ok
18:39:59.0781 0280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:39:59.0781 0280 kbdhid - ok
18:39:59.0828 0280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:39:59.0828 0280 kmixer - ok
18:39:59.0843 0280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:39:59.0859 0280 KSecDD - ok
18:39:59.0890 0280 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:39:59.0890 0280 lanmanserver - ok
18:39:59.0937 0280 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:39:59.0937 0280 lanmanworkstation - ok
18:39:59.0953 0280 lbrtfdc - ok
18:39:59.0984 0280 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\DRIVERS\libusb0.sys
18:39:59.0984 0280 libusb0 - ok
18:40:00.0015 0280 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:40:00.0015 0280 LmHosts - ok
18:40:00.0046 0280 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:40:00.0062 0280 MDM - ok
18:40:00.0078 0280 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:40:00.0078 0280 Messenger - ok
18:40:00.0250 0280 MFE_RR - ok
18:40:00.0265 0280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:40:00.0265 0280 mnmdd - ok
18:40:00.0296 0280 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:40:00.0296 0280 mnmsrvc - ok
18:40:00.0312 0280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:40:00.0312 0280 Modem - ok
18:40:00.0312 0280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:40:00.0312 0280 Mouclass - ok
18:40:00.0328 0280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:40:00.0343 0280 MountMgr - ok
18:40:00.0375 0280 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:40:00.0375 0280 MpFilter - ok
18:40:00.0390 0280 mraid35x - ok
18:40:00.0406 0280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:40:00.0406 0280 MRxDAV - ok
18:40:00.0453 0280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:40:00.0453 0280 MRxSmb - ok
18:40:00.0531 0280 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:40:00.0531 0280 MSCSPTISRV - ok
18:40:00.0546 0280 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:40:00.0546 0280 MSDTC - ok
18:40:00.0578 0280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:40:00.0578 0280 Msfs - ok
18:40:00.0593 0280 MSIServer - ok
18:40:00.0625 0280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:40:00.0625 0280 MSKSSRV - ok
18:40:00.0656 0280 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:40:00.0656 0280 MsMpSvc - ok
18:40:00.0671 0280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:40:00.0671 0280 MSPCLOCK - ok
18:40:00.0687 0280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:40:00.0687 0280 MSPQM - ok
18:40:00.0734 0280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:40:00.0734 0280 mssmbios - ok
18:40:00.0750 0280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:40:00.0765 0280 Mup - ok
18:40:00.0796 0280 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:40:00.0812 0280 napagent - ok
18:40:00.0843 0280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:40:00.0843 0280 NDIS - ok
18:40:00.0890 0280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:40:00.0890 0280 NdisTapi - ok
18:40:00.0921 0280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:40:00.0921 0280 Ndisuio - ok
18:40:00.0937 0280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:40:00.0937 0280 NdisWan - ok
18:40:00.0968 0280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:40:00.0968 0280 NDProxy - ok
18:40:00.0984 0280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:40:00.0984 0280 NetBIOS - ok
18:40:01.0015 0280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:40:01.0015 0280 NetBT - ok
18:40:01.0046 0280 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:40:01.0046 0280 NetDDE - ok
18:40:01.0046 0280 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:40:01.0046 0280 NetDDEdsdm - ok
18:40:01.0078 0280 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:40:01.0078 0280 Netlogon - ok
18:40:01.0093 0280 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:40:01.0109 0280 Netman - ok
18:40:01.0171 0280 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:40:01.0187 0280 NetTcpPortSharing - ok
18:40:01.0203 0280 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:40:01.0203 0280 NIC1394 - ok
18:40:01.0234 0280 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:40:01.0250 0280 Nla - ok
18:40:01.0250 0280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:40:01.0250 0280 Npfs - ok
18:40:01.0296 0280 nSvcIp (168437a522d178df6a372f09782b084f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:40:01.0296 0280 nSvcIp - ok
18:40:01.0328 0280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:40:01.0328 0280 Ntfs - ok
18:40:01.0343 0280 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:40:01.0343 0280 NtLmSsp - ok
18:40:01.0390 0280 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:40:01.0406 0280 NtmsSvc - ok
18:40:01.0421 0280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:40:01.0421 0280 Null - ok
18:40:01.0812 0280 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:40:01.0984 0280 nv - ok
18:40:02.0062 0280 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:40:02.0062 0280 NVENETFD - ok
18:40:02.0078 0280 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
18:40:02.0078 0280 NVHDA - ok
18:40:02.0093 0280 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:40:02.0109 0280 nvnetbus - ok
18:40:02.0140 0280 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
18:40:02.0140 0280 NVSvc - ok
18:40:02.0234 0280 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:40:02.0296 0280 nvUpdatusService - ok
18:40:02.0328 0280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:40:02.0328 0280 NwlnkFlt - ok
18:40:02.0328 0280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:40:02.0328 0280 NwlnkFwd - ok
18:40:02.0343 0280 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:40:02.0343 0280 ohci1394 - ok
18:40:02.0390 0280 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:40:02.0390 0280 ose - ok
18:40:02.0453 0280 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:40:02.0453 0280 PACSPTISVR - ok
18:40:02.0484 0280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:40:02.0484 0280 Parport - ok
18:40:02.0484 0280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:40:02.0484 0280 PartMgr - ok
18:40:02.0515 0280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:40:02.0515 0280 ParVdm - ok
18:40:02.0531 0280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:40:02.0531 0280 PCI - ok
18:40:02.0546 0280 PCIDump - ok
18:40:02.0562 0280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:40:02.0562 0280 PCIIde - ok
18:40:02.0578 0280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:40:02.0578 0280 Pcmcia - ok
18:40:02.0593 0280 PDCOMP - ok
18:40:02.0609 0280 PDFRAME - ok
18:40:02.0625 0280 PDRELI - ok
18:40:02.0640 0280 PDRFRAME - ok
18:40:02.0656 0280 perc2 - ok
18:40:02.0671 0280 perc2hib - ok
18:40:02.0750 0280 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:40:02.0750 0280 PlugPlay - ok
18:40:02.0750 0280 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:40:02.0750 0280 PolicyAgent - ok
18:40:02.0796 0280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:40:02.0796 0280 PptpMiniport - ok
18:40:02.0812 0280 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:40:02.0812 0280 ProtectedStorage - ok
18:40:02.0828 0280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:40:02.0828 0280 PSched - ok
18:40:02.0859 0280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:40:02.0859 0280 Ptilink - ok
18:40:02.0875 0280 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:40:02.0875 0280 PxHelp20 - ok
18:40:02.0890 0280 ql1080 - ok
18:40:02.0906 0280 Ql10wnt - ok
18:40:02.0921 0280 ql12160 - ok
18:40:02.0937 0280 ql1240 - ok
18:40:02.0953 0280 ql1280 - ok
18:40:02.0984 0280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:40:02.0984 0280 RasAcd - ok
18:40:03.0000 0280 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:40:03.0015 0280 RasAuto - ok
18:40:03.0015 0280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:40:03.0015 0280 Rasl2tp - ok
18:40:03.0062 0280 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:40:03.0062 0280 RasMan - ok
18:40:03.0078 0280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:40:03.0078 0280 RasPppoe - ok
18:40:03.0093 0280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:40:03.0093 0280 Raspti - ok
18:40:03.0109 0280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:40:03.0109 0280 Rdbss - ok
18:40:03.0125 0280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:40:03.0125 0280 RDPCDD - ok
18:40:03.0156 0280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:40:03.0156 0280 rdpdr - ok
18:40:03.0187 0280 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:40:03.0203 0280 RDPWD - ok
18:40:03.0234 0280 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:40:03.0234 0280 RDSessMgr - ok
18:40:03.0250 0280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:40:03.0250 0280 redbook - ok
18:40:03.0265 0280 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:40:03.0281 0280 RemoteAccess - ok
18:40:03.0296 0280 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:40:03.0296 0280 RemoteRegistry - ok
18:40:03.0312 0280 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:40:03.0312 0280 RpcLocator - ok
18:40:03.0359 0280 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:40:03.0359 0280 RpcSs - ok
18:40:03.0375 0280 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:40:03.0390 0280 RSVP - ok
18:40:03.0437 0280 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys
18:40:03.0437 0280 RT73 - ok
18:40:03.0453 0280 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:40:03.0453 0280 SamSs - ok
18:40:03.0468 0280 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:40:03.0484 0280 SCardSvr - ok
18:40:03.0500 0280 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:40:03.0500 0280 Schedule - ok
18:40:03.0531 0280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:40:03.0531 0280 Secdrv - ok
18:40:03.0546 0280 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:40:03.0546 0280 seclogon - ok
18:40:03.0562 0280 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:40:03.0562 0280 SENS - ok
18:40:03.0593 0280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:40:03.0593 0280 Serial - ok
18:40:03.0671 0280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:40:03.0671 0280 Sfloppy - ok
18:40:03.0703 0280 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:40:03.0703 0280 ShellHWDetection - ok
18:40:03.0718 0280 Simbad - ok
18:40:03.0750 0280 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
18:40:03.0750 0280 SkypeUpdate - ok
18:40:03.0812 0280 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
18:40:03.0812 0280 SonicStage Back-End Service - ok
18:40:03.0812 0280 Sparrow - ok
18:40:03.0843 0280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:40:03.0843 0280 splitter - ok
18:40:03.0890 0280 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:40:03.0890 0280 Spooler - ok
18:40:03.0921 0280 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:40:03.0921 0280 SPTISRV - ok
18:40:03.0937 0280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:40:03.0953 0280 sr - ok
18:40:03.0968 0280 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:40:03.0968 0280 srservice - ok
18:40:03.0984 0280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:40:03.0984 0280 Srv - ok
18:40:04.0015 0280 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:40:04.0015 0280 SSDPSRV - ok
18:40:04.0046 0280 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
18:40:04.0046 0280 SSScsiSV - ok
18:40:04.0093 0280 ssudmdm (aa45e09505bbf8efe35430e901095a33) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:40:04.0093 0280 ssudmdm - ok
18:40:04.0109 0280 Steam Client Service - ok
18:40:04.0140 0280 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:40:04.0140 0280 stisvc - ok
18:40:04.0156 0280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:40:04.0156 0280 swenum - ok
18:40:04.0187 0280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:40:04.0187 0280 swmidi - ok
18:40:04.0203 0280 SwPrv - ok
18:40:04.0218 0280 symc810 - ok
18:40:04.0234 0280 symc8xx - ok
18:40:04.0250 0280 sym_hi - ok
18:40:04.0265 0280 sym_u3 - ok
18:40:04.0296 0280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:40:04.0296 0280 sysaudio - ok
18:40:04.0328 0280 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:40:04.0328 0280 SysmonLog - ok
18:40:04.0343 0280 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:40:04.0343 0280 TapiSrv - ok
18:40:04.0390 0280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:40:04.0406 0280 Tcpip - ok
18:40:04.0421 0280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:40:04.0421 0280 TDPIPE - ok
18:40:04.0437 0280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:40:04.0437 0280 TDTCP - ok
18:40:04.0468 0280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:40:04.0468 0280 TermDD - ok
18:40:04.0484 0280 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:40:04.0500 0280 TermService - ok
18:40:04.0500 0280 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:40:04.0500 0280 Themes - ok
18:40:04.0546 0280 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:40:04.0546 0280 TlntSvr - ok
18:40:04.0562 0280 TosIde - ok
18:40:04.0593 0280 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:40:04.0593 0280 TrkWks - ok
18:40:04.0625 0280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:40:04.0625 0280 Udfs - ok
18:40:04.0640 0280 ultra - ok
18:40:04.0703 0280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:40:04.0703 0280 Update - ok
18:40:04.0734 0280 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:40:04.0734 0280 upnphost - ok
18:40:04.0750 0280 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:40:04.0750 0280 UPS - ok
18:40:04.0781 0280 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:40:04.0781 0280 USBAAPL - ok
18:40:04.0812 0280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:40:04.0812 0280 usbccgp - ok
18:40:04.0828 0280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:40:04.0828 0280 usbehci - ok
18:40:04.0828 0280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:40:04.0843 0280 usbhub - ok
18:40:04.0875 0280 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:40:04.0875 0280 usbohci - ok
18:40:04.0890 0280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:40:04.0890 0280 usbprint - ok
18:40:04.0921 0280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:40:04.0921 0280 usbscan - ok
18:40:04.0937 0280 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:40:04.0937 0280 usbstor - ok
18:40:04.0968 0280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:40:04.0968 0280 VgaSave - ok
18:40:04.0968 0280 ViaIde - ok
18:40:04.0984 0280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:40:04.0984 0280 VolSnap - ok
18:40:05.0031 0280 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:40:05.0031 0280 VSS - ok
18:40:05.0062 0280 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:40:05.0062 0280 W32Time - ok
18:40:05.0078 0280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:40:05.0078 0280 Wanarp - ok
18:40:05.0125 0280 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:40:05.0140 0280 Wdf01000 - ok
18:40:05.0156 0280 WDICA - ok
18:40:05.0171 0280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:40:05.0171 0280 wdmaud - ok
18:40:05.0187 0280 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:40:05.0203 0280 WebClient - ok
18:40:05.0250 0280 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:40:05.0250 0280 winmgmt - ok
18:40:05.0328 0280 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:40:05.0328 0280 WinRM - ok
18:40:05.0406 0280 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:40:05.0406 0280 WinUSB - ok
18:40:05.0531 0280 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:40:05.0546 0280 wlidsvc - ok
18:40:05.0593 0280 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:40:05.0593 0280 WmdmPmSN - ok
18:40:05.0656 0280 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:40:05.0656 0280 Wmi - ok
18:40:05.0703 0280 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:40:05.0703 0280 WmiAcpi - ok
18:40:05.0734 0280 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:40:05.0734 0280 WmiApSrv - ok
18:40:05.0812 0280 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:40:05.0812 0280 WMPNetworkSvc - ok
18:40:05.0843 0280 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:40:05.0859 0280 WpdUsb - ok
18:40:06.0046 0280 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:40:06.0062 0280 WPFFontCache_v0400 - ok
18:40:06.0078 0280 WSearch - ok
18:40:06.0109 0280 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:40:06.0109 0280 wuauserv - ok
18:40:06.0125 0280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:40:06.0125 0280 WudfPf - ok
18:40:06.0140 0280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:40:06.0140 0280 WudfRd - ok
18:40:06.0171 0280 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:40:06.0171 0280 WudfSvc - ok
18:40:06.0203 0280 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:40:06.0250 0280 WZCSVC - ok
18:40:06.0281 0280 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:40:06.0296 0280 xmlprov - ok
18:40:06.0343 0280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:40:06.0703 0280 \Device\Harddisk0\DR0 - ok
18:40:06.0703 0280 Boot (0x1200) (e25b424b55de3998852edc28fa4e9a3a) \Device\Harddisk0\DR0\Partition0
18:40:06.0703 0280 \Device\Harddisk0\DR0\Partition0 - ok
18:40:06.0734 0280 Boot (0x1200) (323388e73f67b2e2ba1ad2760f424a8a) \Device\Harddisk0\DR0\Partition1
18:40:06.0734 0280 \Device\Harddisk0\DR0\Partition1 - ok
18:40:06.0734 0280 ============================================================
18:40:06.0734 0280 Scan finished
18:40:06.0734 0280 ============================================================
18:40:06.0765 0268 Detected object count: 0
18:40:06.0765 0268 Actual detected object count: 0
18:40:09.0234 0148 Deinitialize success



aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 18:40:09
-----------------------------
18:40:09.765 OS Version: Windows 5.1.2600 Service Pack 3
18:40:09.765 Number of processors: 4 586 0x170A
18:40:09.765 ComputerName: SOULREAVER UserName:
18:40:10.500 Initialize success
18:45:18.828 AVAST engine defs: 12060901
18:51:29.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
18:51:29.625 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
18:51:29.640 Disk 0 MBR read successfully
18:51:29.656 Disk 0 MBR scan
18:51:29.687 Disk 0 Windows XP default MBR code
18:51:29.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 942932 MB offset 63
18:51:29.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10934 MB offset 1931126784
18:51:29.750 Disk 0 scanning sectors +1953519616
18:51:29.812 Disk 0 scanning C:\WINDOWS\system32\drivers
18:51:35.812 Service scanning
18:51:46.312 Modules scanning
18:51:50.046 Disk 0 trace - called modules:
18:51:50.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:51:57.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa84ab8]
18:51:57.484 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000069[0x8ab0cee8]
18:51:57.890 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8aa86030]
18:51:59.484 AVAST engine scan C:\WINDOWS
18:52:10.531 AVAST engine scan C:\WINDOWS\system32
18:54:54.359 AVAST engine scan C:\WINDOWS\system32\drivers
18:55:29.531 AVAST engine scan C:\Documents and Settings\Soul Reaver
19:40:50.500 AVAST engine scan C:\Documents and Settings\All Users
19:42:18.562 Scan finished successfully
20:35:39.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Soul Reaver\Desktop\MBR.dat"
20:35:39.515 The log file has been saved successfully to "C:\Documents and Settings\Soul Reaver\Desktop\aswMBR log.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 10 June 2012 - 03:48 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the generated log here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 11 June 2012 - 01:45 AM

Sorry that took a while (had to go to work) but here are the three logs:

Malwarebytes Anti-Malware Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Soul Reaver :: SOULREAVER [administrator]

10/06/2012 11:26:53 p.m.
mbam-log-2012-06-10 (23-26-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 698928
Time elapsed: 3 hour(s), 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Documents and Settings\Soul Reaver\Local Settings\Application Data\{dd612f75-69c1-b9fa-698f-d22d66a7ea82}\n.) Good: (%SystemRoot%\system32\shdocvw.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{dd612f75-69c1-b9fa-698f-d22d66a7ea82}\n.) Good: (%systemroot%\system32\wbem\wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\David Backup\Downloads\Alcohol 120\Alcohol 120 Retail Activation Keymaker - BetaMaster\keymaker_v3.9.3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\David Backup\Downloads\Offline Explorer\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Soul Reaver\Desktop\W3changer1.1beta\W3changer1.1beta.exe (Trojan.Banker.Gen) -> Quarantined and deleted successfully.
C:\Downloads\Fate Stay Night\Tools\xp3tools-20060708\xp3tools-20060708\kiri_sm.exe (Trojan.Winlock.Pak) -> Quarantined and deleted successfully.
C:\Games\Vanguard Princess\TDU500.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.

(end)


ESET Online Scanner Log:

C:\Traveldrive Backup\Old Computer\Old Computer\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\Traveldrive Backup\Old Computer\Old Computer\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application cleaned by deleting - quarantined
C:\Games\NTLE 086 Beta\neko.dll a variant of Win32/FlyStudio application cleaned by deleting - quarantined


MiniTool Log:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Soul Reaver (administrator) on 11-06-2012 at 18:36:44
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [SOULREAVER]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=10.1.1.2 mask=255.0.0.0
set address name="Local Area Connection" gateway=10.1.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=168.95.1.1 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : soulreaver Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet Physical Address. . . . . . . . . : 00-1F-E2-58-04-95 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.1.1.2 Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : 10.1.1.1 DNS Servers . . . . . . . . . . . : 168.95.1.1Server: dns.hinet.net
Address: 168.95.1.1

Name: google.com
Addresses: 74.125.31.138, 74.125.31.139, 74.125.31.100, 74.125.31.101
74.125.31.102, 74.125.31.113

Pinging google.com [173.194.72.113] with 32 bytes of data:Reply from 173.194.72.113: bytes=32 time=187ms TTL=48Reply from 173.194.72.113: bytes=32 time=186ms TTL=48Ping statistics for 173.194.72.113: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 186ms, Maximum = 187ms, Average = 186msServer: dns.hinet.net
Address: 168.95.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=201ms TTL=50Reply from 209.191.122.70: bytes=32 time=202ms TTL=51Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 201ms, Maximum = 202ms, Average = 201msServer: dns.hinet.net
Address: 168.95.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f e2 58 04 95 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 20
10.0.0.0 255.0.0.0 10.1.1.2 10.1.1.2 20
10.1.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.1.1.2 10.1.1.2 20
224.0.0.0 240.0.0.0 10.1.1.2 10.1.1.2 20
255.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2 1
Default Gateway: 10.1.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2012 07:30:39 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/11/2012 00:36:56 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.0.1526.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/10/2012 08:37:11 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 06:39:24 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 06:36:59 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 05:47:08 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 02:03:27 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 02:01:59 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 01:17:00 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/10/2012 10:31:11 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (06/10/2012 08:36:01 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 08:35:37 PM) (Source: DCOM) (User: Soul Reaver)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/10/2012 06:39:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 05:48:04 PM) (Source: DCOM) (User: Soul Reaver)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/10/2012 05:47:25 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 02:03:46 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 02:02:18 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 02:02:17 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/10/2012 02:02:12 PM) (Source: DCOM) (User: Soul Reaver)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (06/10/2012 02:02:03 PM) (Source: DCOM) (User: Soul Reaver)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}


Microsoft Office Sessions:
=========================
Error: (06/11/2012 07:30:39 AM) (Source: WinMgmt)(User: )
Description:

Error: (06/11/2012 00:36:56 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.0.1526.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/10/2012 08:37:11 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 06:39:24 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 06:36:59 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 05:47:08 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 02:03:27 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 02:01:59 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 01:17:00 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/10/2012 10:31:11 AM) (Source: WinMgmt)(User: )
Description:


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Photoshop 7.0.1 (Version: 7.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Alien Swarm
Amnesia: The Dark Descent
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Baldur's Gate
Batman: Arkham Asylum
Battle for Wesnoth 1.8.6 (Version: 1.8.6)
BioShock
BitTorrent (Version: 7.2.1)
Bonjour (Version: 2.0.5.0)
CDisplay 1.8
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Condemned - Criminal Origins (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.40.2.0131)
Dawn of Skirmish SS AI 3.2
Dawn of War - Soulstorm (Version: 1.00.0000)
Deus Ex: Human Revolution - The Missing Link
eMule
ESET Online Scanner v3
Eye Candy 4000
Fate/stay night English v3.2
Fraps (remove only)
GOG.com Downloader (Version: 0.9.30)
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Homeworld2
Inform 7
Ipswitch WS_FTP Pro (Version: 9.01)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 26 (Version: 1.6.0.260)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Mega Codec Pack 7.1.0 (Version: 7.1.0)
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mass Effect
Mass Effect 2 (Version: 1.02)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Application Compatibility Database
Microsoft WinUsb 1.0
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
MpqViewer (Version: 1.5.2.0)
MSVCRT (Version: 14.0.1468.721)
NetBeans IDE 7.0 (Version: 7.0)
Nexus: The Jupiter Incident
Norton Utilities (Version: 14.5)
NVIDIA Control Panel 285.58 (Version: 285.58)
NVIDIA Drivers (Version: 1.5)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313)
NVIDIA Graphics Driver 285.58 (Version: 285.58)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
OpenAL
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
Painkiller Black
PC Wizard 2010.1.96
PCSX2 - Playstation 2 Emulator
PDF Manual NW-A800 Series (Version: 1.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Portal
Portal 2
Psychonauts
Python 2.7.2 (Version: 2.7.2150)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Recover My Files (Version: 3.9.8.6173)
Roadkil's Unstoppable Copier Version 5.2
S.T.A.L.K.E.R.: Shadow of Chernobyl
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2360.0)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.8 (Version: 5.8.158)
SonicStage 4.3 (Version: 4.3)
Soulstorm Bugfix Mod
Stalker Complete 2009 v1.4.4
Steam (Version: 1.0.0.0)
Subtitle Workshop 2.51
Team Fortress 2
The Witcher 2 - Assassins of Kings Enhanced Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Utawarerumono English v1.1
Vampire: The Masquerade - Bloodlines
Video Downloader (Version: 1.0.00.03050)
VLC media player 1.1.10 (Version: 1.1.10)
WALKMAN Launcher (Version: 1.0.00.02190)
Warcraft III: All Products
Warhammer 40,000 Space Marine
Warhammer® 40,000®: Dawn of War® II – Retribution™
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.61 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Glulxe
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinRAR archiver
You Don't Know Jack The Ride

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3326.11 MB
Available physical RAM: 2447.13 MB
Total Pagefile: 5210.06 MB
Available Pagefile: 4406.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:920.83 GB) (Free:193.84 GB) NTFS
6 Drive h: (FACTORY_IMAGE) (Fixed) (Total:10.68 GB) (Free:1.45 GB) NTFS
7 Drive i: (CD2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SOULREAVER

Administrator ASPNET Guest
HelpAssistant Soul Reaver SUPPORT_388945a0
UpdatusUser


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 11 June 2012 - 01:57 AM

Download

system look


Launch it and copy this script and paste in the search BOX

:folderfind
{dd612f75-69c1-b9fa-698f-d22d66a7ea82}


Click on LOOK and post the generated log

Re run malwarebytes and post the clean log

#11 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 11 June 2012 - 07:29 AM

Thanks again. Logs are below:

System Look Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:32 on 11/06/2012 by Soul Reaver
Administrator - Elevation successful

========== folderfind ==========

Searching for "{dd612f75-69c1-b9fa-698f-d22d66a7ea82}"
C:\Documents and Settings\Soul Reaver\Local Settings\Application Data\{dd612f75-69c1-b9fa-698f-d22d66a7ea82} d--hs-- [12:00 04/08/2004]
C:\WINDOWS\Installer\{dd612f75-69c1-b9fa-698f-d22d66a7ea82} d--hs-- [12:00 04/08/2004]

-= EOF =-


Malwarebytes AntiMalware Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Soul Reaver :: SOULREAVER [administrator]

11/06/2012 9:46:35 p.m.
mbam-log-2012-06-11 (21-46-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 665684
Time elapsed: 2 hour(s), 12 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 11 June 2012 - 12:00 PM

Press WIndows+R key and type

installer and click ok

On top,click on TOOLS-Folder & search options

Click on View tab

Check mark show hidden files

Uncheck hide protected operating system files

Click ok

Now delete this folder {dd612f75-69c1-b9fa-698f-d22d66a7ea82}

Similarly go to

C:\Documents and Settings\Soul Reaver\Local Settings\Application Data\{dd612f75-69c1-b9fa-698f-d22d66a7ea82} >> delete the folder

Let me know if you receive access denied errors.

Post the new system look log

Edited by narenxp, 11 June 2012 - 12:01 PM.


#13 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 11 June 2012 - 03:04 PM

No problems seeing the folders (I have my settings set to reveal hidden folders by default), and was able to delete the specified folders without incident. I then also cleared my recycle bin. New log below:

SystemLook Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:39 on 12/06/2012 by Soul Reaver
Administrator - Elevation successful

========== folderfind ==========

Searching for "{dd612f75-69c1-b9fa-698f-d22d66a7ea82}"
No folders found.

-= EOF =-

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:36 PM

Posted 11 June 2012 - 08:52 PM

Grt :thumbsup:

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 Soul Reaver

Soul Reaver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 12 June 2012 - 03:52 AM

Thank you very much for the help, that's all done as well. :)

But I still can't start my firewall - I suspect it was damaged/disabled/removed by the malware. When I try to Run it with the command firewall.cpl I get the message "Due to an unidentified problem, Windows cnanot display Windows Firewall settings"

How can I fix or re-enable it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users