Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Click.get-answers-fast.com redirect from Google


  • This topic is locked This topic is locked
6 replies to this topic

#1 LBQ

LBQ

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:09 AM

Posted 19 June 2012 - 03:27 PM

Windows XP, SP3, 32bit. General use machine. Just started Getting browser redirects in IE 8 and FF 12.0 on Monday 18June2012.
MBAM up to date, runs clean Full and Quick.
AVG Free 2012 installed.
Would like assistance getting rid of this nasty browser redirect thing. It doesn't stay on Click.get-answers-fast.com for very long and then resolves to something of some other URL that usually begins with an IP addr.
Thanks for your help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 AM

Posted 19 June 2012 - 04:35 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 LBQ

LBQ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:09 AM

Posted 19 June 2012 - 07:10 PM

================== TDSSkiller log ==========================
16:19:13.0484 3864 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
16:19:13.0890 3864 ============================================================
16:19:13.0890 3864 Current date / time: 2012/06/19 16:19:13.0890
16:19:13.0890 3864 SystemInfo:
16:19:13.0890 3864
16:19:13.0890 3864 OS Version: 5.1.2600 ServicePack: 3.0
16:19:13.0890 3864 Product type: Workstation
16:19:13.0890 3864 ComputerName: ROE-A666C96F313
16:19:13.0890 3864 UserName: scubadiver
16:19:13.0890 3864 Windows directory: C:\WINDOWS
16:19:13.0890 3864 System windows directory: C:\WINDOWS
16:19:13.0890 3864 Processor architecture: Intel x86
16:19:13.0890 3864 Number of processors: 4
16:19:13.0890 3864 Page size: 0x1000
16:19:13.0890 3864 Boot type: Normal boot
16:19:13.0890 3864 ============================================================
16:19:15.0187 3864 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:19:15.0203 3864 ============================================================
16:19:15.0203 3864 \Device\Harddisk0\DR0:
16:19:15.0203 3864 MBR partitions:
16:19:15.0203 3864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
16:19:15.0203 3864 ============================================================
16:19:15.0250 3864 C: <-> \Device\Harddisk0\DR0\Partition0
16:19:15.0250 3864 ============================================================
16:19:15.0250 3864 Initialize success
16:19:15.0250 3864 ============================================================
16:19:31.0140 3940 ============================================================
16:19:31.0140 3940 Scan started
16:19:31.0140 3940 Mode: Manual; TDLFS;
16:19:31.0140 3940 ============================================================
16:19:31.0359 3940 Abiosdsk - ok
16:19:31.0359 3940 abp480n5 - ok
16:19:31.0406 3940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:19:31.0406 3940 ACPI - ok
16:19:31.0421 3940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:19:31.0421 3940 ACPIEC - ok
16:19:31.0484 3940 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:19:31.0500 3940 AdobeFlashPlayerUpdateSvc - ok
16:19:31.0500 3940 adpu160m - ok
16:19:31.0531 3940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:19:31.0531 3940 aec - ok
16:19:31.0562 3940 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:19:31.0562 3940 AFD - ok
16:19:31.0562 3940 Aha154x - ok
16:19:31.0578 3940 aic78u2 - ok
16:19:31.0578 3940 aic78xx - ok
16:19:31.0609 3940 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:19:31.0609 3940 Alerter - ok
16:19:31.0625 3940 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:19:31.0625 3940 ALG - ok
16:19:31.0640 3940 AliIde - ok
16:19:31.0718 3940 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:19:31.0734 3940 Ambfilt - ok
16:19:31.0781 3940 amdide (211fce336502911ec03fc15a91344c98) C:\WINDOWS\system32\DRIVERS\amdide.sys
16:19:31.0781 3940 amdide - ok
16:19:31.0796 3940 amsint - ok
16:19:31.0812 3940 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:19:31.0812 3940 AppMgmt - ok
16:19:31.0812 3940 asc - ok
16:19:31.0812 3940 asc3350p - ok
16:19:31.0828 3940 asc3550 - ok
16:19:31.0890 3940 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:19:31.0890 3940 aspnet_state - ok
16:19:31.0906 3940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:19:31.0906 3940 AsyncMac - ok
16:19:31.0921 3940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:19:31.0921 3940 atapi - ok
16:19:31.0921 3940 Atdisk - ok
16:19:31.0937 3940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:19:31.0937 3940 Atmarpc - ok
16:19:31.0968 3940 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:19:31.0968 3940 AudioSrv - ok
16:19:32.0000 3940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:19:32.0000 3940 audstub - ok
16:19:32.0171 3940 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:19:32.0250 3940 AVGIDSAgent - ok
16:19:32.0312 3940 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:19:32.0312 3940 AVGIDSDriver - ok
16:19:32.0312 3940 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:19:32.0312 3940 AVGIDSFilter - ok
16:19:32.0312 3940 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:19:32.0328 3940 AVGIDSHX - ok
16:19:32.0328 3940 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:19:32.0328 3940 AVGIDSShim - ok
16:19:32.0343 3940 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:19:32.0343 3940 Avgldx86 - ok
16:19:32.0359 3940 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:19:32.0359 3940 Avgmfx86 - ok
16:19:32.0359 3940 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:19:32.0359 3940 Avgrkx86 - ok
16:19:32.0375 3940 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:19:32.0390 3940 Avgtdix - ok
16:19:32.0421 3940 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:19:32.0421 3940 avgwd - ok
16:19:32.0421 3940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:19:32.0437 3940 Beep - ok
16:19:32.0468 3940 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:19:32.0468 3940 BITS - ok
16:19:32.0484 3940 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:19:32.0484 3940 Browser - ok
16:19:32.0500 3940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:19:32.0500 3940 cbidf2k - ok
16:19:32.0515 3940 cd20xrnt - ok
16:19:32.0531 3940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:19:32.0531 3940 Cdaudio - ok
16:19:32.0546 3940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:19:32.0546 3940 Cdfs - ok
16:19:32.0546 3940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:19:32.0546 3940 Cdrom - ok
16:19:32.0562 3940 Changer - ok
16:19:32.0578 3940 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:19:32.0578 3940 CiSvc - ok
16:19:32.0578 3940 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:19:32.0578 3940 ClipSrv - ok
16:19:32.0656 3940 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:19:32.0656 3940 clr_optimization_v2.0.50727_32 - ok
16:19:32.0656 3940 CmdIde - ok
16:19:32.0671 3940 COMSysApp - ok
16:19:32.0687 3940 Cpqarray - ok
16:19:32.0703 3940 cpuz134 - ok
16:19:32.0734 3940 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:19:32.0734 3940 CryptSvc - ok
16:19:32.0734 3940 dac2w2k - ok
16:19:32.0750 3940 dac960nt - ok
16:19:32.0796 3940 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:19:32.0796 3940 DcomLaunch - ok
16:19:32.0812 3940 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:19:32.0812 3940 Dhcp - ok
16:19:32.0812 3940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:19:32.0828 3940 Disk - ok
16:19:32.0828 3940 dmadmin - ok
16:19:32.0859 3940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:19:32.0875 3940 dmboot - ok
16:19:32.0890 3940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:19:32.0890 3940 dmio - ok
16:19:32.0890 3940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:19:32.0890 3940 dmload - ok
16:19:32.0906 3940 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:19:32.0906 3940 dmserver - ok
16:19:32.0937 3940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:19:32.0937 3940 DMusic - ok
16:19:32.0953 3940 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:19:32.0953 3940 Dnscache - ok
16:19:32.0984 3940 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:19:32.0984 3940 Dot3svc - ok
16:19:32.0984 3940 dpti2o - ok
16:19:33.0000 3940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:19:33.0000 3940 drmkaud - ok
16:19:33.0015 3940 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:19:33.0015 3940 EapHost - ok
16:19:33.0015 3940 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:19:33.0015 3940 ERSvc - ok
16:19:33.0062 3940 esgiguard - ok
16:19:33.0078 3940 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:19:33.0078 3940 Eventlog - ok
16:19:33.0109 3940 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:19:33.0109 3940 EventSystem - ok
16:19:33.0125 3940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:19:33.0125 3940 Fastfat - ok
16:19:33.0156 3940 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:19:33.0156 3940 FastUserSwitchingCompatibility - ok
16:19:33.0171 3940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:19:33.0171 3940 Fdc - ok
16:19:33.0187 3940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:19:33.0187 3940 Fips - ok
16:19:33.0187 3940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:19:33.0187 3940 Flpydisk - ok
16:19:33.0218 3940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:19:33.0218 3940 FltMgr - ok
16:19:33.0250 3940 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:19:33.0250 3940 FontCache3.0.0.0 - ok
16:19:33.0265 3940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:19:33.0265 3940 Fs_Rec - ok
16:19:33.0281 3940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:19:33.0281 3940 Ftdisk - ok
16:19:33.0296 3940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:19:33.0296 3940 Gpc - ok
16:19:33.0312 3940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:19:33.0312 3940 HDAudBus - ok
16:19:33.0328 3940 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:19:33.0328 3940 helpsvc - ok
16:19:33.0343 3940 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:19:33.0343 3940 HidServ - ok
16:19:33.0343 3940 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:19:33.0343 3940 hidusb - ok
16:19:33.0359 3940 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:19:33.0359 3940 hkmsvc - ok
16:19:33.0359 3940 hpn - ok
16:19:33.0406 3940 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:19:33.0406 3940 hpqcxs08 - ok
16:19:33.0421 3940 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:19:33.0421 3940 hpqddsvc - ok
16:19:33.0437 3940 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:19:33.0437 3940 HPSLPSVC - ok
16:19:33.0468 3940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:19:33.0468 3940 HTTP - ok
16:19:33.0468 3940 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:19:33.0468 3940 HTTPFilter - ok
16:19:33.0484 3940 i2omgmt - ok
16:19:33.0484 3940 i2omp - ok
16:19:33.0500 3940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:19:33.0500 3940 i8042prt - ok
16:19:33.0546 3940 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:19:33.0546 3940 idsvc - ok
16:19:33.0562 3940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:19:33.0562 3940 Imapi - ok
16:19:33.0578 3940 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:19:33.0578 3940 ImapiService - ok
16:19:33.0593 3940 ini910u - ok
16:19:33.0781 3940 IntcAzAudAddService (0021d1fab7bccfe78aca87eed3732b78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:19:33.0812 3940 IntcAzAudAddService - ok
16:19:33.0875 3940 IntelIde - ok
16:19:33.0906 3940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:19:33.0906 3940 Ip6Fw - ok
16:19:33.0921 3940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:19:33.0921 3940 IpFilterDriver - ok
16:19:33.0953 3940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:19:33.0953 3940 IpInIp - ok
16:19:33.0984 3940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:19:33.0984 3940 IpNat - ok
16:19:34.0015 3940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:19:34.0015 3940 IPSec - ok
16:19:34.0031 3940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:19:34.0031 3940 IRENUM - ok
16:19:34.0078 3940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:19:34.0078 3940 isapnp - ok
16:19:34.0187 3940 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:19:34.0187 3940 JavaQuickStarterService - ok
16:19:34.0203 3940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:19:34.0218 3940 Kbdclass - ok
16:19:34.0234 3940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:19:34.0234 3940 kbdhid - ok
16:19:34.0281 3940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:19:34.0281 3940 kmixer - ok
16:19:34.0312 3940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:19:34.0312 3940 KSecDD - ok
16:19:34.0343 3940 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:19:34.0343 3940 LanmanServer - ok
16:19:34.0375 3940 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:19:34.0375 3940 lanmanworkstation - ok
16:19:34.0390 3940 lbrtfdc - ok
16:19:34.0437 3940 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:19:34.0437 3940 LmHosts - ok
16:19:34.0546 3940 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:19:34.0578 3940 Messenger - ok
16:19:34.0593 3940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:19:34.0609 3940 mnmdd - ok
16:19:34.0625 3940 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:19:34.0640 3940 mnmsrvc - ok
16:19:34.0656 3940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:19:34.0656 3940 Modem - ok
16:19:34.0703 3940 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
16:19:34.0734 3940 Monfilt - ok
16:19:34.0750 3940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:19:34.0750 3940 Mouclass - ok
16:19:34.0781 3940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:19:34.0781 3940 mouhid - ok
16:19:34.0796 3940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:19:34.0796 3940 MountMgr - ok
16:19:34.0906 3940 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:19:34.0921 3940 MozillaMaintenance - ok
16:19:34.0921 3940 mraid35x - ok
16:19:35.0000 3940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:19:35.0000 3940 MRxDAV - ok
16:19:35.0093 3940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:19:35.0109 3940 MRxSmb - ok
16:19:35.0156 3940 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:19:35.0171 3940 MSDTC - ok
16:19:35.0187 3940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:19:35.0203 3940 Msfs - ok
16:19:35.0203 3940 MSIServer - ok
16:19:35.0250 3940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:19:35.0250 3940 MSKSSRV - ok
16:19:35.0281 3940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:19:35.0281 3940 MSPCLOCK - ok
16:19:35.0296 3940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:19:35.0296 3940 MSPQM - ok
16:19:35.0328 3940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:19:35.0328 3940 mssmbios - ok
16:19:35.0375 3940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:19:35.0375 3940 Mup - ok
16:19:35.0437 3940 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:19:35.0437 3940 napagent - ok
16:19:35.0468 3940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:19:35.0468 3940 NDIS - ok
16:19:35.0484 3940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:19:35.0484 3940 NdisTapi - ok
16:19:35.0484 3940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:19:35.0484 3940 Ndisuio - ok
16:19:35.0500 3940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:19:35.0500 3940 NdisWan - ok
16:19:35.0515 3940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:19:35.0515 3940 NDProxy - ok
16:19:35.0546 3940 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
16:19:35.0546 3940 Net Driver HPZ12 - ok
16:19:35.0546 3940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:19:35.0546 3940 NetBIOS - ok
16:19:35.0562 3940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:19:35.0562 3940 NetBT - ok
16:19:35.0593 3940 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:19:35.0593 3940 NetDDE - ok
16:19:35.0593 3940 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:19:35.0593 3940 NetDDEdsdm - ok
16:19:35.0609 3940 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:19:35.0609 3940 Netlogon - ok
16:19:35.0625 3940 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:19:35.0625 3940 Netman - ok
16:19:35.0718 3940 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:19:35.0734 3940 NetTcpPortSharing - ok
16:19:35.0796 3940 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:19:35.0796 3940 Nla - ok
16:19:35.0812 3940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:19:35.0812 3940 Npfs - ok
16:19:35.0843 3940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:19:35.0859 3940 Ntfs - ok
16:19:35.0859 3940 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:19:35.0859 3940 NtLmSsp - ok
16:19:35.0875 3940 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:19:35.0890 3940 NtmsSvc - ok
16:19:35.0906 3940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:19:35.0906 3940 Null - ok
16:19:35.0921 3940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:19:35.0921 3940 NwlnkFlt - ok
16:19:35.0921 3940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:19:35.0921 3940 NwlnkFwd - ok
16:19:35.0953 3940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:19:35.0953 3940 Parport - ok
16:19:35.0953 3940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:19:35.0953 3940 PartMgr - ok
16:19:35.0968 3940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:19:35.0968 3940 ParVdm - ok
16:19:35.0984 3940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:19:35.0984 3940 PCI - ok
16:19:35.0984 3940 PCIDump - ok
16:19:35.0984 3940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:19:35.0984 3940 PCIIde - ok
16:19:36.0000 3940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:19:36.0000 3940 Pcmcia - ok
16:19:36.0000 3940 PDCOMP - ok
16:19:36.0000 3940 PDFRAME - ok
16:19:36.0000 3940 PDRELI - ok
16:19:36.0015 3940 PDRFRAME - ok
16:19:36.0015 3940 perc2 - ok
16:19:36.0015 3940 perc2hib - ok
16:19:36.0031 3940 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:19:36.0031 3940 PlugPlay - ok
16:19:36.0046 3940 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
16:19:36.0046 3940 Pml Driver HPZ12 - ok
16:19:36.0046 3940 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:19:36.0046 3940 PolicyAgent - ok
16:19:36.0062 3940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:19:36.0062 3940 PptpMiniport - ok
16:19:36.0062 3940 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:19:36.0062 3940 Processor - ok
16:19:36.0062 3940 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:19:36.0078 3940 ProtectedStorage - ok
16:19:36.0078 3940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:19:36.0078 3940 PSched - ok
16:19:36.0078 3940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:19:36.0078 3940 Ptilink - ok
16:19:36.0078 3940 ql1080 - ok
16:19:36.0078 3940 Ql10wnt - ok
16:19:36.0093 3940 ql12160 - ok
16:19:36.0093 3940 ql1240 - ok
16:19:36.0093 3940 ql1280 - ok
16:19:36.0109 3940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:19:36.0109 3940 RasAcd - ok
16:19:36.0140 3940 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:19:36.0140 3940 RasAuto - ok
16:19:36.0140 3940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:19:36.0140 3940 Rasl2tp - ok
16:19:36.0156 3940 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:19:36.0171 3940 RasMan - ok
16:19:36.0171 3940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:19:36.0171 3940 RasPppoe - ok
16:19:36.0171 3940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:19:36.0171 3940 Raspti - ok
16:19:36.0187 3940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:19:36.0187 3940 Rdbss - ok
16:19:36.0203 3940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:19:36.0203 3940 RDPCDD - ok
16:19:36.0234 3940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:19:36.0234 3940 rdpdr - ok
16:19:36.0265 3940 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:19:36.0265 3940 RDPWD - ok
16:19:36.0296 3940 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:19:36.0296 3940 RDSessMgr - ok
16:19:36.0296 3940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:19:36.0296 3940 redbook - ok
16:19:36.0312 3940 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:19:36.0312 3940 RemoteAccess - ok
16:19:36.0312 3940 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:19:36.0312 3940 RemoteRegistry - ok
16:19:36.0328 3940 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:19:36.0328 3940 RpcLocator - ok
16:19:36.0359 3940 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:19:36.0359 3940 RpcSs - ok
16:19:36.0375 3940 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:19:36.0375 3940 RSVP - ok
16:19:36.0390 3940 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:19:36.0406 3940 RTLE8023xp - ok
16:19:36.0406 3940 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:19:36.0421 3940 SamSs - ok
16:19:36.0437 3940 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:19:36.0437 3940 SCardSvr - ok
16:19:36.0453 3940 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:19:36.0453 3940 Schedule - ok
16:19:36.0468 3940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:19:36.0468 3940 Secdrv - ok
16:19:36.0484 3940 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:19:36.0484 3940 seclogon - ok
16:19:36.0500 3940 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:19:36.0500 3940 SENS - ok
16:19:36.0500 3940 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:19:36.0500 3940 serenum - ok
16:19:36.0500 3940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:19:36.0500 3940 Serial - ok
16:19:36.0515 3940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:19:36.0515 3940 Sfloppy - ok
16:19:36.0531 3940 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:19:36.0531 3940 SharedAccess - ok
16:19:36.0562 3940 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:19:36.0562 3940 ShellHWDetection - ok
16:19:36.0562 3940 Simbad - ok
16:19:36.0578 3940 Sparrow - ok
16:19:36.0578 3940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:19:36.0578 3940 splitter - ok
16:19:36.0578 3940 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:19:36.0593 3940 Spooler - ok
16:19:36.0593 3940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:19:36.0593 3940 sr - ok
16:19:36.0609 3940 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:19:36.0609 3940 srservice - ok
16:19:36.0640 3940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:19:36.0656 3940 Srv - ok
16:19:36.0671 3940 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:19:36.0671 3940 SSDPSRV - ok
16:19:36.0687 3940 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:19:36.0687 3940 StillCam - ok
16:19:36.0718 3940 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:19:36.0734 3940 stisvc - ok
16:19:36.0750 3940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:19:36.0750 3940 swenum - ok
16:19:36.0750 3940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:19:36.0750 3940 swmidi - ok
16:19:36.0750 3940 SwPrv - ok
16:19:36.0765 3940 symc810 - ok
16:19:36.0765 3940 symc8xx - ok
16:19:36.0765 3940 sym_hi - ok
16:19:36.0765 3940 sym_u3 - ok
16:19:36.0781 3940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:19:36.0781 3940 sysaudio - ok
16:19:36.0812 3940 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:19:36.0812 3940 SysmonLog - ok
16:19:36.0828 3940 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:19:36.0828 3940 TapiSrv - ok
16:19:36.0859 3940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:19:36.0859 3940 Tcpip - ok
16:19:36.0875 3940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:19:36.0875 3940 TDPIPE - ok
16:19:36.0875 3940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:19:36.0875 3940 TDTCP - ok
16:19:36.0890 3940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:19:36.0890 3940 TermDD - ok
16:19:36.0906 3940 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:19:36.0906 3940 TermService - ok
16:19:36.0921 3940 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:19:36.0921 3940 Themes - ok
16:19:36.0937 3940 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:19:36.0937 3940 TlntSvr - ok
16:19:36.0953 3940 TosIde - ok
16:19:36.0953 3940 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:19:36.0953 3940 TrkWks - ok
16:19:36.0968 3940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:19:36.0968 3940 Udfs - ok
16:19:36.0968 3940 ultra - ok
16:19:37.0000 3940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:19:37.0000 3940 Update - ok
16:19:37.0015 3940 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:19:37.0015 3940 upnphost - ok
16:19:37.0046 3940 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:19:37.0046 3940 UPS - ok
16:19:37.0062 3940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:19:37.0062 3940 usbccgp - ok
16:19:37.0062 3940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:19:37.0062 3940 usbehci - ok
16:19:37.0078 3940 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
16:19:37.0078 3940 usbfilter - ok
16:19:37.0093 3940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:19:37.0093 3940 usbhub - ok
16:19:37.0093 3940 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:19:37.0093 3940 usbohci - ok
16:19:37.0140 3940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:19:37.0140 3940 usbprint - ok
16:19:37.0156 3940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:19:37.0156 3940 usbscan - ok
16:19:37.0187 3940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:19:37.0187 3940 USBSTOR - ok
16:19:37.0218 3940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:19:37.0218 3940 VgaSave - ok
16:19:37.0218 3940 ViaIde - ok
16:19:37.0218 3940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:19:37.0218 3940 VolSnap - ok
16:19:37.0250 3940 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:19:37.0250 3940 VSS - ok
16:19:37.0265 3940 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:19:37.0265 3940 W32Time - ok
16:19:37.0281 3940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:19:37.0281 3940 Wanarp - ok
16:19:37.0281 3940 WDICA - ok
16:19:37.0312 3940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:19:37.0312 3940 wdmaud - ok
16:19:37.0328 3940 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:19:37.0328 3940 WebClient - ok
16:19:37.0390 3940 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:19:37.0390 3940 winmgmt - ok
16:19:37.0421 3940 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:19:37.0421 3940 WmdmPmSN - ok
16:19:37.0468 3940 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:19:37.0484 3940 Wmi - ok
16:19:37.0515 3940 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:19:37.0515 3940 WmiApSrv - ok
16:19:37.0593 3940 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:19:37.0609 3940 WMPNetworkSvc - ok
16:19:37.0625 3940 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:19:37.0640 3940 wscsvc - ok
16:19:37.0671 3940 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:19:37.0687 3940 wuauserv - ok
16:19:37.0718 3940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:19:37.0718 3940 WudfPf - ok
16:19:37.0734 3940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:19:37.0750 3940 WudfRd - ok
16:19:37.0750 3940 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:19:37.0765 3940 WudfSvc - ok
16:19:37.0796 3940 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:19:37.0796 3940 WZCSVC - ok
16:19:37.0828 3940 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:19:37.0828 3940 xmlprov - ok
16:19:37.0828 3940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:19:38.0140 3940 \Device\Harddisk0\DR0 - ok
16:19:38.0140 3940 Boot (0x1200) (a44fa032e66bf7e38d74ff68b48dc0e2) \Device\Harddisk0\DR0\Partition0
16:19:38.0140 3940 \Device\Harddisk0\DR0\Partition0 - ok
16:19:38.0140 3940 ============================================================
16:19:38.0140 3940 Scan finished
16:19:38.0140 3940 ============================================================
16:19:38.0140 3932 Detected object count: 0
16:19:38.0140 3932 Actual detected object count: 0
16:20:39.0015 3860 Deinitialize success





+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++ GMER Log ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-19 17:06:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST31000520AS rev.CC32
Running: juotdrts.exe; Driver: C:\DOCUME~1\SCUBAD~1\LOCALS~1\Temp\kwldqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB6740004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB67400D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB673FD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB673FE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB673FEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB673FF56]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00634834
.text C:\Program Files\Mozilla Firefox\firefox.exe[1632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0155C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0178E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1632] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0178E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1632] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0178E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[3120] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B44834

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----





++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++ aswMBR log +++++++++++++++++++++++++++++++++++++++++++
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 17:32:04
-----------------------------
17:32:04.421 OS Version: Windows 5.1.2600 Service Pack 3
17:32:04.421 Number of processors: 4 586 0x203
17:32:04.421 ComputerName: ROE-A666C96F313 UserName: scubadiver
17:32:05.343 Initialize success
17:32:11.437 AVAST engine defs: 12061802
17:32:23.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:32:23.671 Disk 0 Vendor: ST31000520AS CC32 Size: 953869MB BusType: 3
17:32:23.671 Disk 0 MBR read successfully
17:32:23.687 Disk 0 MBR scan
17:32:23.703 Disk 0 Windows XP default MBR code
17:32:23.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
17:32:23.703 Disk 0 scanning sectors +976752000
17:32:23.750 Disk 0 scanning C:\WINDOWS\system32\drivers
17:32:28.875 Service scanning
17:32:36.296 Modules scanning
17:32:41.078 Disk 0 trace - called modules:
17:32:41.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
17:32:41.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a67fab8]
17:32:41.109 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a6b69e8]
17:32:41.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a649940]
17:32:42.234 AVAST engine scan C:\WINDOWS
17:32:57.000 AVAST engine scan C:\WINDOWS\system32
17:35:20.234 AVAST engine scan C:\WINDOWS\system32\drivers
17:35:50.593 AVAST engine scan C:\Documents and Settings\scubadiver
17:36:42.406 AVAST engine scan C:\Documents and Settings\All Users
17:37:10.640 Scan finished successfully
17:38:13.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\scubadiver\Desktop\MBR.dat"
17:38:13.046 The log file has been saved successfully to "C:\Documents and Settings\scubadiver\Desktop\aswMBR_061912_17.37.10.txt"
====================================================================================================================
It may or may not matter to you, Disk 0 is a SATA drive not an IDE drive as the aswMBR log says.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 AM

Posted 19 June 2012 - 07:17 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 LBQ

LBQ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:09 AM

Posted 19 June 2012 - 10:06 PM

I ONLY rebooted as you instructed.
MBAM came up clean (it has been coming up clean since yesterday).
===============
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
scubadiver :: ROE-A666C96F313 [administrator]

6/19/2012 7:44:03 PM
mbam-log-2012-06-19 (19-44-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257267
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===============================
===============================

I Did NOT remove these.
I DID get a Windows Popup asking for the Install CD so it could repair files. I Did NOT perform that as you had not mentioned it.

+++++++++++ ESET list of Files ++++++++++++++++
C:\WINDOWS\explorer.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\svchost.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\winlogon.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\dllcache\explorer.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined
C:\WINDOWS\system32\dllcache\svchost.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined
C:\WINDOWS\system32\dllcache\winlogon.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

********************** Minitoolbox **********************************
**********************************************************************
MiniToolBox by Farbar Version: 09-06-2012
Ran by scubadiver (administrator) on 19-06-2012 at 20:48:02
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : roe-a666c96f313

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.co.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.co.comcast.net.

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 44-87-FC-8D-53-CA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.57

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, June 19, 2012 7:35:21 PM

Lease Expires . . . . . . . . . . : Wednesday, June 20, 2012 7:35:21 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.225.101, 209.85.225.113, 209.85.225.102, 209.85.225.139
209.85.225.138, 209.85.225.100



Pinging google.com [173.194.33.32] with 32 bytes of data:



Reply from 173.194.33.32: bytes=32 time=73ms TTL=55

Reply from 173.194.33.32: bytes=32 time=46ms TTL=55



Ping statistics for 173.194.33.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 73ms, Average = 59ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=73ms TTL=52

Reply from 72.30.38.140: bytes=32 time=51ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 73ms, Average = 62ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...44 87 fc 8d 53 ca ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.57 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.57 192.168.0.57 20
192.168.0.57 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.57 192.168.0.57 20
224.0.0.0 240.0.0.0 192.168.0.57 192.168.0.57 20
255.255.255.255 255.255.255.255 192.168.0.57 192.168.0.57 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/19/2012 08:44:54 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/19/2012 08:44:51 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/19/2012 08:41:55 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/19/2012 08:41:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/19/2012 08:39:00 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/19/2012 08:38:54 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/19/2012 08:16:58 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/19/2012 08:16:54 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/19/2012 08:14:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/19/2012 08:06:57 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 12.0.0.4493, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (06/19/2012 06:00:18 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 05:53:45 PM) (Source: DCOM) (User: scubadiver)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/19/2012 05:53:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
Processor

Error: (06/19/2012 05:51:56 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 05:49:48 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 11:15:44 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 11:12:26 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 11:12:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
Processor

Error: (06/19/2012 11:09:57 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/19/2012 11:06:32 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgldx86
Avgmfx86
Avgtdix
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip


Microsoft Office Sessions:
=========================
Error: (06/19/2012 08:44:54 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/19/2012 08:44:51 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/19/2012 08:41:55 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/19/2012 08:41:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/19/2012 08:39:00 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/19/2012 08:38:54 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/19/2012 08:16:58 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/19/2012 08:16:54 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/19/2012 08:14:06 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/19/2012 08:06:57 PM) (Source: Application Hang)(User: )
Description: firefox.exe12.0.0.4493hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
CCleaner (Version: 3.19)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
ESET Online Scanner v3
Fax (Version: 120.0.194.000)
GPBaseService2 (Version: 120.0.194.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 12.0 (Version: 12.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 120.0.194.000)
HPSSupply (Version: 120.0.194.000)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 120.0.194.000)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.6050)
Scan (Version: 12.0.0.0)
Shop for HP Supplies (Version: 12)
SmartWebPrinting (Version: 120.0.194.000)
SolutionCenter (Version: 120.0.194.000)
Status (Version: 120.0.194.000)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 120.0.194.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 3327.23 MB
Available physical RAM: 2729.33 MB
Total Pagefile: 5211.45 MB
Available Pagefile: 4714.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:414.87 GB) NTFS

========================= Users: ========================================

User accounts for \\ROE-A666C96F313

Administrator Guest HelpAssistant
scubadiver SUPPORT_388945a0


**** End of log ****
*********************************************************************
*********************************************************************

The Machine is Still Running. Both browsers (IE8 and FF 12) "hang" after a couple pages of direct URL pastes.
I have copied the files to a Flash Stick and used another computer to post here.
Should I reboot ? Next Steps ?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 AM

Posted 20 June 2012 - 12:17 AM

C:\WINDOWS\explorer.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\svchost.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\winlogon.exe Win32/Patched.NBG.Gen trojan cleaned (after the next restart) - quarantined
C:\WINDOWS\system32\dllcache\explorer.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined
C:\WINDOWS\system32\dllcache\svchost.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined
C:\WINDOWS\system32\dllcache\winlogon.exe Win32/Patched.NBG.Gen trojan cleaned - quarantined


We need advanced tools here

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 20 June 2012 - 04:19 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic457678.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users