Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infection, I tried cleaning it myself but..


  • Please log in to reply
12 replies to this topic

#1 sirfaliq

sirfaliq

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 10:04 AM

Greetings all!

I am in the midst of helping a friend to cure her heavily infected ancient notebook. I am really tempted to give it a full format.
Spec:
Win XP Professional SP3 32bit
Intel Celeron 1.5GHz
256MB RAM
40GB HDD


Among the symptoms that I've noticed during my brief time with the notebook:
- IE cannot be launched, the path file error message will appear.
- NOD32 that was installed (but not regularly updated) broken, sometimes it's there sometimes it's gone. Even the GUI is messed up. Sometimes the msg "error communicating with kernel" will appear
- slowdown
- mobile broadband can connect but cannot assign IP
- cannot run msconfig
- programs launch really slow

Suspicious Items in the task manager (these don't appear in safe mode though)
dc.exe
Fun.exe
ping.exe
875286455:1211159755.exe
z.exe
ouc.exe
SVIQ.exe

What I've tried:
Boot into safe mode, run a full scan with the latest drwebcureit. It detected some malwares that I cannot remember..
*previously I also tried running MBAM but still no luck. *a while back I did try to clean it. Didn't scan again with MBAM this time though.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 PM

Posted 21 June 2012 - 10:19 AM

This looks like a old version of zero access rootkit

Copy these tools to infected PC

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options in scan results.Reboot the PC if it asks to

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


If you're able to connect to internet after tdsskiller scan ,run these tools


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 10:46 AM

TDSSkiller log:
23:35:39.0796 0692	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:35:39.0843 0692	============================================================
23:35:39.0843 0692	Current date / time: 2012/06/21 23:35:39.0843
23:35:39.0843 0692	SystemInfo:
23:35:39.0843 0692	
23:35:39.0843 0692	OS Version: 5.1.2600 ServicePack: 3.0
23:35:39.0843 0692	Product type: Workstation
23:35:39.0843 0692	ComputerName: HOME-B418E4491E
23:35:39.0843 0692	UserName: Anis
23:35:39.0843 0692	Windows directory: C:\WINDOWS
23:35:39.0843 0692	System windows directory: C:\WINDOWS
23:35:39.0843 0692	Processor architecture: Intel x86
23:35:39.0843 0692	Number of processors: 1
23:35:39.0843 0692	Page size: 0x1000
23:35:39.0843 0692	Boot type: Normal boot
23:35:39.0843 0692	============================================================
23:35:40.0781 0692	Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:40.0796 0692	Drive \Device\Harddisk1\DR5 - Size: 0x1D700000 (0.46 Gb), SectorSize: 0x200, Cylinders: 0x3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:35:40.0796 0692	============================================================
23:35:40.0796 0692	\Device\Harddisk0\DR0:
23:35:40.0796 0692	MBR partitions:
23:35:40.0796 0692	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
23:35:40.0812 0692	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x236FD8A
23:35:40.0812 0692	\Device\Harddisk1\DR5:
23:35:40.0812 0692	MBR partitions:
23:35:40.0812 0692	\Device\Harddisk1\DR5\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0xEB7C1
23:35:40.0812 0692	============================================================
23:35:41.0031 0692	C: <-> \Device\Harddisk0\DR0\Partition0
23:35:41.0109 0692	D: <-> \Device\Harddisk0\DR0\Partition1
23:35:41.0109 0692	============================================================
23:35:41.0109 0692	Initialize success
23:35:41.0109 0692	============================================================
23:35:56.0718 0856	============================================================
23:35:56.0718 0856	Scan started
23:35:56.0718 0856	Mode: Manual; TDLFS; 
23:35:56.0718 0856	============================================================
23:35:57.0000 0856	Abiosdsk - ok
23:35:57.0015 0856	abp480n5 - ok
23:35:57.0078 0856	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:57.0078 0856	ACPI - ok
23:35:57.0109 0856	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:35:57.0109 0856	ACPIEC - ok
23:35:57.0203 0856	Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:35:57.0203 0856	Adobe LM Service - ok
23:35:57.0234 0856	adpu160m - ok
23:35:57.0281 0856	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:35:57.0296 0856	aec - ok
23:35:57.0328 0856	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:35:57.0343 0856	AFD - ok
23:35:57.0359 0856	Aha154x - ok
23:35:57.0390 0856	aic78u2 - ok
23:35:57.0406 0856	aic78xx - ok
23:35:57.0562 0856	ALCXWDM         (292ce6f164008e825d71c07fd0265943) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:35:57.0656 0856	ALCXWDM - ok
23:35:57.0765 0856	Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:35:57.0765 0856	Alerter - ok
23:35:57.0812 0856	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:35:57.0812 0856	ALG - ok
23:35:57.0843 0856	AliIde - ok
23:35:57.0875 0856	amsint - ok
23:35:57.0921 0856	AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:35:57.0921 0856	AppMgmt - ok
23:35:57.0953 0856	asc - ok
23:35:57.0968 0856	asc3350p - ok
23:35:58.0000 0856	asc3550 - ok
23:35:58.0156 0856	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:35:58.0156 0856	aspnet_state - ok
23:35:58.0187 0856	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:58.0187 0856	AsyncMac - ok
23:35:58.0218 0856	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:58.0234 0856	atapi - ok
23:35:58.0265 0856	Atdisk - ok
23:35:58.0296 0856	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:58.0296 0856	Atmarpc - ok
23:35:58.0328 0856	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:35:58.0328 0856	AudioSrv - ok
23:35:58.0375 0856	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:58.0375 0856	audstub - ok
23:35:58.0437 0856	b7cf2b34        (7b28a7ecea090919de347be576b7a728) C:\WINDOWS\875286455:1211159755.exe
23:35:58.0453 0856	Suspicious file (Hidden): C:\WINDOWS\875286455:1211159755.exe. md5: 7b28a7ecea090919de347be576b7a728
23:35:58.0453 0856	b7cf2b34 ( Rootkit.Win32.PMax.gen ) - infected
23:35:58.0453 0856	b7cf2b34 - detected Rootkit.Win32.PMax.gen (0)
23:35:58.0515 0856	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:35:58.0515 0856	Beep - ok
23:35:58.0578 0856	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:35:58.0609 0856	BITS - ok
23:35:58.0656 0856	Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:35:58.0656 0856	Browser - ok
23:35:58.0687 0856	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:58.0687 0856	cbidf2k - ok
23:35:58.0718 0856	cd20xrnt - ok
23:35:58.0750 0856	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:58.0765 0856	Cdaudio - ok
23:35:58.0796 0856	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:58.0796 0856	Cdfs - ok
23:35:58.0843 0856	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:58.0843 0856	Cdrom - ok
23:35:58.0859 0856	Changer - ok
23:35:58.0921 0856	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:35:58.0921 0856	CiSvc - ok
23:35:58.0953 0856	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:35:58.0953 0856	ClipSrv - ok
23:35:59.0000 0856	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:59.0031 0856	clr_optimization_v2.0.50727_32 - ok
23:35:59.0093 0856	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:35:59.0093 0856	CmBatt - ok
23:35:59.0109 0856	CmdIde - ok
23:35:59.0140 0856	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:35:59.0140 0856	Compbatt - ok
23:35:59.0156 0856	COMSysApp - ok
23:35:59.0203 0856	Cpqarray - ok
23:35:59.0265 0856	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:35:59.0265 0856	CryptSvc - ok
23:35:59.0296 0856	dac2w2k - ok
23:35:59.0312 0856	dac960nt - ok
23:35:59.0375 0856	DcomLaunch      (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
23:35:59.0406 0856	DcomLaunch - ok
23:35:59.0453 0856	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:35:59.0453 0856	Dhcp - ok
23:35:59.0484 0856	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:59.0484 0856	Disk - ok
23:35:59.0515 0856	dmadmin - ok
23:35:59.0593 0856	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:35:59.0625 0856	dmboot - ok
23:35:59.0656 0856	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:35:59.0671 0856	dmio - ok
23:35:59.0703 0856	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:35:59.0703 0856	dmload - ok
23:35:59.0734 0856	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:35:59.0734 0856	dmserver - ok
23:35:59.0812 0856	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:35:59.0812 0856	DMusic - ok
23:35:59.0843 0856	Dnscache        (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
23:35:59.0843 0856	Dnscache - ok
23:35:59.0875 0856	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:35:59.0890 0856	Dot3svc - ok
23:35:59.0921 0856	dpti2o - ok
23:36:00.0093 0856	DragonUpdater   (83d9196507754931949be8864efd6914) C:\Program Files\Comodo\Dragon\dragon_updater.exe
23:36:00.0140 0856	DragonUpdater - ok
23:36:00.0187 0856	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:36:00.0187 0856	drmkaud - ok
23:36:00.0218 0856	dwshd - ok
23:36:00.0281 0856	eamon           (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:36:00.0296 0856	eamon - ok
23:36:00.0343 0856	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:36:00.0343 0856	EapHost - ok
23:36:00.0390 0856	ehdrv           (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:36:00.0406 0856	ehdrv - ok
23:36:00.0468 0856	EhttpSrv        (d83323d7cd5d1cc46b42da9e59409890) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
23:36:00.0468 0856	EhttpSrv - ok
23:36:00.0546 0856	ekrn            (efa198f8983d064a81052851f7bb80c2) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:36:00.0546 0856	Suspicious file (NoAccess): C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe. md5: efa198f8983d064a81052851f7bb80c2
23:36:00.0562 0856	ekrn ( LockedFile.Multi.Generic ) - warning
23:36:00.0562 0856	ekrn - detected LockedFile.Multi.Generic (1)
23:36:00.0593 0856	epfwtdir        (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:36:00.0609 0856	epfwtdir - ok
23:36:00.0640 0856	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:36:00.0656 0856	ERSvc - ok
23:36:00.0703 0856	Eventlog        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
23:36:00.0718 0856	Eventlog - ok
23:36:00.0765 0856	EventSystem     (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
23:36:00.0781 0856	EventSystem - ok
23:36:00.0828 0856	ewusbnet        (fb54f67974d13d73be3e2f1df042d295) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
23:36:00.0859 0856	ewusbnet - ok
23:36:00.0906 0856	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:36:00.0906 0856	Fastfat - ok
23:36:00.0984 0856	FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
23:36:01.0000 0856	FastUserSwitchingCompatibility - ok
23:36:01.0031 0856	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:36:01.0031 0856	Fdc - ok
23:36:01.0078 0856	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:36:01.0093 0856	Fips - ok
23:36:01.0109 0856	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:36:01.0125 0856	Flpydisk - ok
23:36:01.0140 0856	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:36:01.0156 0856	FltMgr - ok
23:36:01.0203 0856	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:36:01.0203 0856	Fs_Rec - ok
23:36:01.0234 0856	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:36:01.0234 0856	Ftdisk - ok
23:36:01.0296 0856	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:36:01.0296 0856	Gpc - ok
23:36:01.0343 0856	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:36:01.0343 0856	helpsvc - ok
23:36:01.0343 0856	HidServ - ok
23:36:01.0390 0856	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:36:01.0390 0856	HidUsb - ok
23:36:01.0453 0856	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:36:01.0453 0856	hkmsvc - ok
23:36:01.0468 0856	hpn - ok
23:36:01.0531 0856	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:36:01.0546 0856	HTTP - ok
23:36:01.0593 0856	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:36:01.0593 0856	HTTPFilter - ok
23:36:01.0640 0856	huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
23:36:01.0640 0856	huawei_enumerator - ok
23:36:01.0703 0856	hwdatacard      (b50e1d8627354ba8e4df83470f1272c8) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:36:01.0718 0856	hwdatacard - ok
23:36:01.0859 0856	HWDeviceService.exe (5ef3427ae503b5c03a48f7c9ff458b69) C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
23:36:01.0875 0856	HWDeviceService.exe - ok
23:36:01.0906 0856	hwusbdev - ok
23:36:01.0937 0856	i2omgmt - ok
23:36:01.0968 0856	i2omp - ok
23:36:02.0000 0856	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:36:02.0000 0856	i8042prt - ok
23:36:02.0109 0856	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:36:02.0125 0856	IDriverT - ok
23:36:02.0171 0856	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:36:02.0171 0856	Imapi - ok
23:36:02.0203 0856	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:36:02.0218 0856	ImapiService - ok
23:36:02.0265 0856	ini910u - ok
23:36:02.0296 0856	IntelIde - ok
23:36:02.0328 0856	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:36:02.0328 0856	intelppm - ok
23:36:02.0359 0856	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:36:02.0375 0856	Ip6Fw - ok
23:36:02.0421 0856	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:36:02.0421 0856	IpFilterDriver - ok
23:36:02.0437 0856	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:36:02.0453 0856	IpInIp - ok
23:36:02.0484 0856	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:36:02.0500 0856	IpNat - ok
23:36:02.0531 0856	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:36:02.0531 0856	IPSec - ok
23:36:02.0578 0856	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:36:02.0578 0856	IRENUM - ok
23:36:02.0625 0856	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:36:02.0625 0856	isapnp - ok
23:36:02.0734 0856	JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Program Files\Java\jre6\bin\jqs.exe
23:36:02.0750 0856	JavaQuickStarterService - ok
23:36:02.0796 0856	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:36:02.0796 0856	Kbdclass - ok
23:36:02.0843 0856	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:36:02.0859 0856	kmixer - ok
23:36:02.0906 0856	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
23:36:02.0906 0856	KSecDD - ok
23:36:02.0953 0856	LanmanServer    (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
23:36:02.0984 0856	LanmanServer - ok
23:36:03.0031 0856	lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
23:36:03.0031 0856	lanmanworkstation - ok
23:36:03.0062 0856	lbrtfdc - ok
23:36:03.0109 0856	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:36:03.0109 0856	LmHosts - ok
23:36:03.0140 0856	massfilter - ok
23:36:03.0171 0856	Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:36:03.0171 0856	Messenger - ok
23:36:03.0218 0856	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:36:03.0218 0856	mnmdd - ok
23:36:03.0250 0856	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:36:03.0250 0856	mnmsrvc - ok
23:36:03.0265 0856	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:36:03.0281 0856	Modem - ok
23:36:03.0312 0856	MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:36:03.0328 0856	MODEMCSA - ok
23:36:03.0375 0856	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:36:03.0390 0856	Mouclass - ok
23:36:03.0421 0856	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:36:03.0437 0856	mouhid - ok
23:36:03.0484 0856	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:36:03.0484 0856	MountMgr - ok
23:36:03.0515 0856	mraid35x - ok
23:36:03.0562 0856	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:36:03.0578 0856	MRxDAV - ok
23:36:03.0625 0856	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:36:03.0640 0856	MRxSmb - ok
23:36:03.0687 0856	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:36:03.0687 0856	MSDTC - ok
23:36:03.0734 0856	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:36:03.0734 0856	Msfs - ok
23:36:03.0750 0856	MSIServer - ok
23:36:03.0796 0856	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:36:03.0796 0856	MSKSSRV - ok
23:36:03.0859 0856	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:36:03.0859 0856	MSPCLOCK - ok
23:36:03.0875 0856	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:36:03.0875 0856	MSPQM - ok
23:36:03.0921 0856	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:36:03.0921 0856	mssmbios - ok
23:36:03.0968 0856	Mtlmnt5         (6433ec4bce450447c7947f6181a9e268) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
23:36:03.0984 0856	Mtlmnt5 - ok
23:36:04.0125 0856	Mtlstrm         (30b87862b93574a20d78e1ff63c88694) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
23:36:04.0187 0856	Mtlstrm - ok
23:36:04.0234 0856	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:36:04.0250 0856	Mup - ok
23:36:04.0328 0856	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:36:04.0343 0856	napagent - ok
23:36:04.0390 0856	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:36:04.0390 0856	NDIS - ok
23:36:04.0421 0856	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:36:04.0421 0856	NdisTapi - ok
23:36:04.0453 0856	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:36:04.0453 0856	Ndisuio - ok
23:36:04.0484 0856	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:36:04.0500 0856	NdisWan - ok
23:36:04.0531 0856	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:36:04.0531 0856	NDProxy - ok
23:36:04.0562 0856	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:36:04.0562 0856	NetBIOS - ok
23:36:04.0609 0856	NetBT           (c69adc9ea386be4fcbcd54c6c3d0b7f1) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:36:04.0625 0856	NetBT ( Virus.Win32.ZAccess.j ) - infected
23:36:04.0625 0856	NetBT - detected Virus.Win32.ZAccess.j (0)
23:36:04.0671 0856	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:36:04.0671 0856	NetDDE - ok
23:36:04.0703 0856	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:36:04.0703 0856	NetDDEdsdm - ok
23:36:04.0734 0856	Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:36:04.0750 0856	Netlogon - ok
23:36:04.0796 0856	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:36:04.0812 0856	Netman - ok
23:36:04.0843 0856	Nla             (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
23:36:04.0875 0856	Nla - ok
23:36:04.0968 0856	NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:36:04.0984 0856	NMIndexingService - ok
23:36:05.0062 0856	nmwcd           (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:36:05.0062 0856	nmwcd - ok
23:36:05.0109 0856	nmwcdc          (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:36:05.0109 0856	nmwcdc - ok
23:36:05.0156 0856	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:36:05.0156 0856	Npfs - ok
23:36:05.0218 0856	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:36:05.0250 0856	Ntfs - ok
23:36:05.0265 0856	NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:36:05.0265 0856	NtLmSsp - ok
23:36:05.0328 0856	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:36:05.0359 0856	NtmsSvc - ok
23:36:05.0406 0856	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:36:05.0406 0856	Null - ok
23:36:05.0437 0856	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:36:05.0437 0856	NwlnkFlt - ok
23:36:05.0453 0856	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:36:05.0453 0856	NwlnkFwd - ok
23:36:05.0515 0856	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:05.0531 0856	ose - ok
23:36:05.0578 0856	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:36:05.0593 0856	Parport - ok
23:36:05.0609 0856	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:36:05.0609 0856	PartMgr - ok
23:36:05.0656 0856	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:36:05.0656 0856	ParVdm - ok
23:36:05.0703 0856	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:36:05.0703 0856	pccsmcfd - ok
23:36:05.0750 0856	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:36:05.0750 0856	PCI - ok
23:36:05.0781 0856	PCIDump - ok
23:36:05.0828 0856	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:36:05.0828 0856	PCIIde - ok
23:36:05.0890 0856	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:36:05.0890 0856	Pcmcia - ok
23:36:05.0921 0856	PDCOMP - ok
23:36:05.0937 0856	PDFRAME - ok
23:36:05.0953 0856	PDRELI - ok
23:36:05.0984 0856	PDRFRAME - ok
23:36:06.0000 0856	perc2 - ok
23:36:06.0031 0856	perc2hib - ok
23:36:06.0109 0856	PlugPlay        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
23:36:06.0109 0856	PlugPlay - ok
23:36:06.0140 0856	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:36:06.0140 0856	PolicyAgent - ok
23:36:06.0171 0856	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:36:06.0171 0856	PptpMiniport - ok
23:36:06.0203 0856	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:36:06.0203 0856	ProtectedStorage - ok
23:36:06.0234 0856	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:36:06.0234 0856	PSched - ok
23:36:06.0296 0856	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:36:06.0296 0856	Ptilink - ok
23:36:06.0312 0856	ql1080 - ok
23:36:06.0328 0856	Ql10wnt - ok
23:36:06.0359 0856	ql12160 - ok
23:36:06.0375 0856	ql1240 - ok
23:36:06.0390 0856	ql1280 - ok
23:36:06.0421 0856	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:36:06.0437 0856	RasAcd - ok
23:36:06.0468 0856	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:36:06.0484 0856	RasAuto - ok
23:36:06.0515 0856	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:36:06.0515 0856	Rasl2tp - ok
23:36:06.0546 0856	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:36:06.0562 0856	RasMan - ok
23:36:06.0593 0856	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:36:06.0593 0856	RasPppoe - ok
23:36:06.0625 0856	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:36:06.0625 0856	Raspti - ok
23:36:06.0671 0856	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:36:06.0687 0856	Rdbss - ok
23:36:06.0703 0856	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:36:06.0703 0856	RDPCDD - ok
23:36:06.0765 0856	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:36:06.0781 0856	rdpdr - ok
23:36:06.0828 0856	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:36:06.0843 0856	RDPWD - ok
23:36:06.0875 0856	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:36:06.0875 0856	RDSessMgr - ok
23:36:06.0921 0856	RecAgent        (41315d97bb319bd5b5e1b367570e7b3c) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
23:36:06.0937 0856	RecAgent - ok
23:36:06.0953 0856	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:36:06.0953 0856	redbook - ok
23:36:07.0015 0856	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:36:07.0015 0856	RemoteAccess - ok
23:36:07.0062 0856	RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:36:07.0062 0856	RemoteRegistry - ok
23:36:07.0140 0856	RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:36:07.0140 0856	RpcLocator - ok
23:36:07.0187 0856	RpcSs           (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
23:36:07.0203 0856	RpcSs - ok
23:36:07.0250 0856	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:36:07.0265 0856	RSVP - ok
23:36:07.0312 0856	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:36:07.0312 0856	SamSs - ok
23:36:07.0343 0856	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:36:07.0343 0856	SCardSvr - ok
23:36:07.0390 0856	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:36:07.0406 0856	Schedule - ok
23:36:07.0437 0856	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:36:07.0437 0856	Secdrv - ok
23:36:07.0468 0856	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:36:07.0468 0856	seclogon - ok
23:36:07.0515 0856	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:36:07.0515 0856	SENS - ok
23:36:07.0578 0856	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:36:07.0578 0856	Serial - ok
23:36:07.0703 0856	ServiceLayer    (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:36:07.0718 0856	ServiceLayer - ok
23:36:07.0765 0856	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:36:07.0765 0856	Sfloppy - ok
23:36:07.0843 0856	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:36:07.0859 0856	SharedAccess - ok
23:36:07.0906 0856	ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
23:36:07.0906 0856	ShellHWDetection - ok
23:36:07.0937 0856	Simbad - ok
23:36:07.0984 0856	SiS315          (3891f6565fe7b93354aed9f4aeed6c9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
23:36:08.0015 0856	SiS315 - ok
23:36:08.0078 0856	SiSkp           (0ba03e859e27f751893faa93b743627a) C:\WINDOWS\system32\DRIVERS\srvkp.sys
23:36:08.0078 0856	SiSkp - ok
23:36:08.0109 0856	SISNIC          (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
23:36:08.0109 0856	SISNIC - ok
23:36:08.0187 0856	Slntamr         (3af1d1cf5053ee50fc675e4036929d18) C:\WINDOWS\system32\DRIVERS\slntamr.sys
23:36:08.0218 0856	Slntamr - ok
23:36:08.0265 0856	SlNtHal         (f06507086ff9bfdbcf3c5098a4848b5d) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
23:36:08.0265 0856	SlNtHal - ok
23:36:08.0296 0856	SlWdmSup        (cd4f4cee4481e11bda806a9366785a1d) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
23:36:08.0296 0856	SlWdmSup - ok
23:36:08.0328 0856	Sparrow - ok
23:36:08.0375 0856	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:36:08.0375 0856	splitter - ok
23:36:08.0421 0856	Spooler         (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
23:36:08.0421 0856	Spooler - ok
23:36:08.0468 0856	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:36:08.0468 0856	sr - ok
23:36:08.0500 0856	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:36:08.0515 0856	srservice - ok
23:36:08.0578 0856	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
23:36:08.0593 0856	Srv - ok
23:36:08.0625 0856	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:36:08.0625 0856	SSDPSRV - ok
23:36:08.0671 0856	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:36:08.0703 0856	stisvc - ok
23:36:08.0734 0856	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:36:08.0734 0856	swenum - ok
23:36:08.0781 0856	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:36:08.0781 0856	swmidi - ok
23:36:08.0796 0856	SwPrv - ok
23:36:08.0828 0856	symc810 - ok
23:36:08.0859 0856	symc8xx - ok
23:36:08.0875 0856	sym_hi - ok
23:36:08.0906 0856	sym_u3 - ok
23:36:08.0937 0856	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:36:08.0937 0856	sysaudio - ok
23:36:08.0968 0856	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:36:08.0984 0856	SysmonLog - ok
23:36:09.0031 0856	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:36:09.0062 0856	TapiSrv - ok
23:36:09.0109 0856	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:36:09.0156 0856	Tcpip - ok
23:36:09.0187 0856	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:36:09.0187 0856	TDPIPE - ok
23:36:09.0218 0856	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:36:09.0234 0856	TDTCP - ok
23:36:09.0265 0856	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:09.0265 0856	TermDD - ok
23:36:09.0328 0856	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:36:09.0343 0856	TermService - ok
23:36:09.0375 0856	Themes          (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
23:36:09.0390 0856	Themes - ok
23:36:09.0437 0856	TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:36:09.0437 0856	TlntSvr - ok
23:36:09.0468 0856	TosIde - ok
23:36:09.0500 0856	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:36:09.0515 0856	TrkWks - ok
23:36:09.0562 0856	uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:36:09.0562 0856	uagp35 - ok
23:36:09.0593 0856	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:36:09.0593 0856	Udfs - ok
23:36:09.0625 0856	ultra - ok
23:36:09.0671 0856	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:36:09.0687 0856	Update - ok
23:36:09.0718 0856	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:36:09.0750 0856	upnphost - ok
23:36:09.0781 0856	upperdev        (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:36:09.0796 0856	upperdev - ok
23:36:09.0828 0856	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:36:09.0843 0856	UPS - ok
23:36:09.0859 0856	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:09.0875 0856	usbccgp - ok
23:36:09.0906 0856	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:36:09.0906 0856	usbehci - ok
23:36:09.0953 0856	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:09.0953 0856	usbhub - ok
23:36:09.0984 0856	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:36:09.0984 0856	usbohci - ok
23:36:10.0062 0856	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:36:10.0062 0856	usbprint - ok
23:36:10.0109 0856	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:36:10.0109 0856	usbscan - ok
23:36:10.0156 0856	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
23:36:10.0156 0856	usbser - ok
23:36:10.0187 0856	UsbserFilt      (6410eebd6e0427466812858ee84c8467) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:36:10.0187 0856	UsbserFilt - ok
23:36:10.0218 0856	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:10.0234 0856	USBSTOR - ok
23:36:10.0265 0856	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:36:10.0265 0856	VgaSave - ok
23:36:10.0296 0856	ViaIde - ok
23:36:10.0343 0856	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:10.0343 0856	VolSnap - ok
23:36:10.0390 0856	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:36:10.0406 0856	VSS - ok
23:36:10.0453 0856	W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:36:10.0484 0856	W32Time - ok
23:36:10.0515 0856	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:10.0515 0856	Wanarp - ok
23:36:10.0593 0856	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:36:10.0625 0856	Wdf01000 - ok
23:36:10.0640 0856	WDICA - ok
23:36:10.0687 0856	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:10.0703 0856	wdmaud - ok
23:36:10.0734 0856	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:36:10.0734 0856	WebClient - ok
23:36:10.0828 0856	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:36:10.0843 0856	winmgmt - ok
23:36:10.0921 0856	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:36:10.0921 0856	WmdmPmSN - ok
23:36:10.0984 0856	Wmi             (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
23:36:11.0015 0856	Wmi - ok
23:36:11.0078 0856	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:36:11.0093 0856	WmiApSrv - ok
23:36:11.0250 0856	WMPNetworkSvc   (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:36:11.0296 0856	WMPNetworkSvc - ok
23:36:11.0359 0856	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:36:11.0359 0856	WpdUsb - ok
23:36:11.0406 0856	WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:36:11.0406 0856	WudfPf - ok
23:36:11.0437 0856	WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:36:11.0453 0856	WudfRd - ok
23:36:11.0500 0856	WudfSvc         (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
23:36:11.0500 0856	WudfSvc - ok
23:36:11.0578 0856	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:36:11.0640 0856	WZCSVC - ok
23:36:11.0671 0856	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:36:11.0703 0856	xmlprov - ok
23:36:11.0734 0856	ZTEusbmdm6k - ok
23:36:11.0750 0856	ZTEusbnmea - ok
23:36:11.0781 0856	ZTEusbser6k - ok
23:36:11.0781 0856	Suspicious service (NoAccess): zvggpwqox
23:36:11.0796 0856	zvggpwqox ( LockedService.Multi.Generic ) - warning
23:36:11.0796 0856	zvggpwqox - detected LockedService.Multi.Generic (1)
23:36:11.0828 0856	zxmuagqu1 - ok
23:36:11.0890 0856	MBR (0x1B8)     (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
23:36:11.0906 0856	\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
23:36:11.0906 0856	\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
23:36:11.0921 0856	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:36:11.0921 0856	\Device\Harddisk0\DR0 - detected TDSS File System (1)
23:36:11.0937 0856	MBR (0x1B8)     (6b127b4d56b1b3787d16cea542b51b26) \Device\Harddisk1\DR5
23:36:18.0046 0856	\Device\Harddisk1\DR5 - ok
23:36:18.0062 0856	Boot (0x1200)   (705523dfc7bb8b30c63c18af41e69df0) \Device\Harddisk0\DR0\Partition0
23:36:18.0062 0856	\Device\Harddisk0\DR0\Partition0 - ok
23:36:18.0093 0856	Boot (0x1200)   (f14f95bf0c7693de6b7387cc5cfcfeec) \Device\Harddisk0\DR0\Partition1
23:36:18.0093 0856	\Device\Harddisk0\DR0\Partition1 - ok
23:36:18.0109 0856	Boot (0x1200)   (22be747cc73c95bd622bf6c74acc1793) \Device\Harddisk1\DR5\Partition0
23:36:18.0109 0856	\Device\Harddisk1\DR5\Partition0 - ok
23:36:18.0125 0856	============================================================
23:36:18.0125 0856	Scan finished
23:36:18.0125 0856	============================================================
23:36:18.0156 1144	Detected object count: 6
23:36:18.0156 1144	Actual detected object count: 6
23:36:27.0203 1144	C:\WINDOWS\875286455:1211159755.exe - copied to quarantine
23:36:27.0218 1144	HKLM\SYSTEM\ControlSet002\services\b7cf2b34 - will be deleted on reboot
23:36:27.0234 1144	HKLM\SYSTEM\ControlSet003\services\b7cf2b34 - will be deleted on reboot
23:36:27.0296 1144	C:\WINDOWS\875286455:1211159755.exe - will be deleted on reboot
23:36:27.0296 1144	b7cf2b34 ( Rootkit.Win32.PMax.gen ) - User select action: Delete 
23:36:27.0312 1144	ekrn ( LockedFile.Multi.Generic ) - skipped by user
23:36:27.0312 1144	ekrn ( LockedFile.Multi.Generic ) - User select action: Skip 
23:36:27.0359 1144	C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
23:36:27.0390 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\@ - copied to quarantine
23:36:27.0421 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\bckfg.tmp - copied to quarantine
23:36:27.0437 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\cfg.ini - copied to quarantine
23:36:27.0453 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\Desktop.ini - copied to quarantine
23:36:27.0484 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\kwrd.dll - copied to quarantine
23:36:27.0515 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\L\dxdemcio - copied to quarantine
23:36:27.0546 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000001.@ - copied to quarantine
23:36:27.0593 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000002.@ - copied to quarantine
23:36:27.0640 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000004.@ - copied to quarantine
23:36:27.0656 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000000.@ - copied to quarantine
23:36:27.0671 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000004.@ - copied to quarantine
23:36:27.0703 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000032.@ - copied to quarantine
23:36:27.0781 1144	VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
23:36:34.0562 1144	Backup copy found, using it..
23:36:34.0593 1144	C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
23:36:35.0968 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\@ - will be deleted on reboot
23:36:35.0968 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\bckfg.tmp - will be deleted on reboot
23:36:35.0968 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\cfg.ini - will be deleted on reboot
23:36:35.0968 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\Desktop.ini - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\keywords - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\kwrd.dll - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000001.$ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000001.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000002.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\00000004.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000000.$ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000000.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000004.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000032.$ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3083807540\U\80000032.@ - will be deleted on reboot
23:36:36.0000 1144	C:\WINDOWS\$NtUninstallKB25348$\3605271805 - will be deleted on reboot
23:36:36.0000 1144	NetBT ( Virus.Win32.ZAccess.j ) - User select action: Cure 
23:36:36.0015 1144	zvggpwqox ( LockedService.Multi.Generic ) - skipped by user
23:36:36.0015 1144	zvggpwqox ( LockedService.Multi.Generic ) - User select action: Skip 
23:36:36.0812 1144	\Device\Harddisk0\DR0\# - copied to quarantine
23:36:36.0812 1144	\Device\Harddisk0\DR0 - copied to quarantine
23:36:36.0828 1144	\Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
23:36:36.0859 1144	\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
23:36:36.0890 1144	\Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
23:36:36.0906 1144	\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:36:36.0937 1144	\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:36:36.0937 1144	\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:36:36.0953 1144	\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:36:36.0953 1144	\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:36:36.0968 1144	\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:36:36.0984 1144	\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:36:36.0984 1144	\Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
23:36:37.0093 1144	\Device\Harddisk0\DR0\TDLFS\kwrd.dll - copied to quarantine
23:36:37.0140 1144	\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
23:36:37.0140 1144	\Device\Harddisk0\DR0 - ok
23:36:37.0171 1144	\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure 
23:36:37.0171 1144	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:36:37.0171 1144	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 


FARBAR SERVICE SCANNER LOG:
Farbar Service Scanner Version: 19-06-2012 01
Ran by Anis (administrator) on 21-06-2012 at 23:39:23
Running from "C:\Documents and Settings\Anis\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.
ProxyServer: http=127.0.0.1:49414


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-04-14 10:41] - [2008-04-14 10:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

BTW, I am not using the infected PC to go online, and the mobile broadband device is with my friend. I will go online with the infected PC right after this for the Avast and Eset scanners.

#4 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 10:56 AM

Avast scanner:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 23:52:11
-----------------------------
23:52:11.171    OS Version: Windows 5.1.2600 Service Pack 3
23:52:11.171    Number of processors: 1 586 0xD08
23:52:11.171    ComputerName: HOME-B418E4491E  UserName: Anis
23:52:12.000    Initialize success
23:52:22.437    AVAST engine download error: 0
23:52:43.531    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:52:43.531    Disk 0 Vendor: ST94813A 3.06 Size: 38154MB BusType: 3
23:52:43.562    Disk 0 MBR read successfully
23:52:43.562    Disk 0 MBR scan
23:52:43.578    Disk 0 Windows XP default MBR code
23:52:43.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        20002 MB offset 63
23:52:43.593    Disk 0 Partition - 00     0F Extended LBA             18143 MB offset 40965750
23:52:43.609    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        18143 MB offset 40965813
23:52:43.625    Disk 0 scanning sectors +78124095
23:52:43.687    Disk 0 scanning C:\WINDOWS\system32\drivers
23:52:48.250    Service scanning
23:52:57.656    Modules scanning
23:53:04.421    Disk 0 trace - called modules:
23:53:04.453    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
23:53:04.468    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81f2b030]
23:53:04.468    3 CLASSPNP.SYS[f9f7ffd7] -> nt!IofCallDriver -> \Device\00000072[0x81ef9d80]
23:53:04.484    5 ACPI.sys[f9dff620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81edfb58]
23:53:04.484    Scan finished successfully
23:53:21.359    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
23:53:21.390    The log file has been saved successfully to "E:\aswMBR.txt"


ESET Online scanner:
Failed. It says "Can not get update. Is proxy configured?"
Tried multiple times.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 PM

Posted 21 June 2012 - 12:46 PM

Restart the PC and run TDSSkiller once again and post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 01:13 PM

TDSS Killer:

02:01:24.0171 0368	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
02:01:24.0187 0368	============================================================
02:01:24.0187 0368	Current date / time: 2012/06/22 02:01:24.0187
02:01:24.0187 0368	SystemInfo:
02:01:24.0187 0368	
02:01:24.0187 0368	OS Version: 5.1.2600 ServicePack: 3.0
02:01:24.0187 0368	Product type: Workstation
02:01:24.0187 0368	ComputerName: HOME-B418E4491E
02:01:24.0187 0368	UserName: Anis
02:01:24.0187 0368	Windows directory: C:\WINDOWS
02:01:24.0187 0368	System windows directory: C:\WINDOWS
02:01:24.0187 0368	Processor architecture: Intel x86
02:01:24.0187 0368	Number of processors: 1
02:01:24.0187 0368	Page size: 0x1000
02:01:24.0187 0368	Boot type: Normal boot
02:01:24.0187 0368	============================================================
02:01:25.0421 0368	Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:01:25.0421 0368	============================================================
02:01:25.0421 0368	\Device\Harddisk0\DR0:
02:01:25.0421 0368	MBR partitions:
02:01:25.0421 0368	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
02:01:25.0437 0368	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x236FD8A
02:01:25.0437 0368	============================================================
02:01:25.0500 0368	C: <-> \Device\Harddisk0\DR0\Partition0
02:01:25.0593 0368	D: <-> \Device\Harddisk0\DR0\Partition1
02:01:25.0765 0368	============================================================
02:01:25.0765 0368	Initialize success
02:01:25.0765 0368	============================================================
02:01:32.0484 0392	============================================================
02:01:32.0484 0392	Scan started
02:01:32.0484 0392	Mode: Manual; TDLFS; 
02:01:32.0484 0392	============================================================
02:01:32.0687 0392	Abiosdsk - ok
02:01:32.0703 0392	abp480n5 - ok
02:01:32.0765 0392	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:01:32.0781 0392	ACPI - ok
02:01:32.0828 0392	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:01:32.0828 0392	ACPIEC - ok
02:01:32.0906 0392	Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:01:32.0921 0392	Adobe LM Service - ok
02:01:32.0937 0392	adpu160m - ok
02:01:33.0031 0392	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:01:33.0046 0392	aec - ok
02:01:33.0093 0392	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
02:01:33.0125 0392	AFD - ok
02:01:33.0156 0392	Aha154x - ok
02:01:33.0187 0392	aic78u2 - ok
02:01:33.0203 0392	aic78xx - ok
02:01:33.0453 0392	ALCXWDM         (292ce6f164008e825d71c07fd0265943) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:01:33.0609 0392	ALCXWDM - ok
02:01:33.0765 0392	Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
02:01:33.0765 0392	Alerter - ok
02:01:33.0796 0392	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
02:01:33.0796 0392	ALG - ok
02:01:33.0843 0392	AliIde - ok
02:01:33.0890 0392	amsint - ok
02:01:33.0937 0392	AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
02:01:33.0953 0392	AppMgmt - ok
02:01:33.0968 0392	asc - ok
02:01:33.0984 0392	asc3350p - ok
02:01:34.0015 0392	asc3550 - ok
02:01:34.0156 0392	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:01:34.0156 0392	aspnet_state - ok
02:01:34.0203 0392	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:01:34.0203 0392	AsyncMac - ok
02:01:34.0234 0392	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:01:34.0250 0392	atapi - ok
02:01:34.0265 0392	Atdisk - ok
02:01:34.0296 0392	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:01:34.0296 0392	Atmarpc - ok
02:01:34.0343 0392	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
02:01:34.0343 0392	AudioSrv - ok
02:01:34.0390 0392	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:01:34.0390 0392	audstub - ok
02:01:34.0453 0392	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:01:34.0453 0392	Beep - ok
02:01:34.0515 0392	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
02:01:34.0578 0392	BITS - ok
02:01:34.0625 0392	Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
02:01:34.0625 0392	Browser - ok
02:01:34.0671 0392	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:01:34.0671 0392	cbidf2k - ok
02:01:34.0687 0392	cd20xrnt - ok
02:01:34.0718 0392	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:01:34.0718 0392	Cdaudio - ok
02:01:34.0750 0392	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:01:34.0765 0392	Cdfs - ok
02:01:34.0812 0392	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:01:34.0812 0392	Cdrom - ok
02:01:34.0843 0392	Changer - ok
02:01:34.0875 0392	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
02:01:34.0875 0392	CiSvc - ok
02:01:34.0906 0392	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
02:01:34.0906 0392	ClipSrv - ok
02:01:34.0953 0392	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:01:34.0984 0392	clr_optimization_v2.0.50727_32 - ok
02:01:35.0031 0392	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:01:35.0031 0392	CmBatt - ok
02:01:35.0046 0392	CmdIde - ok
02:01:35.0093 0392	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:01:35.0093 0392	Compbatt - ok
02:01:35.0109 0392	COMSysApp - ok
02:01:35.0156 0392	Cpqarray - ok
02:01:35.0218 0392	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
02:01:35.0218 0392	CryptSvc - ok
02:01:35.0234 0392	dac2w2k - ok
02:01:35.0250 0392	dac960nt - ok
02:01:35.0328 0392	DcomLaunch      (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
02:01:35.0359 0392	DcomLaunch - ok
02:01:35.0406 0392	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
02:01:35.0421 0392	Dhcp - ok
02:01:35.0437 0392	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:01:35.0453 0392	Disk - ok
02:01:35.0453 0392	dmadmin - ok
02:01:35.0546 0392	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:01:35.0578 0392	dmboot - ok
02:01:35.0609 0392	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:01:35.0625 0392	dmio - ok
02:01:35.0671 0392	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:01:35.0671 0392	dmload - ok
02:01:35.0718 0392	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
02:01:35.0718 0392	dmserver - ok
02:01:35.0765 0392	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:01:35.0765 0392	DMusic - ok
02:01:35.0781 0392	Dnscache        (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
02:01:35.0796 0392	Dnscache - ok
02:01:35.0828 0392	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
02:01:35.0843 0392	Dot3svc - ok
02:01:35.0859 0392	dpti2o - ok
02:01:36.0031 0392	DragonUpdater   (83d9196507754931949be8864efd6914) C:\Program Files\Comodo\Dragon\dragon_updater.exe
02:01:36.0078 0392	DragonUpdater - ok
02:01:36.0125 0392	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:01:36.0125 0392	drmkaud - ok
02:01:36.0140 0392	dwshd - ok
02:01:36.0187 0392	eamon           (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
02:01:36.0203 0392	eamon - ok
02:01:36.0250 0392	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
02:01:36.0250 0392	EapHost - ok
02:01:36.0265 0392	ehdrv           (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:01:36.0281 0392	ehdrv - ok
02:01:36.0328 0392	EhttpSrv        (d83323d7cd5d1cc46b42da9e59409890) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
02:01:36.0328 0392	EhttpSrv - ok
02:01:36.0437 0392	ekrn            (efa198f8983d064a81052851f7bb80c2) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
02:01:36.0453 0392	Suspicious file (NoAccess): C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe. md5: efa198f8983d064a81052851f7bb80c2
02:01:36.0453 0392	ekrn ( LockedFile.Multi.Generic ) - warning
02:01:36.0453 0392	ekrn - detected LockedFile.Multi.Generic (1)
02:01:36.0515 0392	epfwtdir        (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
02:01:36.0531 0392	epfwtdir - ok
02:01:36.0562 0392	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
02:01:36.0562 0392	ERSvc - ok
02:01:36.0625 0392	Eventlog        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
02:01:36.0640 0392	Eventlog - ok
02:01:36.0687 0392	EventSystem     (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
02:01:36.0703 0392	EventSystem - ok
02:01:36.0765 0392	ewusbnet        (fb54f67974d13d73be3e2f1df042d295) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
02:01:36.0781 0392	ewusbnet - ok
02:01:36.0906 0392	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:01:36.0906 0392	Fastfat - ok
02:01:36.0953 0392	FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
02:01:36.0968 0392	FastUserSwitchingCompatibility - ok
02:01:37.0000 0392	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:01:37.0000 0392	Fdc - ok
02:01:37.0031 0392	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:01:37.0031 0392	Fips - ok
02:01:37.0218 0392	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:01:37.0218 0392	Flpydisk - ok
02:01:37.0265 0392	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:01:37.0281 0392	FltMgr - ok
02:01:37.0343 0392	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:01:37.0343 0392	Fs_Rec - ok
02:01:37.0421 0392	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:01:37.0421 0392	Ftdisk - ok
02:01:37.0468 0392	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:01:37.0468 0392	Gpc - ok
02:01:37.0562 0392	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:01:37.0578 0392	helpsvc - ok
02:01:37.0593 0392	HidServ - ok
02:01:37.0625 0392	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:01:37.0625 0392	HidUsb - ok
02:01:37.0671 0392	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
02:01:37.0687 0392	hkmsvc - ok
02:01:37.0703 0392	hpn - ok
02:01:37.0812 0392	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
02:01:37.0828 0392	HTTP - ok
02:01:37.0859 0392	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
02:01:37.0859 0392	HTTPFilter - ok
02:01:37.0906 0392	huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
02:01:37.0921 0392	huawei_enumerator - ok
02:01:38.0031 0392	hwdatacard      (b50e1d8627354ba8e4df83470f1272c8) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
02:01:38.0046 0392	hwdatacard - ok
02:01:38.0171 0392	HWDeviceService.exe (5ef3427ae503b5c03a48f7c9ff458b69) C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
02:01:38.0203 0392	HWDeviceService.exe - ok
02:01:38.0234 0392	hwusbdev - ok
02:01:38.0265 0392	i2omgmt - ok
02:01:38.0296 0392	i2omp - ok
02:01:38.0343 0392	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:01:38.0343 0392	i8042prt - ok
02:01:38.0437 0392	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:01:38.0437 0392	IDriverT - ok
02:01:38.0500 0392	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:01:38.0500 0392	Imapi - ok
02:01:38.0531 0392	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
02:01:38.0531 0392	ImapiService - ok
02:01:38.0562 0392	ini910u - ok
02:01:38.0593 0392	IntelIde - ok
02:01:38.0625 0392	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:01:38.0625 0392	intelppm - ok
02:01:38.0656 0392	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:01:38.0656 0392	Ip6Fw - ok
02:01:38.0718 0392	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:01:38.0718 0392	IpFilterDriver - ok
02:01:38.0781 0392	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:01:38.0781 0392	IpInIp - ok
02:01:38.0828 0392	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:01:38.0843 0392	IpNat - ok
02:01:38.0859 0392	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:01:38.0875 0392	IPSec - ok
02:01:38.0906 0392	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:01:38.0906 0392	IRENUM - ok
02:01:38.0937 0392	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:01:38.0937 0392	isapnp - ok
02:01:39.0046 0392	JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Program Files\Java\jre6\bin\jqs.exe
02:01:39.0062 0392	JavaQuickStarterService - ok
02:01:39.0109 0392	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:01:39.0109 0392	Kbdclass - ok
02:01:39.0140 0392	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:01:39.0156 0392	kmixer - ok
02:01:39.0218 0392	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
02:01:39.0234 0392	KSecDD - ok
02:01:39.0281 0392	LanmanServer    (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
02:01:39.0281 0392	LanmanServer - ok
02:01:39.0328 0392	lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
02:01:39.0328 0392	lanmanworkstation - ok
02:01:39.0359 0392	lbrtfdc - ok
02:01:39.0406 0392	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
02:01:39.0406 0392	LmHosts - ok
02:01:39.0437 0392	massfilter - ok
02:01:39.0468 0392	Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
02:01:39.0468 0392	Messenger - ok
02:01:39.0515 0392	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:01:39.0515 0392	mnmdd - ok
02:01:39.0546 0392	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
02:01:39.0546 0392	mnmsrvc - ok
02:01:39.0578 0392	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:01:39.0578 0392	Modem - ok
02:01:39.0625 0392	MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:01:39.0625 0392	MODEMCSA - ok
02:01:39.0671 0392	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:01:39.0671 0392	Mouclass - ok
02:01:39.0718 0392	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:01:39.0718 0392	mouhid - ok
02:01:39.0750 0392	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:01:39.0750 0392	MountMgr - ok
02:01:39.0781 0392	mraid35x - ok
02:01:39.0812 0392	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:01:39.0828 0392	MRxDAV - ok
02:01:39.0875 0392	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:01:39.0906 0392	MRxSmb - ok
02:01:39.0953 0392	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
02:01:39.0953 0392	MSDTC - ok
02:01:39.0968 0392	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:01:39.0984 0392	Msfs - ok
02:01:40.0031 0392	MSIServer - ok
02:01:40.0078 0392	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:01:40.0078 0392	MSKSSRV - ok
02:01:40.0109 0392	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:01:40.0109 0392	MSPCLOCK - ok
02:01:40.0140 0392	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:01:40.0140 0392	MSPQM - ok
02:01:40.0187 0392	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:01:40.0187 0392	mssmbios - ok
02:01:40.0234 0392	Mtlmnt5         (6433ec4bce450447c7947f6181a9e268) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
02:01:40.0250 0392	Mtlmnt5 - ok
02:01:40.0343 0392	Mtlstrm         (30b87862b93574a20d78e1ff63c88694) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
02:01:40.0406 0392	Mtlstrm - ok
02:01:40.0468 0392	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
02:01:40.0468 0392	Mup - ok
02:01:40.0546 0392	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
02:01:40.0562 0392	napagent - ok
02:01:40.0593 0392	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:01:40.0609 0392	NDIS - ok
02:01:40.0656 0392	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:01:40.0656 0392	NdisTapi - ok
02:01:40.0703 0392	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:01:40.0703 0392	Ndisuio - ok
02:01:40.0734 0392	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:01:40.0750 0392	NdisWan - ok
02:01:40.0781 0392	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
02:01:40.0781 0392	NDProxy - ok
02:01:40.0828 0392	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:01:40.0828 0392	NetBIOS - ok
02:01:40.0875 0392	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:01:40.0890 0392	NetBT - ok
02:01:40.0921 0392	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:01:40.0937 0392	NetDDE - ok
02:01:40.0953 0392	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:01:40.0953 0392	NetDDEdsdm - ok
02:01:40.0984 0392	Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:01:40.0984 0392	Netlogon - ok
02:01:41.0078 0392	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
02:01:41.0093 0392	Netman - ok
02:01:41.0140 0392	Nla             (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
02:01:41.0156 0392	Nla - ok
02:01:41.0296 0392	NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
02:01:41.0312 0392	NMIndexingService - ok
02:01:41.0406 0392	nmwcd           (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
02:01:41.0406 0392	nmwcd - ok
02:01:41.0453 0392	nmwcdc          (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
02:01:41.0453 0392	nmwcdc - ok
02:01:41.0546 0392	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:01:41.0546 0392	Npfs - ok
02:01:41.0593 0392	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:01:41.0609 0392	Ntfs - ok
02:01:41.0640 0392	NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:01:41.0640 0392	NtLmSsp - ok
02:01:41.0703 0392	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
02:01:41.0796 0392	NtmsSvc - ok
02:01:41.0843 0392	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:01:41.0843 0392	Null - ok
02:01:41.0875 0392	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:01:41.0875 0392	NwlnkFlt - ok
02:01:41.0906 0392	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:01:41.0906 0392	NwlnkFwd - ok
02:01:42.0046 0392	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:01:42.0046 0392	ose - ok
02:01:42.0109 0392	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
02:01:42.0125 0392	Parport - ok
02:01:42.0140 0392	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:01:42.0140 0392	PartMgr - ok
02:01:42.0203 0392	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:01:42.0203 0392	ParVdm - ok
02:01:42.0250 0392	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
02:01:42.0250 0392	pccsmcfd - ok
02:01:42.0312 0392	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:01:42.0312 0392	PCI - ok
02:01:42.0328 0392	PCIDump - ok
02:01:42.0375 0392	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:01:42.0375 0392	PCIIde - ok
02:01:42.0421 0392	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
02:01:42.0421 0392	Pcmcia - ok
02:01:42.0437 0392	PDCOMP - ok
02:01:42.0468 0392	PDFRAME - ok
02:01:42.0484 0392	PDRELI - ok
02:01:42.0515 0392	PDRFRAME - ok
02:01:42.0531 0392	perc2 - ok
02:01:42.0562 0392	perc2hib - ok
02:01:42.0640 0392	PlugPlay        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
02:01:42.0640 0392	PlugPlay - ok
02:01:42.0656 0392	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:01:42.0656 0392	PolicyAgent - ok
02:01:42.0703 0392	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:01:42.0703 0392	PptpMiniport - ok
02:01:42.0718 0392	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:01:42.0718 0392	ProtectedStorage - ok
02:01:42.0765 0392	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:01:42.0765 0392	PSched - ok
02:01:42.0796 0392	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:01:42.0796 0392	Ptilink - ok
02:01:42.0812 0392	ql1080 - ok
02:01:42.0843 0392	Ql10wnt - ok
02:01:42.0859 0392	ql12160 - ok
02:01:42.0890 0392	ql1240 - ok
02:01:42.0906 0392	ql1280 - ok
02:01:42.0921 0392	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:01:42.0921 0392	RasAcd - ok
02:01:42.0968 0392	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
02:01:42.0984 0392	RasAuto - ok
02:01:43.0015 0392	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:01:43.0015 0392	Rasl2tp - ok
02:01:43.0062 0392	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
02:01:43.0078 0392	RasMan - ok
02:01:43.0125 0392	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:01:43.0125 0392	RasPppoe - ok
02:01:43.0156 0392	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:01:43.0156 0392	Raspti - ok
02:01:43.0218 0392	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:01:43.0234 0392	Rdbss - ok
02:01:43.0234 0392	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:01:43.0250 0392	RDPCDD - ok
02:01:43.0296 0392	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:01:43.0296 0392	rdpdr - ok
02:01:43.0343 0392	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
02:01:43.0359 0392	RDPWD - ok
02:01:43.0390 0392	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
02:01:43.0406 0392	RDSessMgr - ok
02:01:43.0453 0392	RecAgent        (41315d97bb319bd5b5e1b367570e7b3c) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
02:01:43.0453 0392	RecAgent - ok
02:01:43.0468 0392	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:01:43.0484 0392	redbook - ok
02:01:43.0515 0392	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
02:01:43.0515 0392	RemoteAccess - ok
02:01:43.0578 0392	RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
02:01:43.0578 0392	RemoteRegistry - ok
02:01:43.0625 0392	RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
02:01:43.0625 0392	RpcLocator - ok
02:01:43.0703 0392	RpcSs           (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
02:01:43.0718 0392	RpcSs - ok
02:01:43.0765 0392	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
02:01:43.0796 0392	RSVP - ok
02:01:43.0843 0392	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:01:43.0843 0392	SamSs - ok
02:01:43.0906 0392	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
02:01:43.0906 0392	SCardSvr - ok
02:01:43.0968 0392	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
02:01:43.0984 0392	Schedule - ok
02:01:44.0031 0392	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:01:44.0031 0392	Secdrv - ok
02:01:44.0078 0392	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
02:01:44.0109 0392	seclogon - ok
02:01:44.0140 0392	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
02:01:44.0140 0392	SENS - ok
02:01:44.0171 0392	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
02:01:44.0171 0392	Serial - ok
02:01:44.0312 0392	ServiceLayer    (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
02:01:44.0328 0392	ServiceLayer - ok
02:01:44.0359 0392	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
02:01:44.0359 0392	Sfloppy - ok
02:01:44.0421 0392	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
02:01:44.0437 0392	SharedAccess - ok
02:01:44.0484 0392	ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
02:01:44.0484 0392	ShellHWDetection - ok
02:01:44.0500 0392	Simbad - ok
02:01:44.0562 0392	SiS315          (3891f6565fe7b93354aed9f4aeed6c9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
02:01:44.0593 0392	SiS315 - ok
02:01:44.0625 0392	SiSkp           (0ba03e859e27f751893faa93b743627a) C:\WINDOWS\system32\DRIVERS\srvkp.sys
02:01:44.0640 0392	SiSkp - ok
02:01:44.0656 0392	SISNIC          (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
02:01:44.0656 0392	SISNIC - ok
02:01:44.0734 0392	Slntamr         (3af1d1cf5053ee50fc675e4036929d18) C:\WINDOWS\system32\DRIVERS\slntamr.sys
02:01:44.0765 0392	Slntamr - ok
02:01:44.0828 0392	SlNtHal         (f06507086ff9bfdbcf3c5098a4848b5d) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
02:01:44.0828 0392	SlNtHal - ok
02:01:44.0843 0392	SlWdmSup        (cd4f4cee4481e11bda806a9366785a1d) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
02:01:44.0843 0392	SlWdmSup - ok
02:01:44.0875 0392	Sparrow - ok
02:01:44.0906 0392	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:01:44.0921 0392	splitter - ok
02:01:44.0953 0392	Spooler         (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
02:01:44.0968 0392	Spooler - ok
02:01:45.0015 0392	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:01:45.0015 0392	sr - ok
02:01:45.0046 0392	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
02:01:45.0062 0392	srservice - ok
02:01:45.0125 0392	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
02:01:45.0140 0392	Srv - ok
02:01:45.0171 0392	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
02:01:45.0171 0392	SSDPSRV - ok
02:01:45.0281 0392	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
02:01:45.0296 0392	stisvc - ok
02:01:45.0328 0392	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:01:45.0328 0392	swenum - ok
02:01:45.0375 0392	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:01:45.0375 0392	swmidi - ok
02:01:45.0406 0392	SwPrv - ok
02:01:45.0421 0392	symc810 - ok
02:01:45.0453 0392	symc8xx - ok
02:01:45.0468 0392	sym_hi - ok
02:01:45.0484 0392	sym_u3 - ok
02:01:45.0531 0392	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:01:45.0531 0392	sysaudio - ok
02:01:45.0593 0392	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
02:01:45.0609 0392	SysmonLog - ok
02:01:45.0687 0392	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
02:01:45.0734 0392	TapiSrv - ok
02:01:45.0812 0392	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:01:45.0828 0392	Tcpip - ok
02:01:45.0875 0392	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:01:45.0875 0392	TDPIPE - ok
02:01:45.0906 0392	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:01:45.0906 0392	TDTCP - ok
02:01:45.0968 0392	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:01:46.0000 0392	TermDD - ok
02:01:46.0046 0392	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
02:01:46.0062 0392	TermService - ok
02:01:46.0156 0392	Themes          (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
02:01:46.0156 0392	Themes - ok
02:01:46.0265 0392	TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
02:01:46.0281 0392	TlntSvr - ok
02:01:46.0296 0392	TosIde - ok
02:01:46.0437 0392	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
02:01:46.0468 0392	TrkWks - ok
02:01:46.0546 0392	uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
02:01:46.0546 0392	uagp35 - ok
02:01:46.0562 0392	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:01:46.0578 0392	Udfs - ok
02:01:46.0593 0392	ultra - ok
02:01:46.0671 0392	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:01:46.0687 0392	Update - ok
02:01:46.0750 0392	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
02:01:46.0765 0392	upnphost - ok
02:01:46.0812 0392	upperdev        (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
02:01:46.0812 0392	upperdev - ok
02:01:46.0859 0392	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
02:01:46.0859 0392	UPS - ok
02:01:46.0921 0392	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:01:46.0921 0392	usbccgp - ok
02:01:46.0968 0392	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:01:46.0968 0392	usbehci - ok
02:01:47.0000 0392	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:01:47.0000 0392	usbhub - ok
02:01:47.0046 0392	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:01:47.0046 0392	usbohci - ok
02:01:47.0125 0392	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:01:47.0125 0392	usbprint - ok
02:01:47.0187 0392	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:01:47.0187 0392	usbscan - ok
02:01:47.0218 0392	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
02:01:47.0234 0392	usbser - ok
02:01:47.0250 0392	UsbserFilt      (6410eebd6e0427466812858ee84c8467) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
02:01:47.0250 0392	UsbserFilt - ok
02:01:47.0281 0392	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:01:47.0296 0392	USBSTOR - ok
02:01:47.0328 0392	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:01:47.0328 0392	VgaSave - ok
02:01:47.0359 0392	ViaIde - ok
02:01:47.0421 0392	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:01:47.0421 0392	VolSnap - ok
02:01:47.0468 0392	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
02:01:47.0484 0392	VSS - ok
02:01:47.0531 0392	W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
02:01:47.0562 0392	W32Time - ok
02:01:47.0609 0392	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:01:47.0609 0392	Wanarp - ok
02:01:47.0687 0392	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
02:01:47.0718 0392	Wdf01000 - ok
02:01:47.0734 0392	WDICA - ok
02:01:47.0781 0392	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:01:47.0781 0392	wdmaud - ok
02:01:47.0859 0392	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
02:01:47.0859 0392	WebClient - ok
02:01:47.0953 0392	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:01:47.0968 0392	winmgmt - ok
02:01:48.0046 0392	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:01:48.0046 0392	WmdmPmSN - ok
02:01:48.0125 0392	Wmi             (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
02:01:48.0156 0392	Wmi - ok
02:01:48.0203 0392	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:01:48.0218 0392	WmiApSrv - ok
02:01:48.0359 0392	WMPNetworkSvc   (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:01:48.0406 0392	WMPNetworkSvc - ok
02:01:48.0453 0392	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:01:48.0468 0392	WpdUsb - ok
02:01:48.0515 0392	WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:01:48.0531 0392	WudfPf - ok
02:01:48.0562 0392	WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:01:48.0578 0392	WudfRd - ok
02:01:48.0609 0392	WudfSvc         (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
02:01:48.0625 0392	WudfSvc - ok
02:01:48.0703 0392	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
02:01:48.0734 0392	WZCSVC - ok
02:01:48.0781 0392	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
02:01:48.0812 0392	xmlprov - ok
02:01:48.0843 0392	ZTEusbmdm6k - ok
02:01:48.0875 0392	ZTEusbnmea - ok
02:01:48.0890 0392	ZTEusbser6k - ok
02:01:48.0906 0392	Suspicious service (NoAccess): zvggpwqox
02:01:48.0968 0392	zvggpwqox ( LockedService.Multi.Generic ) - warning
02:01:48.0968 0392	zvggpwqox - detected LockedService.Multi.Generic (1)
02:01:49.0000 0392	zxmuagqu1 - ok
02:01:49.0046 0392	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:01:49.0609 0392	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:01:49.0609 0392	\Device\Harddisk0\DR0 - detected TDSS File System (1)
02:01:49.0625 0392	Boot (0x1200)   (705523dfc7bb8b30c63c18af41e69df0) \Device\Harddisk0\DR0\Partition0
02:01:49.0625 0392	\Device\Harddisk0\DR0\Partition0 - ok
02:01:49.0656 0392	Boot (0x1200)   (f14f95bf0c7693de6b7387cc5cfcfeec) \Device\Harddisk0\DR0\Partition1
02:01:49.0656 0392	\Device\Harddisk0\DR0\Partition1 - ok
02:01:49.0656 0392	============================================================
02:01:49.0656 0392	Scan finished
02:01:49.0656 0392	============================================================
02:01:49.0703 0384	Detected object count: 3
02:01:49.0703 0384	Actual detected object count: 3
02:02:52.0250 0384	ekrn ( LockedFile.Multi.Generic ) - skipped by user
02:02:52.0250 0384	ekrn ( LockedFile.Multi.Generic ) - User select action: Skip 
02:02:52.0265 0384	zvggpwqox ( LockedService.Multi.Generic ) - skipped by user
02:02:52.0265 0384	zvggpwqox ( LockedService.Multi.Generic ) - User select action: Skip 
02:02:52.0265 0384	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
02:02:52.0281 0384	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
02:03:27.0375 0364	Deinitialize success

From task manager I can still see some of the suspicious objects mentioned earlier. After this scan, I removed the broken NOD32 by using AppRemover; I got annoyed by the constant 'error communicating to kernel'. Gonna run MBAM and mini toolbox now.

#7 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 08:53 PM

Log is too long.
MBAM FULL SCAN
http://justpaste.it/12i8

MBAM QUICK SCAN
http://justpaste.it/12i9

MINI TOOLBOX:
MiniToolBox by Farbar  Version: 09-06-2012
Ran by Anis (administrator) on 22-06-2012 at 09:33:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ============================== 

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

SiS 900-Based PCI Fast Ethernet Adapter = Local Area Connection (Media disconnected)


# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.0.123 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.0.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=8.26.56.26 register=PRIMARY
add dns name="Local Area Connection" addr=156.154.70.22 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : home-b418e4491e

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

        Physical Address. . . . . . . . . : 00-90-F5-53-42-98

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 90 f5 53 42 98 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
  255.255.255.255  255.255.255.255  255.255.255.255           10003	  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/22/2012 09:08:40 AM) (Source: MsiInstaller) (User: Anis)Anis
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/22/2012 02:12:45 AM) (Source: MsiInstaller) (User: Anis)Anis
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/21/2012 10:49:59 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (06/21/2012 10:29:06 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (06/21/2012 09:05:09 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/21/2012 09:05:09 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/29/2011 01:40:39 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shlwapi.dll, version 6.0.2900.5512, fault address 0x00008342.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/25/2011 07:22:02 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/25/2011 07:21:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (11/28/2011 00:38:12 AM) (Source: Chrome) (User: Anis)Anis
Description: Chrome has encountered a fatal error.
ver=15.0.874.121;is_machine=0;minidump=C:\Documents and Settings\Anis\Local Settings\Application Data\Google\CrashReports\21183ccf-ade4-4613-8b31-cca46115dea5.dmp


System errors:
=============
Error: (06/22/2012 09:08:42 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5

Error: (06/22/2012 09:08:38 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5

Error: (06/22/2012 09:08:31 AM) (Source: Service Control Manager) (User: )
Description: The zvggpwqox Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (06/22/2012 09:08:31 AM) (Source: Service Control Manager) (User: )
Description: The zvggpwqox Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (06/22/2012 09:02:16 AM) (Source: Service Control Manager) (User: )
Description: The Network Universal service terminated with the following error: 
%%126

Error: (06/22/2012 09:02:16 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error: 
%%5

Error: (06/22/2012 08:31:09 AM) (Source: Service Control Manager) (User: )
Description: The Network Universal service terminated with the following error: 
%%126

Error: (06/22/2012 08:31:09 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error: 
%%5

Error: (06/22/2012 02:18:16 AM) (Source: Service Control Manager) (User: )
Description: The Network Universal service terminated with the following error: 
%%126

Error: (06/22/2012 02:18:16 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error: 
%%5


Microsoft Office Sessions:
=========================
Error: (06/22/2012 09:08:40 AM) (Source: MsiInstaller)(User: Anis)Anis
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)

Error: (06/22/2012 02:12:45 AM) (Source: MsiInstaller)(User: Anis)Anis
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)

Error: (06/21/2012 10:49:59 PM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (06/21/2012 10:29:06 AM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (06/21/2012 09:05:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/21/2012 09:05:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/29/2011 01:40:39 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512shlwapi.dll6.0.2900.551200008342

Error: (12/25/2011 07:22:02 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (12/25/2011 07:21:55 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (11/28/2011 00:38:12 AM) (Source: Chrome)(User: Anis)Anis
Description: Chrome has encountered a fatal error.
ver=15.0.874.121;is_machine=0;minidump=C:\Documents and Settings\Anis\Local Settings\Application Data\Google\CrashReports\21183ccf-ade4-4613-8b31-cca46115dea5.dmp


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
CCleaner (Version: 2.36)
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
Comodo Dragon (Version: 19.2.0.0)
Disney's Magic Artist Deluxe
ESET NOD32 Antivirus (Version: 4.2.64.12)
Foxit PDF Creator
Foxit PDF Editor
FoxIt Pro Suite 1.00
Foxit Reader
Foxit Reader (Version: 3.0.2008.1120)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 21 (Version: 6.0.210)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Marine Park Empire (Version: 1.00)
Maxis Broadband (Version: 16.002.10.14.99)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MSN
MSVC80_x86 (Version: 1.0.1.0)
Nero 7 Ultra Edition (Version: 7.03.0647)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.8.0)
Nokia PC Suite (Version: 7.1.18.0)
Optima KBSR English Grammar Year 5
Optima KBSR Mathematics Year 4
PC Connectivity Solution (Version: 8.47.6.0)
QuickTime (Version: 7.55.90.70)
SiS M661MX
Skype Toolbars (Version: 5.2.4160)
Skype™ 5.2 (Version: 5.2.102)
Smart Link 56K Modem
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Nokia Modem  (10/27/2008 3.9) (Version: 10/27/2008 3.9)
Windows Driver Package - Nokia Modem  (10/27/2008 7.01.0.1) (Version: 10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 221.48 MB
Available physical RAM: 114.66 MB
Total Pagefile: 542.75 MB
Available Pagefile: 393.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.05 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:19.53 GB) (Free:10.93 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:17.72 GB) (Free:9.12 GB) NTFS
3 Drive e: (MSIHQ) (Removable) (Total:0.46 GB) (Free:0.44 GB) FAT

========================= Users: ========================================

User accounts for \\HOME-B418E4491E

Administrator            Anis                     Guest                    
HelpAssistant            SUPPORT_388945a0         


**** End of log ****


After running MBAM and minitoolbox, the suspicious items disappeared from task manager, but after a restart I can see these:
ouc.exe
HWDeviceService.exe

#8 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2012 - 08:54 PM

BTW NOD32 could not be removed with AppRemover. After a restart it appears again.

I don't know where it is launching from (egui.exe), there is no ESET folder in 'Program Files' and 'Common Files'.
Could this be a malware masquerading itself?
Update:
I checked again and the folder is actually there in 'Program Files'.. not sure if I missed it earlier or it reappeared.

Edited by sirfaliq, 21 June 2012 - 09:21 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 PM

Posted 21 June 2012 - 09:34 PM

Download

Nod32 uninstaller

Try this tool or

Revo uninstaller

http://www.revouninstaller.com/revo_uninstaller_free_download.html

ALso check if you can run ESET online scanner from safemode with networking

Can you browse now?

#10 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 22 June 2012 - 01:38 AM

Thank you for your time.

I did something else before I read your latest post.

I ran AppRemover in safe mode to remove the broken NOD32. I also ran ccleaner.

It worked, but...

The desktop now takes around 5 minutes to appear upon restarting or booting.
The wallpaper appears first, 5 minutes later the taskbar and icons will appear. While waiting for the taskbar to appear I am able to open the task manager and see that explorer.exe is already running.
I am unable to test the internet connectivity for this notebook now, as I'm at the office.

I have also discovered that ouc.exe is not a malware, it's a component of the software for my friend's mobile broadband. After uninstalling it the file was gone.
The system seems clean (or cleaner) now, I can run msconfig, and there's no sudden slowdown like before.

Internet Explorer is totally broken though, tried installing a new one but it will not work despite asking for a restart. Wanted to try sfc /scannow but the optical drive is broken as well.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 PM

Posted 22 June 2012 - 01:49 AM

Total physical RAM: 221.48 MB

This is too low which should be basic reason for startup slowness.I cant recommend you anything other than a RAM upgrade

Download Internet explorer 8 from here

http://www.microsoft.com/en-us/download/details.aspx?id=43

Install it and see if it works

I also want you to check if ESET online scanner works in safemode with networking

Edited by narenxp, 22 June 2012 - 01:49 AM.


#12 sirfaliq

sirfaliq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 22 June 2012 - 10:21 AM

I don't think the 5 minutes delay for icons and taskbar to appear is related to memory because previously while still under heavy infection it was much faster to load.

IE8 installation failed.
I have also removed IE7 by using ccleaner's uninstaller and tried to install IE8 after that. Still no go.

The internet is no longer working even in safe mode. I managed to get it online yesterday... not sure which step broke the connectivity. Probably after removing eset.

I am tired of this slow ancient notebook. I'm going for the kill - a full format.
Thanks a lot for your help, we were so close to getting this dinosaur back to normal.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 PM

Posted 22 June 2012 - 10:30 AM

Format should be the best option at this stage.

good luck :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users