Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malwayre Virus. I am cluless......


  • Please log in to reply
5 replies to this topic

#1 Hunny B4

Hunny B4

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 04 July 2012 - 11:45 PM

Hello. I really need help. For about the past week or two my computer has been going nuts. First it starts out that I can no longer double click icons on my desktop to open programs, then my internet explorer does not work. Whenever I try to open internet explorer it shows up breifly then just disappears quickly. I am able to open fire fox and google chrome but I have to first go to the start menu and right click them from the programs menu and click open. Other than that no luck with that either. The computer has also been just spontaneously shutting down without me asking it to and lots of times when I actually do go to shut it down it won't do it and I will have to unplug it. My homepage is also continuously set to something called Babylon Search which looks as if it is trying to mimic google search. So I ran a scan with a program called super antispyware. It found about 500 file threats so I removed them and rebooted. Same problem. Then I ran Norton and Norton just locks up all the time and never completes. So I found a forum where people were talking about how well Malwarebytes was so I downloaded that and it found 53 threats so I removed them and rebooted. I thought my problems were over but I was wrong. Same issue and now malwarebytes continuously gives me a message saying that it has successfully blocked a potential threat from IP address 206.161.121.3 and it says outgoing. Oh yes I also forgot to mention another issue that has started as of yesterday. Whenever I go to open my FTP client the computer just automatically shuts down and restarts. Can someone please help me?

Edited by Orange Blossom, 05 July 2012 - 12:51 AM.
Moved from XP to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 05 July 2012 - 02:52 AM

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Hunny B4

Hunny B4
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 05 July 2012 - 01:43 PM

THIS IS THE LOG REPORT FROM THE TDSSKILLER:

12:19:25.0296 1920 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
12:19:25.0671 1920 ============================================================
12:19:25.0671 1920 Current date / time: 2012/07/05 12:19:25.0671
12:19:25.0671 1920 SystemInfo:
12:19:25.0671 1920
12:19:25.0671 1920 OS Version: 5.1.2600 ServicePack: 2.0
12:19:25.0671 1920 Product type: Workstation
12:19:25.0671 1920 ComputerName: PERFERRE-3F2BC8
12:19:25.0671 1920 UserName: perferred customer
12:19:25.0671 1920 Windows directory: C:\WINDOWS
12:19:25.0671 1920 System windows directory: C:\WINDOWS
12:19:25.0671 1920 Processor architecture: Intel x86
12:19:25.0671 1920 Number of processors: 1
12:19:25.0671 1920 Page size: 0x1000
12:19:25.0671 1920 Boot type: Safe boot with network
12:19:25.0671 1920 ============================================================
12:19:30.0734 1920 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:19:30.0734 1920 ============================================================
12:19:30.0734 1920 \Device\Harddisk0\DR0:
12:19:30.0734 1920 MBR partitions:
12:19:30.0734 1920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
12:19:30.0734 1920 ============================================================
12:19:30.0796 1920 C: <-> \Device\Harddisk0\DR0\Partition0
12:19:30.0796 1920 ============================================================
12:19:30.0796 1920 Initialize success
12:19:30.0796 1920 ============================================================
12:20:12.0828 0316 ============================================================
12:20:12.0828 0316 Scan started
12:20:12.0828 0316 Mode: Manual; TDLFS;
12:20:12.0828 0316 ============================================================
12:20:16.0968 0316 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:20:16.0984 0316 !SASCORE - ok
12:20:17.0562 0316 Abiosdsk - ok
12:20:17.0609 0316 abp480n5 - ok
12:20:17.0734 0316 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:20:17.0750 0316 ACPI - ok
12:20:17.0812 0316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:20:17.0812 0316 ACPIEC - ok
12:20:17.0859 0316 adpu160m - ok
12:20:17.0921 0316 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:20:17.0937 0316 aec - ok
12:20:18.0031 0316 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:20:18.0046 0316 AFD - ok
12:20:18.0093 0316 Aha154x - ok
12:20:18.0140 0316 aic78u2 - ok
12:20:18.0187 0316 aic78xx - ok
12:20:18.0281 0316 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
12:20:18.0296 0316 Alerter - ok
12:20:18.0343 0316 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
12:20:18.0343 0316 ALG - ok
12:20:18.0390 0316 AliIde - ok
12:20:18.0437 0316 amsint - ok
12:20:18.0562 0316 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
12:20:18.0625 0316 AppMgmt - ok
12:20:18.0671 0316 asc - ok
12:20:18.0750 0316 asc3350p - ok
12:20:18.0796 0316 asc3550 - ok
12:20:19.0031 0316 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:20:19.0093 0316 aspnet_state - ok
12:20:19.0171 0316 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:20:19.0171 0316 AsyncMac - ok
12:20:19.0234 0316 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:20:19.0234 0316 atapi - ok
12:20:19.0281 0316 Atdisk - ok
12:20:19.0390 0316 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:20:19.0625 0316 ati2mtag - ok
12:20:19.0734 0316 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:20:19.0734 0316 Atmarpc - ok
12:20:19.0828 0316 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
12:20:19.0828 0316 AudioSrv - ok
12:20:19.0906 0316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:20:19.0906 0316 audstub - ok
12:20:19.0968 0316 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:20:19.0984 0316 bcm4sbxp - ok
12:20:20.0125 0316 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
12:20:20.0265 0316 BCMModem - ok
12:20:20.0343 0316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:20:20.0343 0316 Beep - ok
12:20:20.0656 0316 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
12:20:20.0703 0316 BHDrvx86 - ok
12:20:20.0812 0316 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
12:20:20.0875 0316 BITS - ok
12:20:20.0984 0316 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
12:20:20.0984 0316 Browser - ok
12:20:21.0062 0316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:20:21.0062 0316 cbidf2k - ok
12:20:21.0171 0316 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys
12:20:21.0187 0316 ccSet_N360 - ok
12:20:21.0265 0316 cd20xrnt - ok
12:20:21.0328 0316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:20:21.0328 0316 Cdaudio - ok
12:20:21.0375 0316 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:20:21.0375 0316 Cdfs - ok
12:20:21.0421 0316 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:20:21.0421 0316 Cdrom - ok
12:20:21.0468 0316 Changer - ok
12:20:21.0500 0316 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
12:20:21.0515 0316 CiSvc - ok
12:20:21.0562 0316 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
12:20:21.0562 0316 ClipSrv - ok
12:20:21.0671 0316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:20:21.0781 0316 clr_optimization_v2.0.50727_32 - ok
12:20:22.0000 0316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:20:22.0140 0316 clr_optimization_v4.0.30319_32 - ok
12:20:22.0187 0316 CmdIde - ok
12:20:22.0234 0316 COMSysApp - ok
12:20:22.0281 0316 Cpqarray - ok
12:20:22.0359 0316 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
12:20:22.0359 0316 CryptSvc - ok
12:20:22.0390 0316 dac2w2k - ok
12:20:22.0437 0316 dac960nt - ok
12:20:22.0562 0316 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
12:20:22.0593 0316 DcomLaunch - ok
12:20:22.0687 0316 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
12:20:22.0703 0316 Dhcp - ok
12:20:22.0750 0316 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:20:22.0765 0316 Disk - ok
12:20:22.0828 0316 dmadmin - ok
12:20:22.0921 0316 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:20:22.0953 0316 dmboot - ok
12:20:23.0015 0316 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:20:23.0015 0316 dmio - ok
12:20:23.0093 0316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:20:23.0109 0316 dmload - ok
12:20:23.0140 0316 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
12:20:23.0140 0316 dmserver - ok
12:20:23.0187 0316 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:20:23.0187 0316 DMusic - ok
12:20:23.0250 0316 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
12:20:23.0265 0316 Dnscache - ok
12:20:23.0296 0316 dpti2o - ok
12:20:23.0375 0316 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:20:23.0375 0316 drmkaud - ok
12:20:23.0562 0316 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:20:23.0593 0316 eeCtrl - ok
12:20:23.0671 0316 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:20:23.0687 0316 EraserUtilRebootDrv - ok
12:20:23.0750 0316 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
12:20:23.0750 0316 ERSvc - ok
12:20:23.0843 0316 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
12:20:23.0859 0316 Eventlog - ok
12:20:23.0937 0316 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
12:20:23.0953 0316 EventSystem - ok
12:20:24.0031 0316 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:20:24.0093 0316 Fastfat - ok
12:20:24.0281 0316 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:20:24.0296 0316 FastUserSwitchingCompatibility - ok
12:20:24.0453 0316 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:20:24.0468 0316 Fdc - ok
12:20:24.0546 0316 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:20:24.0546 0316 Fips - ok
12:20:24.0593 0316 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:20:24.0593 0316 Flpydisk - ok
12:20:24.0640 0316 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:20:24.0640 0316 FltMgr - ok
12:20:24.0859 0316 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:20:24.0859 0316 FontCache3.0.0.0 - ok
12:20:24.0937 0316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:20:24.0937 0316 Fs_Rec - ok
12:20:25.0062 0316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:20:25.0078 0316 Ftdisk - ok
12:20:25.0171 0316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:20:25.0171 0316 GEARAspiWDM - ok
12:20:25.0265 0316 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:20:25.0265 0316 Gpc - ok
12:20:25.0453 0316 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:20:25.0468 0316 gupdate - ok
12:20:25.0515 0316 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:20:25.0515 0316 gupdatem - ok
12:20:25.0640 0316 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:20:25.0640 0316 helpsvc - ok
12:20:25.0734 0316 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
12:20:25.0734 0316 HidServ - ok
12:20:25.0812 0316 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:20:25.0812 0316 HidUsb - ok
12:20:25.0843 0316 hpn - ok
12:20:25.0937 0316 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:20:25.0953 0316 HTTP - ok
12:20:26.0046 0316 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
12:20:26.0125 0316 HTTPFilter - ok
12:20:26.0156 0316 i2omgmt - ok
12:20:26.0171 0316 i2omp - ok
12:20:26.0218 0316 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:20:26.0234 0316 i8042prt - ok
12:20:26.0375 0316 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:20:26.0421 0316 ialm - ok
12:20:26.0593 0316 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:20:26.0625 0316 idsvc - ok
12:20:26.0984 0316 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120704.001\IDSxpx86.sys
12:20:27.0031 0316 IDSxpx86 - ok
12:20:27.0156 0316 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:20:27.0171 0316 Imapi - ok
12:20:27.0265 0316 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
12:20:27.0265 0316 ImapiService - ok
12:20:27.0343 0316 ini910u - ok
12:20:27.0421 0316 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:20:27.0421 0316 IntelIde - ok
12:20:27.0500 0316 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:20:27.0500 0316 intelppm - ok
12:20:27.0546 0316 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
12:20:27.0562 0316 Ip6Fw - ok
12:20:27.0625 0316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:20:27.0640 0316 IpFilterDriver - ok
12:20:27.0687 0316 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:20:27.0687 0316 IpInIp - ok
12:20:27.0765 0316 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:20:27.0781 0316 IpNat - ok
12:20:27.0828 0316 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:20:27.0828 0316 IPSec - ok
12:20:27.0890 0316 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:20:27.0890 0316 IRENUM - ok
12:20:27.0953 0316 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:20:27.0953 0316 isapnp - ok
12:20:28.0093 0316 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
12:20:28.0109 0316 JavaQuickStarterService - ok
12:20:28.0187 0316 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:20:28.0187 0316 Kbdclass - ok
12:20:28.0265 0316 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:20:28.0281 0316 kmixer - ok
12:20:28.0343 0316 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:20:28.0343 0316 KSecDD - ok
12:20:28.0390 0316 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
12:20:28.0406 0316 lanmanserver - ok
12:20:28.0468 0316 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
12:20:28.0500 0316 lanmanworkstation - ok
12:20:28.0562 0316 lbrtfdc - ok
12:20:28.0687 0316 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
12:20:28.0687 0316 LmHosts - ok
12:20:28.0796 0316 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
12:20:28.0812 0316 MBAMProtector - ok
12:20:28.0953 0316 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:20:29.0015 0316 MBAMService - ok
12:20:29.0203 0316 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
12:20:29.0203 0316 Messenger - ok
12:20:29.0265 0316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:20:29.0265 0316 mnmdd - ok
12:20:29.0343 0316 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
12:20:29.0359 0316 mnmsrvc - ok
12:20:29.0406 0316 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:20:29.0421 0316 Modem - ok
12:20:29.0484 0316 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:20:29.0484 0316 MODEMCSA - ok
12:20:29.0562 0316 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:20:29.0562 0316 Mouclass - ok
12:20:29.0656 0316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:20:29.0656 0316 mouhid - ok
12:20:29.0718 0316 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:20:29.0718 0316 MountMgr - ok
12:20:29.0812 0316 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:20:29.0828 0316 MozillaMaintenance - ok
12:20:29.0843 0316 mraid35x - ok
12:20:29.0937 0316 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:20:29.0937 0316 MRxDAV - ok
12:20:30.0015 0316 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:20:30.0031 0316 MRxSmb - ok
12:20:30.0125 0316 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
12:20:30.0140 0316 MSDTC - ok
12:20:30.0218 0316 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:20:30.0218 0316 Msfs - ok
12:20:30.0250 0316 MSIServer - ok
12:20:30.0312 0316 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:20:30.0312 0316 MSKSSRV - ok
12:20:30.0359 0316 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:20:30.0375 0316 MSPCLOCK - ok
12:20:30.0406 0316 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:20:30.0406 0316 MSPQM - ok
12:20:30.0453 0316 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:20:30.0468 0316 mssmbios - ok
12:20:30.0515 0316 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:20:30.0531 0316 Mup - ok
12:20:30.0656 0316 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
12:20:30.0734 0316 N360 - ok
12:20:30.0968 0316 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120704.017\NAVENG.SYS
12:20:30.0984 0316 NAVENG - ok
12:20:31.0203 0316 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120704.017\NAVEX15.SYS
12:20:31.0265 0316 NAVEX15 - ok
12:20:31.0546 0316 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:20:31.0562 0316 NDIS - ok
12:20:31.0625 0316 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:20:31.0625 0316 NdisTapi - ok
12:20:31.0656 0316 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:20:31.0656 0316 Ndisuio - ok
12:20:31.0718 0316 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:20:31.0734 0316 NdisWan - ok
12:20:31.0781 0316 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:20:31.0796 0316 NDProxy - ok
12:20:31.0843 0316 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:20:31.0859 0316 NetBIOS - ok
12:20:31.0906 0316 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:20:31.0953 0316 NetBT - ok
12:20:32.0031 0316 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:20:32.0046 0316 NetDDE - ok
12:20:32.0093 0316 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:20:32.0093 0316 NetDDEdsdm - ok
12:20:32.0140 0316 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:20:32.0140 0316 Netlogon - ok
12:20:32.0203 0316 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
12:20:32.0218 0316 Netman - ok
12:20:32.0593 0316 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:20:32.0640 0316 NetTcpPortSharing - ok
12:20:32.0718 0316 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
12:20:32.0718 0316 Nla - ok
12:20:32.0828 0316 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:20:32.0828 0316 Npfs - ok
12:20:32.0921 0316 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:20:32.0984 0316 Ntfs - ok
12:20:33.0015 0316 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:20:33.0015 0316 NtLmSsp - ok
12:20:33.0296 0316 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
12:20:33.0406 0316 NtmsSvc - ok
12:20:33.0453 0316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:20:33.0468 0316 Null - ok
12:20:33.0687 0316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:20:33.0687 0316 NwlnkFlt - ok
12:20:33.0812 0316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:20:33.0812 0316 NwlnkFwd - ok
12:20:34.0046 0316 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
12:20:34.0046 0316 Parport - ok
12:20:34.0109 0316 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:20:34.0140 0316 PartMgr - ok
12:20:34.0265 0316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:20:34.0265 0316 ParVdm - ok
12:20:34.0500 0316 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:20:34.0562 0316 PCI - ok
12:20:34.0609 0316 PCIDump - ok
12:20:34.0671 0316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:20:34.0687 0316 PCIIde - ok
12:20:34.0968 0316 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:20:35.0015 0316 Pcmcia - ok
12:20:35.0062 0316 PDCOMP - ok
12:20:35.0109 0316 PDFRAME - ok
12:20:35.0140 0316 PDRELI - ok
12:20:35.0187 0316 PDRFRAME - ok
12:20:35.0234 0316 perc2 - ok
12:20:35.0281 0316 perc2hib - ok
12:20:35.0453 0316 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
12:20:35.0453 0316 pfc - ok
12:20:35.0578 0316 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
12:20:35.0578 0316 PlugPlay - ok
12:20:35.0625 0316 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:20:35.0625 0316 PolicyAgent - ok
12:20:35.0796 0316 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:20:35.0796 0316 PptpMiniport - ok
12:20:35.0843 0316 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:20:35.0843 0316 ProtectedStorage - ok
12:20:35.0937 0316 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:20:35.0968 0316 PSched - ok
12:20:36.0062 0316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:20:36.0093 0316 Ptilink - ok
12:20:36.0125 0316 ql1080 - ok
12:20:36.0171 0316 Ql10wnt - ok
12:20:36.0234 0316 ql12160 - ok
12:20:36.0281 0316 ql1240 - ok
12:20:36.0328 0316 ql1280 - ok
12:20:36.0359 0316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:20:36.0359 0316 RasAcd - ok
12:20:36.0421 0316 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
12:20:36.0437 0316 RasAuto - ok
12:20:36.0578 0316 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:20:36.0578 0316 Rasl2tp - ok
12:20:36.0671 0316 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
12:20:36.0703 0316 RasMan - ok
12:20:36.0765 0316 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:20:36.0781 0316 RasPppoe - ok
12:20:36.0859 0316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:20:36.0859 0316 Raspti - ok
12:20:37.0375 0316 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:20:37.0390 0316 Rdbss - ok
12:20:37.0484 0316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:20:37.0484 0316 RDPCDD - ok
12:20:37.0625 0316 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:20:37.0656 0316 rdpdr - ok
12:20:37.0781 0316 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:20:37.0812 0316 RDPWD - ok
12:20:38.0078 0316 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
12:20:38.0109 0316 RDSessMgr - ok
12:20:38.0234 0316 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:20:38.0234 0316 redbook - ok
12:20:38.0375 0316 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
12:20:38.0390 0316 RemoteAccess - ok
12:20:38.0578 0316 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
12:20:38.0578 0316 RemoteRegistry - ok
12:20:38.0781 0316 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
12:20:38.0796 0316 RpcLocator - ok
12:20:39.0125 0316 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
12:20:39.0140 0316 RpcSs - ok
12:20:39.0328 0316 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:20:39.0343 0316 RSVP - ok
12:20:39.0468 0316 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:20:39.0468 0316 SamSs - ok
12:20:39.0765 0316 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:20:39.0796 0316 SASDIFSV - ok
12:20:39.0890 0316 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:20:39.0906 0316 SASKUTIL - ok
12:20:40.0250 0316 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
12:20:40.0250 0316 SCardSvr - ok
12:20:40.0578 0316 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
12:20:40.0625 0316 Schedule - ok
12:20:40.0765 0316 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:20:40.0765 0316 Secdrv - ok
12:20:40.0843 0316 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
12:20:40.0843 0316 seclogon - ok
12:20:41.0328 0316 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
12:20:41.0421 0316 senfilt - ok
12:20:41.0546 0316 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
12:20:41.0562 0316 SENS - ok
12:20:41.0593 0316 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:20:41.0593 0316 serenum - ok
12:20:41.0640 0316 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
12:20:41.0640 0316 Serial - ok
12:20:41.0937 0316 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:20:41.0937 0316 Sfloppy - ok
12:20:42.0218 0316 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
12:20:42.0250 0316 SharedAccess - ok
12:20:42.0406 0316 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:20:42.0406 0316 ShellHWDetection - ok
12:20:42.0453 0316 Simbad - ok
12:20:42.0734 0316 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
12:20:42.0765 0316 smwdm - ok
12:20:42.0812 0316 Sparrow - ok
12:20:42.0921 0316 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:20:42.0921 0316 splitter - ok
12:20:43.0000 0316 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
12:20:43.0046 0316 Spooler - ok
12:20:43.0156 0316 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:20:43.0203 0316 sr - ok
12:20:43.0343 0316 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
12:20:43.0359 0316 srservice - ok
12:20:43.0750 0316 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602010.005\SRTSP.SYS
12:20:43.0812 0316 SRTSP - ok
12:20:43.0890 0316 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS
12:20:43.0890 0316 SRTSPX - ok
12:20:44.0125 0316 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:20:44.0140 0316 Srv - ok
12:20:44.0265 0316 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
12:20:44.0281 0316 SSDPSRV - ok
12:20:44.0531 0316 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
12:20:44.0546 0316 stisvc - ok
12:20:44.0609 0316 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:20:44.0609 0316 swenum - ok
12:20:44.0703 0316 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:20:44.0703 0316 swmidi - ok
12:20:44.0796 0316 SwPrv - ok
12:20:44.0859 0316 symc810 - ok
12:20:44.0906 0316 symc8xx - ok
12:20:45.0140 0316 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS
12:20:45.0187 0316 SymDS - ok
12:20:45.0687 0316 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS
12:20:45.0734 0316 SymEFA - ok
12:20:45.0859 0316 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:20:45.0906 0316 SymEvent - ok
12:20:46.0015 0316 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS
12:20:46.0031 0316 SymIRON - ok
12:20:46.0281 0316 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602010.005\SYMTDI.SYS
12:20:46.0281 0316 SYMTDI - ok
12:20:46.0359 0316 sym_hi - ok
12:20:46.0406 0316 sym_u3 - ok
12:20:46.0500 0316 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:20:46.0500 0316 sysaudio - ok
12:20:46.0671 0316 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
12:20:46.0671 0316 SysmonLog - ok
12:20:46.0921 0316 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
12:20:46.0937 0316 TapiSrv - ok
12:20:47.0218 0316 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:20:47.0265 0316 Tcpip - ok
12:20:47.0359 0316 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:20:47.0375 0316 TDPIPE - ok
12:20:47.0500 0316 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:20:47.0500 0316 TDTCP - ok
12:20:47.0578 0316 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:20:47.0593 0316 TermDD - ok
12:20:47.0859 0316 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
12:20:47.0890 0316 TermService - ok
12:20:48.0031 0316 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:20:48.0031 0316 Themes - ok
12:20:48.0156 0316 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
12:20:48.0156 0316 TlntSvr - ok
12:20:48.0218 0316 TosIde - ok
12:20:48.0421 0316 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
12:20:48.0421 0316 TrkWks - ok
12:20:48.0546 0316 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:20:48.0546 0316 Udfs - ok
12:20:48.0578 0316 ultra - ok
12:20:48.0828 0316 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:20:48.0875 0316 Update - ok
12:20:49.0000 0316 uploadmgr (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:20:49.0000 0316 uploadmgr - ok
12:20:49.0140 0316 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
12:20:49.0156 0316 upnphost - ok
12:20:49.0265 0316 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
12:20:49.0265 0316 UPS - ok
12:20:49.0390 0316 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
12:20:49.0390 0316 usbaudio - ok
12:20:49.0468 0316 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:20:49.0484 0316 usbccgp - ok
12:20:49.0578 0316 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:20:49.0593 0316 usbehci - ok
12:20:49.0671 0316 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:20:49.0671 0316 usbhub - ok
12:20:49.0781 0316 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:20:49.0781 0316 usbuhci - ok
12:20:49.0859 0316 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:20:49.0859 0316 VgaSave - ok
12:20:49.0906 0316 ViaIde - ok
12:20:50.0031 0316 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:20:50.0031 0316 VolSnap - ok
12:20:50.0234 0316 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
12:20:50.0265 0316 VSS - ok
12:20:50.0421 0316 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
12:20:50.0421 0316 W32Time - ok
12:20:50.0562 0316 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:20:50.0562 0316 Wanarp - ok
12:20:50.0609 0316 WDICA - ok
12:20:50.0687 0316 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:20:50.0687 0316 wdmaud - ok
12:20:50.0828 0316 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
12:20:50.0828 0316 WebClient - ok
12:20:51.0125 0316 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:20:51.0156 0316 winmgmt - ok
12:20:51.0343 0316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:20:51.0343 0316 WmdmPmSN - ok
12:20:51.0718 0316 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
12:20:51.0781 0316 Wmi - ok
12:20:51.0921 0316 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:20:51.0921 0316 WmiApSrv - ok
12:20:52.0343 0316 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:20:52.0453 0316 WMPNetworkSvc - ok
12:20:52.0734 0316 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:20:52.0796 0316 WPFFontCache_v0400 - ok
12:20:52.0937 0316 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
12:20:52.0953 0316 wscsvc - ok
12:20:53.0062 0316 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
12:20:53.0078 0316 wuauserv - ok
12:20:53.0187 0316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:20:53.0203 0316 WudfPf - ok
12:20:53.0343 0316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:20:53.0359 0316 WudfRd - ok
12:20:53.0453 0316 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:20:53.0453 0316 WudfSvc - ok
12:20:53.0546 0316 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
12:20:53.0562 0316 WZCSVC - ok
12:20:53.0625 0316 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
12:20:53.0640 0316 xmlprov - ok
12:20:53.0718 0316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:20:53.0796 0316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:20:53.0796 0316 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:20:53.0875 0316 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:20:53.0875 0316 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:20:53.0906 0316 Boot (0x1200) (92a841784b25a9423cb1a7aaef1f53fd) \Device\Harddisk0\DR0\Partition0
12:20:53.0921 0316 \Device\Harddisk0\DR0\Partition0 - ok
12:20:53.0921 0316 ============================================================
12:20:53.0921 0316 Scan finished
12:20:53.0921 0316 ============================================================
12:20:53.0984 0304 Detected object count: 2
12:20:53.0984 0304 Actual detected object count: 2
12:21:48.0312 0304 \Device\Harddisk0\DR0\# - copied to quarantine
12:21:48.0312 0304 \Device\Harddisk0\DR0 - copied to quarantine
12:21:48.0375 0304 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:21:48.0421 0304 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:21:48.0421 0304 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:21:48.0437 0304 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:21:48.0453 0304 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:21:48.0453 0304 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:21:48.0484 0304 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:21:48.0484 0304 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:21:48.0500 0304 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:21:48.0500 0304 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:21:48.0500 0304 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:21:48.0500 0304 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:21:48.0546 0304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:21:48.0546 0304 \Device\Harddisk0\DR0 - ok
12:21:49.0562 0304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:21:49.0578 0304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:21:49.0578 0304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


ASWMBR SCAN LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 12:29:54
-----------------------------
12:29:54.187 OS Version: Windows 5.1.2600 Service Pack 2
12:29:54.187 Number of processors: 1 586 0x207
12:29:54.187 ComputerName: PERFERRE-3F2BC8 UserName:
12:29:55.734 Initialize success
12:31:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:31:02.109 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 152587MB BusType: 3
12:31:02.125 Device \Driver\atapi -> DriverStartIo 866782e2
12:31:02.140 Disk 0 MBR read successfully
12:31:02.171 Disk 0 MBR scan
12:31:02.187 Disk 0 Windows XP default MBR code
12:31:02.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152578 MB offset 63
12:31:02.250 Disk 0 scanning sectors +312480315
12:31:02.359 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:07.031 Service scanning
12:31:17.953 Modules scanning
12:31:23.468 Disk 0 trace - called modules:
12:31:23.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x861c7628]<<
12:31:23.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86735ab8]
12:31:23.484 3 CLASSPNP.SYS[f78a405b] -> nt!IofCallDriver -> \Device\00000060[0x867913b8]
12:31:23.484 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> [0x86790940]
12:31:23.484 \Driver\atapi[0x86698250] -> IRP_MJ_CREATE -> 0x866784b1
12:31:23.484 Scan finished successfully
12:32:11.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\perferred customer.PERFERRE-3F2BC8\My Documents\MBR.dat"
12:32:11.609 The log file has been saved successfully to "C:\Documents and Settings\perferred customer.PERFERRE-3F2BC8\My Documents\aswMBRLOG4BLEEP.txt"

ESET LIST

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IE77V2DO\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VB2H7OCC\impCAFI9E93 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\perferred customer\Local Settings\Temp\444EE687-BAB0-7891-968A-AFC1E281A469\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\perferred customer\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\perferred customer\Local Settings\Temp\is357113909\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.KQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.07.2012_12.19.25\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\unzipped\Gracia\Gracia\header.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 05 July 2012 - 01:50 PM

12:21:49.0578 0304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run TDSSkiller and make sure to delete it


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Hunny B4

Hunny B4
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 05 July 2012 - 06:27 PM

Ok. The Malwarebyte full scan says 0 infections. :clapping:

HERE IS THE RESULT OF THE MINI TOOLBOX:

MiniToolBox by Farbar Version: 25-06-2012
Ran by perferred customer (administrator) on 05-07-2012 at 19:24:39
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : perferre-3f2bc8

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-08-74-B8-79-0C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.14

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Thursday, July 05, 2012 4:24:41 PM

Lease Expires . . . . . . . . . . : Friday, July 06, 2012 4:24:41 PM

Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.228.103, 74.125.228.105, 74.125.228.96, 74.125.228.102
74.125.228.104, 74.125.228.101, 74.125.228.97, 74.125.228.98, 74.125.228.100
74.125.228.99, 74.125.228.110



Pinging google.com [74.125.228.99] with 32 bytes of data:



Reply from 74.125.228.99: bytes=32 time=48ms TTL=51

Reply from 74.125.228.99: bytes=32 time=39ms TTL=51



Ping statistics for 74.125.228.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 48ms, Average = 43ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=155ms TTL=44

Reply from 98.139.183.24: bytes=32 time=88ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 155ms, Average = 121ms

Server: UnKnown
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 74 b8 79 0c ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.14 20
10.0.0.0 255.255.255.0 10.0.0.14 10.0.0.14 20
10.0.0.14 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.14 10.0.0.14 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.14 10.0.0.14 20
255.255.255.255 255.255.255.255 10.0.0.14 10.0.0.14 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2012 01:44:04 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 20.0.1132.47, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2012 01:43:49 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 20.0.1132.47, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2012 00:51:57 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 20.0.1132.47, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2012 03:08:05 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 13.0.1.4548, faulting module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.
Processing media-specific event for [firefox.exe!ws!]

Error: (07/04/2012 03:07:23 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 13.0.1.4548, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [firefox.exe!ws!]

Error: (07/04/2012 02:20:27 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 13.0.1.4548, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2012 02:20:22 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 13.0.1.4548, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/03/2012 04:45:27 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (07/03/2012 04:44:26 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (07/03/2012 03:58:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


System errors:
=============
Error: (07/05/2012 04:25:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (07/05/2012 04:25:01 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (07/05/2012 04:23:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/05/2012 03:08:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_N360
eeCtrl
Fips
intelppm
SASDIFSV
SASKUTIL
SRTSP
SRTSPX
SymIRON
SYMTDI

Error: (07/05/2012 03:07:34 PM) (Source: DCOM) (User: PERFERRE-3F2BC8)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/05/2012 03:07:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/05/2012 02:47:37 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (07/05/2012 02:45:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/05/2012 00:19:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_N360
eeCtrl
Fips
intelppm
SASDIFSV
SASKUTIL
SRTSP
SRTSPX
SymIRON
SYMTDI

Error: (07/05/2012 00:17:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/05/2012 01:44:04 AM) (Source: Application Hang)(User: )
Description: chrome.exe20.0.1132.47hungapp0.0.0.000000000

Error: (07/05/2012 01:43:49 AM) (Source: Application Hang)(User: )
Description: chrome.exe20.0.1132.47hungapp0.0.0.000000000

Error: (07/05/2012 00:51:57 AM) (Source: Application Hang)(User: )
Description: chrome.exe20.0.1132.47hungapp0.0.0.000000000

Error: (07/04/2012 03:08:05 AM) (Source: Application Error)(User: )
Description: firefox.exe13.0.1.4548msvcr100.dll10.0.30319.10008ae6e

Error: (07/04/2012 03:07:23 AM) (Source: Application Error)(User: )
Description: firefox.exe13.0.1.45480.0.0.000000000

Error: (07/04/2012 02:20:27 AM) (Source: Application Hang)(User: )
Description: firefox.exe13.0.1.4548hungapp0.0.0.000000000

Error: (07/04/2012 02:20:22 AM) (Source: Application Hang)(User: )
Description: firefox.exe13.0.1.4548hungapp0.0.0.000000000

Error: (07/03/2012 04:45:27 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (07/03/2012 04:44:26 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (07/03/2012 03:58:31 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206


=========================== Installed Programs ============================

Abexo Free Registry Cleaner
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
BCM V.92 56K Modem
EarthLink Access Software (Version: 8.4.0.0)
EarthLink Common Authentication (Version: 1.0.87.0)
EarthLink Simple Switch (Version: 2.0.0.0)
ESET Online Scanner v3
Free PDF Tablet 0.1 (Version: 0.1)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 20.0.1132.47)
Google Update Helper (Version: 1.3.21.111)
Intel® Extreme Graphics Driver
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton 360 (Version: 6.2.1.5)
Norton Bootable Recovery Tool Wizard (Version: 4.5.0.34)
OOo-dev 3.4 (Version: 3.4.9583)
Opera 11.64 (Version: 11.64.1403)
Photo Explosion (Version: 4.0.0.12)
Photo Explosion Deluxe 3.0 (Version: 3.0.1.5)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RebateRobot for Online Shopping version 1.0.2 (Version: 1.0.2)
SUPERAntiSpyware (Version: 5.0.1134)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB925720) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.5 (Version: 1.1.5)
WavePad Sound Editor
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 1022.48 MB
Available physical RAM: 459.43 MB
Total Pagefile: 2460.04 MB
Available Pagefile: 1863.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.13 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149 GB) (Free:125.64 GB) NTFS

========================= Users: ========================================

User accounts for \\PERFERRE-3F2BC8

Administrator ASPNET Guest
HelpAssistant perferred customer SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 05 July 2012 - 07:12 PM

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users