Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect - InfoMash


  • This topic is locked This topic is locked
32 replies to this topic

#1 jpd9930

jpd9930

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 30 June 2012 - 03:25 PM

not much more to say...I've run MBAM a few times...usually find a virus or 2 but not on 2nd run even after reboot. I have the most recent log saved if you would like me to post.

XP-PRO SP3

Edited by jpd9930, 30 June 2012 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 30 June 2012 - 03:39 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 July 2012 - 01:50 AM

00:29:41.0752 1416 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
00:29:42.0002 1416 ============================================================
00:29:42.0002 1416 Current date / time: 2012/07/01 00:29:42.0002
00:29:42.0002 1416 SystemInfo:
00:29:42.0002 1416
00:29:42.0002 1416 OS Version: 5.1.2600 ServicePack: 3.0
00:29:42.0002 1416 Product type: Workstation
00:29:42.0002 1416 ComputerName: AMD3
00:29:42.0002 1416 UserName: Jon
00:29:42.0002 1416 Windows directory: C:\WINDOWS
00:29:42.0002 1416 System windows directory: C:\WINDOWS
00:29:42.0002 1416 Processor architecture: Intel x86
00:29:42.0002 1416 Number of processors: 2
00:29:42.0002 1416 Page size: 0x1000
00:29:42.0002 1416 Boot type: Normal boot
00:29:42.0002 1416 ============================================================
00:29:42.0892 1416 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
00:29:42.0892 1416 ============================================================
00:29:42.0892 1416 \Device\Harddisk0\DR0:
00:29:42.0892 1416 MBR partitions:
00:29:42.0892 1416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A923F0
00:29:42.0908 1416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9246E, BlocksNum 0xEF86653
00:29:42.0908 1416 ============================================================
00:29:43.0001 1416 C: <-> \Device\Harddisk0\DR0\Partition0
00:29:43.0033 1416 D: <-> \Device\Harddisk0\DR0\Partition1
00:29:43.0033 1416 ============================================================
00:29:43.0033 1416 Initialize success
00:29:43.0033 1416 ============================================================
00:29:48.0983 3160 ============================================================
00:29:48.0983 3160 Scan started
00:29:48.0983 3160 Mode: Manual;
00:29:48.0983 3160 ============================================================
00:29:49.0155 3160 Abiosdsk - ok
00:29:49.0155 3160 abp480n5 - ok
00:29:49.0186 3160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:29:49.0186 3160 ACPI - ok
00:29:49.0202 3160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:29:49.0202 3160 ACPIEC - ok
00:29:49.0280 3160 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:29:49.0280 3160 AdobeFlashPlayerUpdateSvc - ok
00:29:49.0280 3160 adpu160m - ok
00:29:49.0311 3160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:29:49.0327 3160 aec - ok
00:29:49.0343 3160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:29:49.0358 3160 AFD - ok
00:29:49.0358 3160 Aha154x - ok
00:29:49.0358 3160 aic78u2 - ok
00:29:49.0358 3160 aic78xx - ok
00:29:49.0374 3160 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:29:49.0389 3160 Alerter - ok
00:29:49.0389 3160 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:29:49.0389 3160 ALG - ok
00:29:49.0389 3160 AliIde - ok
00:29:49.0467 3160 AMBFilt (57221ef8a056b5fb47cdda3ba28dd377) C:\WINDOWS\system32\drivers\AMBFilt.sys
00:29:49.0514 3160 AMBFilt - ok
00:29:49.0577 3160 amsint - ok
00:29:49.0592 3160 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:29:49.0592 3160 AppMgmt - ok
00:29:49.0592 3160 asc - ok
00:29:49.0608 3160 asc3350p - ok
00:29:49.0608 3160 asc3550 - ok
00:29:49.0624 3160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:29:49.0624 3160 AsyncMac - ok
00:29:49.0624 3160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:29:49.0639 3160 atapi - ok
00:29:49.0639 3160 Atdisk - ok
00:29:49.0655 3160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:29:49.0655 3160 Atmarpc - ok
00:29:49.0671 3160 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:29:49.0671 3160 AudioSrv - ok
00:29:49.0702 3160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:29:49.0702 3160 audstub - ok
00:29:49.0717 3160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:29:49.0717 3160 Beep - ok
00:29:49.0733 3160 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\System32\drivers\BIOS.sys
00:29:49.0733 3160 BIOS - ok
00:29:49.0764 3160 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
00:29:49.0780 3160 BITS - ok
00:29:49.0795 3160 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:29:49.0795 3160 Browser - ok
00:29:49.0827 3160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:29:49.0827 3160 cbidf2k - ok
00:29:49.0827 3160 cd20xrnt - ok
00:29:49.0842 3160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:29:49.0842 3160 Cdaudio - ok
00:29:49.0842 3160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:29:49.0842 3160 Cdfs - ok
00:29:49.0858 3160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:29:49.0858 3160 Cdrom - ok
00:29:49.0858 3160 Changer - ok
00:29:49.0874 3160 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:29:49.0874 3160 CiSvc - ok
00:29:49.0889 3160 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:29:49.0889 3160 ClipSrv - ok
00:29:49.0889 3160 CmdIde - ok
00:29:49.0889 3160 COMSysApp - ok
00:29:49.0905 3160 Cpqarray - ok
00:29:49.0905 3160 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:29:49.0905 3160 CryptSvc - ok
00:29:49.0905 3160 dac2w2k - ok
00:29:49.0920 3160 dac960nt - ok
00:29:49.0952 3160 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:29:49.0952 3160 DcomLaunch - ok
00:29:49.0967 3160 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:29:49.0983 3160 Dhcp - ok
00:29:49.0983 3160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:29:49.0983 3160 Disk - ok
00:29:49.0999 3160 dmadmin - ok
00:29:50.0061 3160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:29:50.0108 3160 dmboot - ok
00:29:50.0123 3160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:29:50.0123 3160 dmio - ok
00:29:50.0155 3160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:29:50.0155 3160 dmload - ok
00:29:50.0170 3160 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:29:50.0170 3160 dmserver - ok
00:29:50.0170 3160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:29:50.0170 3160 DMusic - ok
00:29:50.0202 3160 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:29:50.0202 3160 Dnscache - ok
00:29:50.0217 3160 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:29:50.0233 3160 Dot3svc - ok
00:29:50.0233 3160 dpti2o - ok
00:29:50.0248 3160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:29:50.0248 3160 drmkaud - ok
00:29:50.0280 3160 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
00:29:50.0280 3160 DrvAgent32 - ok
00:29:50.0295 3160 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:29:50.0295 3160 EapHost - ok
00:29:50.0295 3160 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:29:50.0295 3160 ERSvc - ok
00:29:50.0326 3160 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:29:50.0326 3160 Eventlog - ok
00:29:50.0358 3160 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
00:29:50.0373 3160 EventSystem - ok
00:29:50.0389 3160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:29:50.0389 3160 Fastfat - ok
00:29:50.0420 3160 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:29:50.0420 3160 FastUserSwitchingCompatibility - ok
00:29:50.0451 3160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:29:50.0451 3160 Fdc - ok
00:29:50.0451 3160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:29:50.0451 3160 Fips - ok
00:29:50.0451 3160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:29:50.0451 3160 Flpydisk - ok
00:29:50.0467 3160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:29:50.0483 3160 FltMgr - ok
00:29:50.0592 3160 FsFilter (86908d0c072ce28a7650b78bab5a06e5) c:\documents and settings\jon.amd3\application data\adobe\rxsupply.sys
00:29:50.0592 3160 Suspicious file (NoAccess): c:\documents and settings\jon.amd3\application data\adobe\rxsupply.sys. md5: 86908d0c072ce28a7650b78bab5a06e5
00:29:50.0592 3160 FsFilter ( LockedFile.Multi.Generic ) - warning
00:29:50.0592 3160 FsFilter - detected LockedFile.Multi.Generic (1)
00:29:50.0623 3160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:29:50.0623 3160 Fs_Rec - ok
00:29:50.0623 3160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:29:50.0623 3160 Ftdisk - ok
00:29:50.0654 3160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:29:50.0654 3160 Gpc - ok
00:29:50.0670 3160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:29:50.0670 3160 HDAudBus - ok
00:29:50.0701 3160 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:29:50.0701 3160 helpsvc - ok
00:29:50.0701 3160 HidServ - ok
00:29:50.0717 3160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:29:50.0717 3160 HidUsb - ok
00:29:50.0748 3160 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:29:50.0748 3160 hkmsvc - ok
00:29:50.0764 3160 hpn - ok
00:29:50.0779 3160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:29:50.0795 3160 HTTP - ok
00:29:50.0795 3160 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:29:50.0795 3160 HTTPFilter - ok
00:29:50.0795 3160 i2omgmt - ok
00:29:50.0795 3160 i2omp - ok
00:29:50.0826 3160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:29:50.0826 3160 i8042prt - ok
00:29:50.0826 3160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:29:50.0826 3160 Imapi - ok
00:29:50.0858 3160 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
00:29:50.0858 3160 ImapiService - ok
00:29:50.0858 3160 ini910u - ok
00:29:50.0858 3160 IntelIde - ok
00:29:50.0889 3160 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:29:50.0889 3160 ip6fw - ok
00:29:50.0889 3160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:29:50.0889 3160 IpFilterDriver - ok
00:29:50.0904 3160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:29:50.0904 3160 IpInIp - ok
00:29:50.0920 3160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:29:50.0920 3160 IpNat - ok
00:29:50.0920 3160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:29:50.0920 3160 IPSec - ok
00:29:50.0936 3160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:29:50.0936 3160 IRENUM - ok
00:29:50.0936 3160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:29:50.0936 3160 isapnp - ok
00:29:51.0045 3160 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) D:\Program files\java\jre6\bin\jqs.exe
00:29:51.0061 3160 JavaQuickStarterService - ok
00:29:51.0076 3160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:29:51.0076 3160 Kbdclass - ok
00:29:51.0076 3160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:29:51.0092 3160 kmixer - ok
00:29:51.0107 3160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:29:51.0107 3160 KSecDD - ok
00:29:51.0139 3160 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:29:51.0139 3160 lanmanserver - ok
00:29:51.0170 3160 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:29:51.0170 3160 lanmanworkstation - ok
00:29:51.0170 3160 lbrtfdc - ok
00:29:51.0201 3160 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:29:51.0201 3160 LmHosts - ok
00:29:51.0217 3160 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
00:29:51.0217 3160 MBAMProtector - ok
00:29:51.0279 3160 MBAMService (ba400ed640bca1eae5c727ae17c10207) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:29:51.0295 3160 MBAMService - ok
00:29:51.0310 3160 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:29:51.0310 3160 Messenger - ok
00:29:51.0326 3160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:29:51.0326 3160 mnmdd - ok
00:29:51.0357 3160 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
00:29:51.0357 3160 mnmsrvc - ok
00:29:51.0373 3160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:29:51.0373 3160 Modem - ok
00:29:51.0435 3160 MonFilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\MonFilt.sys
00:29:51.0482 3160 MonFilt - ok
00:29:51.0529 3160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:29:51.0529 3160 Mouclass - ok
00:29:51.0560 3160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:29:51.0560 3160 MountMgr - ok
00:29:51.0607 3160 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:29:51.0607 3160 MozillaMaintenance - ok
00:29:51.0607 3160 mraid35x - ok
00:29:51.0623 3160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:29:51.0623 3160 MRxDAV - ok
00:29:51.0654 3160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:29:51.0670 3160 MRxSmb - ok
00:29:51.0685 3160 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
00:29:51.0685 3160 MSDTC - ok
00:29:51.0701 3160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:29:51.0701 3160 Msfs - ok
00:29:51.0701 3160 MSIServer - ok
00:29:51.0717 3160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:29:51.0717 3160 MSKSSRV - ok
00:29:51.0717 3160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:29:51.0717 3160 MSPCLOCK - ok
00:29:51.0732 3160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:29:51.0732 3160 MSPQM - ok
00:29:51.0732 3160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:29:51.0732 3160 mssmbios - ok
00:29:51.0748 3160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:29:51.0763 3160 Mup - ok
00:29:51.0810 3160 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:29:51.0826 3160 napagent - ok
00:29:51.0841 3160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:29:51.0857 3160 NDIS - ok
00:29:51.0873 3160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:29:51.0873 3160 NdisTapi - ok
00:29:51.0873 3160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:29:51.0873 3160 Ndisuio - ok
00:29:51.0888 3160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:29:51.0888 3160 NdisWan - ok
00:29:51.0904 3160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:29:51.0904 3160 NDProxy - ok
00:29:51.0920 3160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:29:51.0920 3160 NetBIOS - ok
00:29:51.0935 3160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:29:51.0935 3160 NetBT - ok
00:29:51.0966 3160 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:29:51.0966 3160 NetDDE - ok
00:29:51.0966 3160 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:29:51.0966 3160 NetDDEdsdm - ok
00:29:51.0982 3160 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
00:29:51.0982 3160 Netlogon - ok
00:29:51.0998 3160 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:29:52.0013 3160 Netman - ok
00:29:52.0029 3160 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:29:52.0029 3160 Nla - ok
00:29:52.0045 3160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:29:52.0045 3160 Npfs - ok
00:29:52.0076 3160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:29:52.0076 3160 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Ntfs.sys. md5: 78a08dd6a8d65e697c18e1db01c5cdca
00:29:52.0076 3160 Ntfs ( LockedFile.Multi.Generic ) - warning
00:29:52.0076 3160 Ntfs - detected LockedFile.Multi.Generic (1)
00:29:52.0076 3160 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
00:29:52.0091 3160 NtLmSsp - ok
00:29:52.0107 3160 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:29:52.0123 3160 NtmsSvc - ok
00:29:52.0138 3160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:29:52.0138 3160 Null - ok
00:29:52.0373 3160 nv (da8c5723ad3a73f57ffd4dd64aba2c77) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:29:52.0513 3160 nv - ok
00:29:52.0591 3160 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:29:52.0591 3160 NVENETFD - ok
00:29:52.0607 3160 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
00:29:52.0607 3160 nvgts - ok
00:29:52.0638 3160 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:29:52.0638 3160 nvnetbus - ok
00:29:52.0638 3160 nvsvc - ok
00:29:52.0654 3160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:29:52.0654 3160 NwlnkFlt - ok
00:29:52.0669 3160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:29:52.0669 3160 NwlnkFwd - ok
00:29:52.0700 3160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:29:52.0700 3160 Parport - ok
00:29:52.0716 3160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:29:52.0716 3160 PartMgr - ok
00:29:52.0747 3160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:29:52.0747 3160 ParVdm - ok
00:29:52.0763 3160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:29:52.0763 3160 PCI - ok
00:29:52.0763 3160 PCIDump - ok
00:29:52.0763 3160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:29:52.0763 3160 PCIIde - ok
00:29:52.0794 3160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:29:52.0794 3160 Pcmcia - ok
00:29:52.0794 3160 PDCOMP - ok
00:29:52.0794 3160 PDFRAME - ok
00:29:52.0794 3160 PDRELI - ok
00:29:52.0794 3160 PDRFRAME - ok
00:29:52.0794 3160 perc2 - ok
00:29:52.0794 3160 perc2hib - ok
00:29:52.0825 3160 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:29:52.0825 3160 PlugPlay - ok
00:29:52.0841 3160 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
00:29:52.0841 3160 PolicyAgent - ok
00:29:52.0872 3160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:29:52.0872 3160 PptpMiniport - ok
00:29:52.0872 3160 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:29:52.0888 3160 Processor - ok
00:29:52.0888 3160 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:29:52.0888 3160 ProtectedStorage - ok
00:29:52.0888 3160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:29:52.0888 3160 PSched - ok
00:29:52.0904 3160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:29:52.0919 3160 Ptilink - ok
00:29:52.0919 3160 ql1080 - ok
00:29:52.0919 3160 Ql10wnt - ok
00:29:52.0919 3160 ql12160 - ok
00:29:52.0919 3160 ql1240 - ok
00:29:52.0919 3160 ql1280 - ok
00:29:52.0950 3160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:29:52.0950 3160 RasAcd - ok
00:29:52.0966 3160 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:29:52.0982 3160 RasAuto - ok
00:29:52.0997 3160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:29:52.0997 3160 Rasl2tp - ok
00:29:53.0013 3160 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:29:53.0013 3160 RasMan - ok
00:29:53.0028 3160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:29:53.0028 3160 RasPppoe - ok
00:29:53.0028 3160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:29:53.0028 3160 Raspti - ok
00:29:53.0060 3160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:29:53.0060 3160 Rdbss - ok
00:29:53.0060 3160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:29:53.0060 3160 RDPCDD - ok
00:29:53.0075 3160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:29:53.0091 3160 rdpdr - ok
00:29:53.0107 3160 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:29:53.0107 3160 RDPWD - ok
00:29:53.0122 3160 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:29:53.0138 3160 RDSessMgr - ok
00:29:53.0138 3160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:29:53.0138 3160 redbook - ok
00:29:53.0185 3160 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:29:53.0185 3160 RemoteAccess - ok
00:29:53.0216 3160 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:29:53.0216 3160 RemoteRegistry - ok
00:29:53.0232 3160 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
00:29:53.0232 3160 RpcLocator - ok
00:29:53.0247 3160 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:29:53.0263 3160 RpcSs - ok
00:29:53.0278 3160 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
00:29:53.0294 3160 RSVP - ok
00:29:53.0310 3160 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:29:53.0310 3160 SamSs - ok
00:29:53.0325 3160 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:29:53.0341 3160 SCardSvr - ok
00:29:53.0341 3160 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:29:53.0356 3160 Schedule - ok
00:29:53.0372 3160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:29:53.0372 3160 Secdrv - ok
00:29:53.0388 3160 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:29:53.0388 3160 seclogon - ok
00:29:53.0403 3160 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:29:53.0403 3160 SENS - ok
00:29:53.0403 3160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:29:53.0403 3160 Serial - ok
00:29:53.0403 3160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:29:53.0419 3160 Sfloppy - ok
00:29:53.0435 3160 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:29:53.0435 3160 ShellHWDetection - ok
00:29:53.0435 3160 Simbad - ok
00:29:53.0435 3160 Sparrow - ok
00:29:53.0450 3160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:29:53.0450 3160 splitter - ok
00:29:53.0466 3160 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:29:53.0466 3160 Spooler - ok
00:29:53.0466 3160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:29:53.0481 3160 sr - ok
00:29:53.0481 3160 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
00:29:53.0497 3160 srservice - ok
00:29:53.0528 3160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:29:53.0528 3160 Srv - ok
00:29:53.0544 3160 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:29:53.0544 3160 SSDPSRV - ok
00:29:53.0560 3160 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:29:53.0560 3160 StillCam - ok
00:29:53.0591 3160 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:29:53.0606 3160 stisvc - ok
00:29:53.0622 3160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:29:53.0622 3160 swenum - ok
00:29:53.0622 3160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:29:53.0622 3160 swmidi - ok
00:29:53.0622 3160 SwPrv - ok
00:29:53.0622 3160 symc810 - ok
00:29:53.0638 3160 symc8xx - ok
00:29:53.0638 3160 sym_hi - ok
00:29:53.0638 3160 sym_u3 - ok
00:29:53.0653 3160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:29:53.0653 3160 sysaudio - ok
00:29:53.0669 3160 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:29:53.0669 3160 SysmonLog - ok
00:29:53.0700 3160 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:29:53.0700 3160 TapiSrv - ok
00:29:53.0716 3160 Tardis (9333fbd7f56b6253aea877663a0afac2) C:\WINDOWS\system32\tardisnt.exe
00:29:53.0731 3160 Tardis - ok
00:29:53.0747 3160 Tcpip (456e0f5b9beb184521b0ee8fa7cc92c7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:29:53.0763 3160 Tcpip - ok
00:29:53.0778 3160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:29:53.0778 3160 TDPIPE - ok
00:29:53.0778 3160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:29:53.0778 3160 TDTCP - ok
00:29:53.0794 3160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:29:53.0794 3160 TermDD - ok
00:29:53.0809 3160 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:29:53.0809 3160 TermService - ok
00:29:53.0825 3160 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:29:53.0841 3160 Themes - ok
00:29:53.0856 3160 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
00:29:53.0856 3160 TlntSvr - ok
00:29:53.0856 3160 TosIde - ok
00:29:53.0872 3160 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:29:53.0887 3160 TrkWks - ok
00:29:53.0903 3160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:29:53.0903 3160 Udfs - ok
00:29:53.0903 3160 ultra - ok
00:29:53.0934 3160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:29:53.0950 3160 Update - ok
00:29:53.0981 3160 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:29:53.0981 3160 upnphost - ok
00:29:53.0997 3160 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:29:53.0997 3160 UPS - ok
00:29:53.0997 3160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:29:53.0997 3160 usbehci - ok
00:29:54.0028 3160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:29:54.0028 3160 usbhub - ok
00:29:54.0028 3160 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:29:54.0028 3160 usbohci - ok
00:29:54.0059 3160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:29:54.0059 3160 usbscan - ok
00:29:54.0075 3160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:29:54.0075 3160 USBSTOR - ok
00:29:54.0091 3160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:29:54.0091 3160 VgaSave - ok
00:29:54.0169 3160 VIAHdAudAddService (f99a672fd483c62c0d6452e4ba3f4c99) C:\WINDOWS\system32\drivers\viahduaa.sys
00:29:54.0231 3160 VIAHdAudAddService - ok
00:29:54.0278 3160 ViaIde - ok
00:29:54.0294 3160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:29:54.0294 3160 VolSnap - ok
00:29:54.0325 3160 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:29:54.0340 3160 VSS - ok
00:29:54.0356 3160 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
00:29:54.0372 3160 W32Time - ok
00:29:54.0372 3160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:29:54.0387 3160 Wanarp - ok
00:29:54.0387 3160 WDICA - ok
00:29:54.0403 3160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:29:54.0403 3160 wdmaud - ok
00:29:54.0419 3160 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:29:54.0419 3160 WebClient - ok
00:29:54.0465 3160 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:29:54.0465 3160 winmgmt - ok
00:29:54.0497 3160 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\System32\mspmsnsv.dll
00:29:54.0497 3160 WmdmPmSN - ok
00:29:54.0528 3160 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:29:54.0543 3160 Wmi - ok
00:29:54.0575 3160 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:29:54.0575 3160 WmiApSrv - ok
00:29:54.0606 3160 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:29:54.0606 3160 wuauserv - ok
00:29:54.0637 3160 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:29:54.0637 3160 WZCSVC - ok
00:29:54.0653 3160 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:29:54.0668 3160 xmlprov - ok
00:29:54.0668 3160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:29:54.0934 3160 \Device\Harddisk0\DR0 - ok
00:29:54.0950 3160 Boot (0x1200) (3bb6e07f440c3453ce9d9b72cd56d2aa) \Device\Harddisk0\DR0\Partition0
00:29:54.0950 3160 \Device\Harddisk0\DR0\Partition0 - ok
00:29:54.0981 3160 Boot (0x1200) (b576c1e763dead07e7003635279ae04a) \Device\Harddisk0\DR0\Partition1
00:29:54.0981 3160 \Device\Harddisk0\DR0\Partition1 - ok
00:29:54.0981 3160 ============================================================
00:29:54.0981 3160 Scan finished
00:29:54.0981 3160 ============================================================
00:29:54.0996 2436 Detected object count: 2
00:29:54.0996 2436 Actual detected object count: 2
00:30:08.0569 2436 FsFilter ( LockedFile.Multi.Generic ) - skipped by user
00:30:08.0569 2436 FsFilter ( LockedFile.Multi.Generic ) - User select action: Skip
00:30:08.0569 2436 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
00:30:08.0569 2436 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:30:32.0278 1236 Deinitialize success



------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 00:33:24
-----------------------------
00:33:24.876 OS Version: Windows 5.1.2600 Service Pack 3
00:33:24.876 Number of processors: 2 586 0x403
00:33:24.876 ComputerName: AMD3 UserName: Jon
00:33:25.048 Initialize success
00:36:27.003 AVAST engine defs: 12063001
00:37:19.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
00:37:19.855 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 3
00:37:19.871 Disk 0 MBR read successfully
00:37:19.871 Disk 0 MBR scan
00:37:19.933 Disk 0 Windows XP default MBR code
00:37:19.933 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29988 MB offset 63
00:37:19.949 Disk 0 Partition - 00 0F Extended LBA 122636 MB offset 61416495
00:37:19.949 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122636 MB offset 61416558
00:37:19.949 Disk 0 scanning sectors +312576705
00:37:20.027 Disk 0 scanning C:\WINDOWS\system32\drivers
00:37:27.227 Service scanning
00:37:35.880 Modules scanning
00:37:38.754 Disk 0 trace - called modules:
00:37:38.769 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
00:37:38.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a40a1a0]
00:37:38.769 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a412778]
00:37:38.769 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a441a38]
00:37:39.050 AVAST engine scan C:\
00:40:18.264 File: C:\Documents and Settings\Jon.AMD3\Application Data\msaplp.dll **INFECTED** Win32:FakeSteam-L [Trj]
00:40:18.405 File: C:\Documents and Settings\Jon.AMD3\Application Data\setwsc.dll **INFECTED** Win32:Agent-AOOV [Trj]
00:41:41.885 File: C:\Documents and Settings\Jon.AMD3\Local Settings\Temp\~!#9A.tmp **INFECTED** Win32:FakeSteam-L [Trj]
01:47:19.018 Scan finished successfully
01:50:22.878 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jon.AMD3\Desktop\MBR.dat"
01:50:22.878 The log file has been saved successfully to "C:\Documents and Settings\Jon.AMD3\Desktop\aswMBR2.txt"


-------------------------------------------------------------------------------------

C:\Documents and Settings\Jon.AMD3\Application Data\setwsc.dll a variant of Win32/Kryptik.AHCK trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Jon.AMD3\Local Settings\Application Data\{45AFA2FC-B1AD-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jon.AMD3\Local Settings\Temp\NODCBFC.tmp a variant of Win32/Kryptik.AHCK trojan cleaned by deleting (after the next restart) - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 01 July 2012 - 04:13 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 July 2012 - 09:49 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jon :: AMD3 [administrator]

Protection: Disabled

7/1/2012 10:05:22 AM
mbam-log-2012-07-01 (10-05-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443078
Time elapsed: 29 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------------------------------------------------

MiniToolBox by Farbar Version: 25-06-2012
Ran by Jon (administrator) on 01-07-2012 at 10:36:15
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.xxx.xxx.xxx localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [AMD3]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : amd3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. . . . . . . . . : 00-30-67-D0-D3-BE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.xxx.xxx
Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.xxx.xxx
DHCP Server . . . . . . . . . . . : 192.168.xxx.xxx
DNS Servers . . . . . . . . . . . : 192.168.xxx.xxx
Lease Obtained. . . . . . . . . . : Sunday, July 01, 2012 8:02:24 AM

Lease Expires . . . . . . . . . . : Tuesday, July 03, 2012 8:02:24 AM

Server: UnKnown
Address: 192.168.xxx.xxx
Name: google.com
Addresses: 173.194.37.71, 173.194.37.72, 173.194.37.73, 173.194.37.78
173.194.37.64, 173.194.37.65, 173.194.37.66, 173.194.37.67, 173.194.37.68
173.194.37.69, 173.194.37.70



Pinging google.com [74.125.45.102] with 32 bytes of data:



Reply from 74.125.45.102: bytes=32 time=30ms TTL=53

Reply from 74.125.45.102: bytes=32 time=32ms TTL=53



Ping statistics for 74.125.45.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 32ms, Average = 31ms

Server: UnKnown
Address: 192.168.xxx.xxx
Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=92ms TTL=52

Reply from 72.30.38.140: bytes=32 time=131ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 131ms, Average = 111ms

Server: UnKnown
Address: 192.168.xxx.xxx

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.xxx.xxx.xxx with 32 bytes of data:



Reply from 127.xxx.xxx.xxx : bytes=32 time<1ms TTL=128

Reply from 127.xxx.xxx.xxx : bytes=32 time<1ms TTL=128



Ping statistics for 127.xxx.xxx.xxx :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 67 d0 d3 be ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.xxx.xxx 192.168.xxx.xxx 20
127.0.xxx.xxx 255.0.0.0 127.0.xxx.xxx 127.0.xxx.xxx 1
169.254.xxx.xxx 255.255.0.0 192.168.xxx.xxx 192.168.xxx.xxx 1
192.168.xxx.xxx 255.255.255.0 192.168.xxx.xxx 192.168.xxx.xxx 20
192.168.xxx.xxx 255.255.255.255 127.0.xxx.xxx 127.0.xxx.xxx 20
192.168.xxx.xxx 255.255.255.255 192.168.xxx.xxx 192.168.xxx.xxx 20
224.0.0.0 240.0.0.0 192.168.xxx.xxx 192.168.xxx.xxx 20
255.255.255.255 255.255.255.255 192.168.xxx.xxx 192.168.xxx.xxx 1
Default Gateway: 192.168.xxx.xxx ===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2012 08:02:38 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/25/2012 09:57:15 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/18/2012 05:04:50 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10005078.
Processing media-specific event for [svchost.exe!ws!]

Error: (06/15/2012 10:16:49 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2012 10:56:44 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/14/2012 03:19:36 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/11/2012 08:31:04 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/08/2012 06:54:35 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/08/2012 05:58:59 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/08/2012 05:55:32 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (06/25/2012 09:57:13 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/14/2012 10:56:42 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/12/2012 05:05:00 PM) (Source: Print) (User: AMD3)
Description: The document MTM3ZGVhYjk4MjdjYzY4NHwwLjI=.pdf owned by Jon failed to print on printer Canon MP620 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1097760. Number of bytes printed: 695584. Total number of pages in the document: 11. Number of pages printed: 0. Client machine: \\AMD3. Win32 error code returned by the print processor: MTM3ZGVhYjk4MjdjYzY4NHwwLjI=.pdf0. MTM3ZGVhYjk4MjdjYzY4NHwwLjI=.pdf1

Error: (06/08/2012 06:54:29 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/08/2012 06:53:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/08/2012 06:01:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/08/2012 05:55:27 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/08/2012 05:54:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/08/2012 05:09:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/08/2012 05:09:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BIOS
Fips
Processor


Microsoft Office Sessions:
=========================
Error: (06/30/2012 08:02:38 AM) (Source: WinMgmt)(User: )
Description:

Error: (06/25/2012 09:57:15 AM) (Source: WinMgmt)(User: )
Description:

Error: (06/18/2012 05:04:50 AM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512unknown0.0.0.010005078

Error: (06/15/2012 10:16:49 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/14/2012 10:56:44 AM) (Source: WinMgmt)(User: )
Description:

Error: (06/14/2012 03:19:36 AM) (Source: WinMgmt)(User: )
Description:

Error: (06/11/2012 08:31:04 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/08/2012 06:54:35 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/08/2012 05:58:59 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/08/2012 05:55:32 PM) (Source: WinMgmt)(User: )
Description:


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP620 series MP Drivers
Coupon Printer for Windows (Version: 5.0.0.1)
DriverAgent by eSupport.com
ESET Online Scanner v3
Google Chrome (Version: 20.0.1132.47)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
NVIDIA Drivers (Version: 1.4)
Platform (Version: 1.34)
Tardis 2000 V1.6 (Version: 1.6)
Timex Data Link USB (Version: 1.3.0.94)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Platform Device Manager (Version: 1.34)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3039.29 MB
Available physical RAM: 2178.86 MB
Total Pagefile: 4925.36 MB
Available Pagefile: 4276.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.96 MB

========================= Partitions: =====================================

1 Drive c: (Connor C) (Fixed) (Total:29.29 GB) (Free:0.41 GB) NTFS
2 Drive d: (Connor BFD) (Fixed) (Total:119.76 GB) (Free:100.52 GB) NTFS

========================= Users: ========================================

User accounts for \\AMD3

Administrator Guest HelpAssistant
Jon SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 01 July 2012 - 09:51 AM

Do you still have redirects?

#7 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 July 2012 - 10:04 AM

not sure..they are spuratic....

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 01 July 2012 - 10:58 AM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Post the contents of text file here

#9 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 July 2012 - 12:21 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "msaplp" "DAEMON Tools Pro Agent" "DT Soft Ltd" "c:\documents and settings\jon.amd3\application data\msaplp.dll"
+ "NvCplDaemon" "" "" "File not found: C:\WINDOWS\System32\NvCpl.dll"
+ "nwiz" "" "" "File not found: nwiz.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\jon.amd3\local settings\application data\google\update\googleupdate.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "" "" "File not found: C:\WINDOWS\System32\nvshell.dll"
+ "NvCplDesktopContext" "" "" "File not found: C:\WINDOWS\System32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "d:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "d:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1229272821-1563985344-682003330-1003Core.job" "Google Installer" "Google Inc." "c:\documents and settings\jon.amd3\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1229272821-1563985344-682003330-1003UA.job" "Google Installer" "Google Inc." "c:\documents and settings\jon.amd3\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "d:\program files\java\jre6\bin\jqs.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "" "File not found: C:\WINDOWS\System32\nvsvc32.exe"
+ "Tardis" "Synchronizes the time on this PC and provides time services to other computers, Linux, Windows, Etc." "" "c:\windows\system32\tardisnt.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AMBFilt" "Creative WDM 3D Audio Driver" "Creative" "c:\windows\system32\drivers\ambfilt.sys"
+ "aswMBR" "" "" "File not found: C:\DOCUME~1\JON~1.AMD\LOCALS~1\Temp\aswMBR.sys"
+ "BIOS" "I/O Interface driver file" "BIOSTAR Group" "c:\windows\system32\drivers\bios.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DrvAgent32" "DriverAgent Direct I/O for 32-bit Windows" "Phoenix Technologies" "c:\windows\system32\drivers\drvagent32.sys"
+ "FsFilter" "" "" "c:\documents and settings\jon.amd3\application data\adobe\rxsupply.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MonFilt" "Creative WDM Audio Driver (32-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\monfilt.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 186.34 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvgts" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvgts.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "VIAHdAudAddService" "VIA High Definition Audio Function Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viahduaa.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP620 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9d.dll"
+ "Canon BJNP Port" "Canon IJ Network 32bit comm Module" "CANON INC." "c:\windows\system32\cnmnppm.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 01 July 2012 - 12:23 PM

I do not find any thing suspicious.Which browser gets redirected?

#11 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 July 2012 - 03:24 PM

IE8. I dont really use Firefox for searching...I'll play with it for 2 days. If I dont get redirected we can consider it fixed.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 01 July 2012 - 03:28 PM

You can reply here if you still have redirects,until then

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 03 July 2012 - 09:11 AM

havent for got you...was out of town yesterday...will get to this on about 3 hours...thanks for your help so far..

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 03 July 2012 - 09:36 AM

:thumbup2:

#15 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 04 July 2012 - 11:28 PM

Got another redirect... googled bushcraftusa. when I clicked on the forums link it took me here:

http://8.26.70.252/see/display.php?q=bushcraftusa&affsub=46573-11415-35-32091&subid=e10

not sure if that will tell you anything or worth the risk to copy and paste.

once on that link, ofcourse, I was unable to navigate back to google without choosing google search results from the back navigate pull down list.

its not Infomash to the best of my knowledge.

this is the correct link: http://bushcraftusa.com/forum/index.php

Jon


Another redirect similar to the on above.

Edited by jpd9930, 05 July 2012 - 11:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users