Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple trojans


  • Please log in to reply
33 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 July 2012 - 05:23 PM

Greetings. I am working on a computer that is infected (or has been) with multiple trojans. I ran Malwarebytes Anti-Malware and it found 8 items. I removed them and am restarting the computer now to remove the rest. I can post that log file if needed.

When I go to www.google.com and search for something, the results come up, but clicking on the results to go to the website always take me to another website. The person who owns this computer is using Internet Explorer (blahh) as a browser.

Also, many start menu items are coming up "empty". I can see where the program should be. The folder in the start menu is just "empty". The programs are still in the C:.

I am sure there are many other problems as well which will be resolved with your expertise.

Thanks for the help in advance.

~~Justin

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 13 July 2012 - 05:34 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 July 2012 - 11:26 PM

Here are the requested results...

18:50:07.0187 2064 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
18:50:08.0937 2064 ============================================================
18:50:08.0937 2064 Current date / time: 2012/07/13 18:50:08.0937
18:50:08.0937 2064 SystemInfo:
18:50:08.0937 2064
18:50:08.0937 2064 OS Version: 5.1.2600 ServicePack: 3.0
18:50:08.0937 2064 Product type: Workstation
18:50:08.0937 2064 ComputerName: DAN
18:50:08.0937 2064 UserName: Daniel
18:50:08.0937 2064 Windows directory: C:\WINDOWS
18:50:08.0937 2064 System windows directory: C:\WINDOWS
18:50:08.0937 2064 Processor architecture: Intel x86
18:50:08.0937 2064 Number of processors: 2
18:50:08.0937 2064 Page size: 0x1000
18:50:08.0937 2064 Boot type: Normal boot
18:50:08.0937 2064 ============================================================
18:50:15.0562 2064 Drive \Device\Harddisk0\DR0 - Size: 0x12A1D00000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:50:15.0562 2064 Drive \Device\Harddisk1\DR5 - Size: 0xEF800000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:50:15.0562 2064 ============================================================
18:50:15.0562 2064 \Device\Harddisk0\DR0:
18:50:15.0593 2064 MBR partitions:
18:50:15.0593 2064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x893E53F
18:50:15.0593 2064 \Device\Harddisk1\DR5:
18:50:15.0593 2064 MBR partitions:
18:50:15.0593 2064 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x8, BlocksNum 0x77BFF8
18:50:15.0593 2064 ============================================================
18:50:15.0640 2064 C: <-> \Device\Harddisk0\DR0\Partition0
18:50:15.0640 2064 ============================================================
18:50:15.0640 2064 Initialize success
18:50:15.0640 2064 ============================================================
18:50:28.0531 1572 ============================================================
18:50:28.0531 1572 Scan started
18:50:28.0531 1572 Mode: Manual; TDLFS;
18:50:28.0531 1572 ============================================================
18:50:28.0921 1572 Abiosdsk - ok
18:50:28.0937 1572 abp480n5 - ok
18:50:28.0984 1572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:50:28.0984 1572 ACPI - ok
18:50:29.0015 1572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:50:29.0015 1572 ACPIEC - ok
18:50:29.0093 1572 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:50:29.0109 1572 Adobe LM Service - ok
18:50:29.0187 1572 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:50:29.0203 1572 AdobeFlashPlayerUpdateSvc - ok
18:50:29.0203 1572 adpu160m - ok
18:50:29.0234 1572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:50:29.0234 1572 aec - ok
18:50:29.0250 1572 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:50:29.0250 1572 AegisP - ok
18:50:29.0296 1572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:50:29.0296 1572 AFD - ok
18:50:29.0406 1572 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:50:29.0421 1572 AgereSoftModem - ok
18:50:29.0421 1572 Aha154x - ok
18:50:29.0437 1572 aic78u2 - ok
18:50:29.0437 1572 aic78xx - ok
18:50:29.0484 1572 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:50:29.0484 1572 Alerter - ok
18:50:29.0515 1572 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:50:29.0515 1572 ALG - ok
18:50:29.0515 1572 AliIde - ok
18:50:29.0531 1572 amsint - ok
18:50:29.0578 1572 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:50:29.0578 1572 ApfiltrService - ok
18:50:29.0703 1572 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:50:29.0718 1572 Apple Mobile Device - ok
18:50:29.0765 1572 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:50:29.0765 1572 AppMgmt - ok
18:50:29.0828 1572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:50:29.0828 1572 Arp1394 - ok
18:50:29.0828 1572 asc - ok
18:50:29.0843 1572 asc3350p - ok
18:50:29.0843 1572 asc3550 - ok
18:50:29.0875 1572 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
18:50:29.0875 1572 ASCTRM - ok
18:50:30.0000 1572 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:50:30.0000 1572 aspnet_state - ok
18:50:30.0015 1572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:50:30.0015 1572 AsyncMac - ok
18:50:30.0031 1572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:50:30.0046 1572 atapi - ok
18:50:30.0046 1572 Atdisk - ok
18:50:30.0078 1572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:50:30.0078 1572 Atmarpc - ok
18:50:30.0109 1572 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:50:30.0125 1572 AudioSrv - ok
18:50:30.0156 1572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:50:30.0156 1572 audstub - ok
18:50:30.0250 1572 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:50:30.0265 1572 BBSvc - ok
18:50:30.0328 1572 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:50:30.0328 1572 BBUpdate - ok
18:50:30.0390 1572 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:50:30.0390 1572 BcmSqlStartupSvc - ok
18:50:30.0421 1572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:50:30.0421 1572 Beep - ok
18:50:30.0515 1572 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:50:30.0531 1572 BITS - ok
18:50:30.0656 1572 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:50:30.0656 1572 Bonjour Service - ok
18:50:30.0703 1572 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:50:30.0703 1572 Browser - ok
18:50:30.0734 1572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:50:30.0734 1572 cbidf2k - ok
18:50:30.0828 1572 ccEvtMgr (83053d67f40cd00d5fb3baa2c4d6f9ec) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:50:30.0843 1572 ccEvtMgr - ok
18:50:30.0859 1572 ccPwdSvc (ac60ad2fca93f0d0180c9610403782ef) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
18:50:30.0875 1572 ccPwdSvc - ok
18:50:30.0906 1572 ccSetMgr (2013a368106f5eb9aa6f492369f8063c) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:50:30.0906 1572 ccSetMgr - ok
18:50:30.0906 1572 cd20xrnt - ok
18:50:30.0953 1572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:50:30.0953 1572 Cdaudio - ok
18:50:31.0000 1572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:50:31.0000 1572 Cdfs - ok
18:50:31.0015 1572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:50:31.0015 1572 Cdrom - ok
18:50:31.0093 1572 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:50:31.0109 1572 CFSvcs - ok
18:50:31.0109 1572 Changer - ok
18:50:31.0156 1572 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:50:31.0156 1572 CiSvc - ok
18:50:31.0171 1572 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:50:31.0171 1572 ClipSrv - ok
18:50:31.0296 1572 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:31.0296 1572 clr_optimization_v2.0.50727_32 - ok
18:50:31.0312 1572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:50:31.0312 1572 CmBatt - ok
18:50:31.0312 1572 CmdIde - ok
18:50:31.0375 1572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:50:31.0375 1572 Compbatt - ok
18:50:31.0375 1572 COMSysApp - ok
18:50:31.0390 1572 Cpqarray - ok
18:50:31.0406 1572 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:50:31.0406 1572 CryptSvc - ok
18:50:31.0421 1572 dac2w2k - ok
18:50:31.0421 1572 dac960nt - ok
18:50:31.0484 1572 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:50:31.0500 1572 DcomLaunch - ok
18:50:31.0578 1572 DefWatch (955924c3532efb803b0661b6aa516126) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:50:31.0578 1572 DefWatch - ok
18:50:31.0593 1572 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:50:31.0609 1572 Dhcp - ok
18:50:31.0609 1572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:50:31.0609 1572 Disk - ok
18:50:31.0656 1572 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:50:31.0656 1572 DLABOIOM - ok
18:50:31.0687 1572 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:50:31.0687 1572 DLACDBHM - ok
18:50:31.0718 1572 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
18:50:31.0718 1572 DLADResN - ok
18:50:31.0734 1572 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:50:31.0734 1572 DLAIFS_M - ok
18:50:31.0750 1572 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:50:31.0750 1572 DLAOPIOM - ok
18:50:31.0765 1572 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:50:31.0765 1572 DLAPoolM - ok
18:50:31.0781 1572 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:50:31.0781 1572 DLARTL_N - ok
18:50:31.0796 1572 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:50:31.0796 1572 DLAUDFAM - ok
18:50:31.0843 1572 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:50:31.0843 1572 DLAUDF_M - ok
18:50:31.0843 1572 dmadmin - ok
18:50:31.0937 1572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:50:31.0953 1572 dmboot - ok
18:50:31.0968 1572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:50:31.0968 1572 dmio - ok
18:50:31.0984 1572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:50:31.0984 1572 dmload - ok
18:50:32.0031 1572 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:50:32.0031 1572 dmserver - ok
18:50:32.0046 1572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:50:32.0046 1572 DMusic - ok
18:50:32.0093 1572 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:50:32.0093 1572 Dnscache - ok
18:50:32.0156 1572 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:50:32.0156 1572 Dot3svc - ok
18:50:32.0171 1572 dpti2o - ok
18:50:32.0203 1572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:50:32.0203 1572 drmkaud - ok
18:50:32.0234 1572 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:50:32.0234 1572 DRVMCDB - ok
18:50:32.0234 1572 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:50:32.0234 1572 DRVNDDM - ok
18:50:32.0265 1572 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
18:50:32.0265 1572 DVD-RAM_Service - ok
18:50:32.0312 1572 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:50:32.0328 1572 e1express - ok
18:50:32.0375 1572 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:50:32.0375 1572 EapHost - ok
18:50:32.0500 1572 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:50:32.0515 1572 eeCtrl - ok
18:50:32.0515 1572 EraserUtilDrv11120 - ok
18:50:32.0562 1572 EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
18:50:32.0562 1572 EraserUtilDrv11210 - ok
18:50:32.0593 1572 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:50:32.0593 1572 ERSvc - ok
18:50:32.0671 1572 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:50:32.0671 1572 Eventlog - ok
18:50:32.0718 1572 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:50:32.0734 1572 EventSystem - ok
18:50:32.0812 1572 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:50:32.0828 1572 EvtEng - ok
18:50:32.0921 1572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:50:32.0921 1572 Fastfat - ok
18:50:32.0968 1572 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:50:32.0984 1572 FastUserSwitchingCompatibility - ok
18:50:33.0031 1572 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:50:33.0046 1572 Fax - ok
18:50:33.0062 1572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:50:33.0062 1572 Fdc - ok
18:50:33.0125 1572 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
18:50:33.0125 1572 FdRedir - ok
18:50:33.0140 1572 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
18:50:33.0140 1572 FileDisk2 - ok
18:50:33.0187 1572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:50:33.0187 1572 Fips - ok
18:50:33.0203 1572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:50:33.0203 1572 Flpydisk - ok
18:50:33.0250 1572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:50:33.0281 1572 FltMgr - ok
18:50:33.0406 1572 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:50:33.0406 1572 FontCache3.0.0.0 - ok
18:50:33.0437 1572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:50:33.0453 1572 Fs_Rec - ok
18:50:33.0453 1572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:50:33.0468 1572 Ftdisk - ok
18:50:33.0500 1572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:50:33.0500 1572 GEARAspiWDM - ok
18:50:33.0531 1572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:50:33.0531 1572 Gpc - ok
18:50:33.0593 1572 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:50:33.0609 1572 gusvc - ok
18:50:33.0656 1572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:50:33.0671 1572 HDAudBus - ok
18:50:33.0765 1572 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:50:33.0765 1572 helpsvc - ok
18:50:33.0765 1572 HidServ - ok
18:50:33.0812 1572 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:50:33.0812 1572 hkmsvc - ok
18:50:33.0828 1572 hpn - ok
18:50:33.0890 1572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:50:33.0890 1572 HTTP - ok
18:50:33.0906 1572 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:50:33.0921 1572 HTTPFilter - ok
18:50:33.0921 1572 i2omgmt - ok
18:50:33.0921 1572 i2omp - ok
18:50:33.0968 1572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:50:33.0968 1572 i8042prt - ok
18:50:34.0093 1572 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:50:34.0125 1572 ialm - ok
18:50:34.0234 1572 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:50:34.0234 1572 IDriverT - ok
18:50:34.0468 1572 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:50:34.0484 1572 idsvc - ok
18:50:34.0640 1572 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
18:50:34.0640 1572 IFXTPM - ok
18:50:34.0656 1572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:50:34.0656 1572 Imapi - ok
18:50:34.0703 1572 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:50:34.0703 1572 ImapiService - ok
18:50:34.0718 1572 ini910u - ok
18:50:34.0734 1572 IntelIde - ok
18:50:34.0750 1572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:50:34.0750 1572 intelppm - ok
18:50:34.0765 1572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:50:34.0765 1572 Ip6Fw - ok
18:50:34.0796 1572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:50:34.0796 1572 IpFilterDriver - ok
18:50:34.0812 1572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:50:34.0812 1572 IpInIp - ok
18:50:34.0843 1572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:50:34.0843 1572 IpNat - ok
18:50:34.0984 1572 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
18:50:35.0000 1572 iPod Service - ok
18:50:35.0046 1572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:50:35.0046 1572 IPSec - ok
18:50:35.0062 1572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:50:35.0062 1572 IRENUM - ok
18:50:35.0093 1572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:50:35.0093 1572 isapnp - ok
18:50:35.0218 1572 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) C:\Program Files\Java\jre6\bin\jqs.exe
18:50:35.0218 1572 JavaQuickStarterService - ok
18:50:35.0234 1572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:50:35.0234 1572 Kbdclass - ok
18:50:35.0265 1572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:50:35.0265 1572 kbdhid - ok
18:50:35.0281 1572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:50:35.0281 1572 kmixer - ok
18:50:35.0343 1572 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\WINDOWS\system32\drivers\KR10I.sys
18:50:35.0343 1572 KR10I - ok
18:50:35.0359 1572 KR10I2K (d93f9961233d6be1f4803a916852f45e) C:\WINDOWS\system32\drivers\KR10I2K.sys
18:50:35.0359 1572 KR10I2K - ok
18:50:35.0468 1572 kraidsvc (eae20e5dea431b0f01102168b8899553) c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
18:50:35.0484 1572 kraidsvc - ok
18:50:35.0500 1572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:50:35.0500 1572 KSecDD - ok
18:50:35.0546 1572 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:50:35.0546 1572 lanmanserver - ok
18:50:35.0593 1572 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:50:35.0609 1572 lanmanworkstation - ok
18:50:35.0609 1572 lbrtfdc - ok
18:50:35.0781 1572 LkWebLink (2feb923b00505dc165ae46f80a287711) C:\Documents and Settings\Daniel\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe
18:50:35.0796 1572 LkWebLink - ok
18:50:35.0828 1572 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:50:35.0828 1572 LmHosts - ok
18:50:35.0859 1572 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:50:35.0859 1572 MBAMProtector - ok
18:50:35.0984 1572 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:50:35.0984 1572 MBAMService - ok
18:50:36.0140 1572 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:50:36.0140 1572 MDM - ok
18:50:36.0203 1572 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
18:50:36.0203 1572 meiudf - ok
18:50:36.0250 1572 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:50:36.0250 1572 Messenger - ok
18:50:36.0359 1572 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:50:36.0375 1572 Microsoft Office Groove Audit Service - ok
18:50:36.0390 1572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:50:36.0390 1572 mnmdd - ok
18:50:36.0437 1572 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:50:36.0437 1572 mnmsrvc - ok
18:50:36.0453 1572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:50:36.0453 1572 Modem - ok
18:50:36.0468 1572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:50:36.0468 1572 Mouclass - ok
18:50:36.0515 1572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:50:36.0515 1572 mouhid - ok
18:50:36.0531 1572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:50:36.0531 1572 MountMgr - ok
18:50:36.0531 1572 mraid35x - ok
18:50:36.0562 1572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:50:36.0578 1572 MRxDAV - ok
18:50:36.0656 1572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:50:36.0671 1572 MRxSmb - ok
18:50:36.0703 1572 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:50:36.0703 1572 MSDTC - ok
18:50:36.0718 1572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:50:36.0718 1572 Msfs - ok
18:50:36.0718 1572 MSIServer - ok
18:50:36.0750 1572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:50:36.0750 1572 MSKSSRV - ok
18:50:36.0765 1572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:50:36.0765 1572 MSPCLOCK - ok
18:50:36.0796 1572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:50:36.0796 1572 MSPQM - ok
18:50:36.0812 1572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:50:36.0812 1572 mssmbios - ok
18:50:36.0875 1572 MSSQL$MSSMLBIZ - ok
18:50:36.0937 1572 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:50:36.0937 1572 MSSQLServerADHelper - ok
18:50:36.0984 1572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:50:36.0984 1572 Mup - ok
18:50:37.0062 1572 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:50:37.0062 1572 napagent - ok
18:50:37.0218 1572 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120629.002\naveng.sys
18:50:37.0218 1572 NAVENG - ok
18:50:37.0343 1572 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120629.002\navex15.sys
18:50:37.0359 1572 NAVEX15 - ok
18:50:37.0578 1572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:50:37.0578 1572 NDIS - ok
18:50:37.0640 1572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:50:37.0640 1572 NdisTapi - ok
18:50:37.0656 1572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:50:37.0656 1572 Ndisuio - ok
18:50:37.0671 1572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:50:37.0671 1572 NdisWan - ok
18:50:37.0718 1572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:50:37.0718 1572 NDProxy - ok
18:50:37.0734 1572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:50:37.0734 1572 NetBIOS - ok
18:50:37.0765 1572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:50:37.0765 1572 NetBT - ok
18:50:37.0812 1572 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:50:37.0812 1572 NetDDE - ok
18:50:37.0828 1572 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:50:37.0828 1572 NetDDEdsdm - ok
18:50:37.0843 1572 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
18:50:37.0843 1572 Netdevio - ok
18:50:37.0875 1572 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:50:37.0875 1572 Netlogon - ok
18:50:37.0906 1572 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:50:37.0906 1572 Netman - ok
18:50:38.0031 1572 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:50:38.0031 1572 NetTcpPortSharing - ok
18:50:38.0156 1572 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:50:38.0203 1572 NETw3x32 - ok
18:50:38.0406 1572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:50:38.0406 1572 NIC1394 - ok
18:50:38.0468 1572 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:50:38.0468 1572 Nla - ok
18:50:38.0484 1572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:50:38.0484 1572 Npfs - ok
18:50:38.0546 1572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:50:38.0562 1572 Ntfs - ok
18:50:38.0609 1572 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:50:38.0609 1572 NtLmSsp - ok
18:50:38.0671 1572 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:50:38.0687 1572 NtmsSvc - ok
18:50:38.0734 1572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:50:38.0734 1572 Null - ok
18:50:38.0765 1572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:50:38.0765 1572 NwlnkFlt - ok
18:50:38.0781 1572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:50:38.0781 1572 NwlnkFwd - ok
18:50:38.0953 1572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:50:38.0968 1572 odserv - ok
18:50:39.0000 1572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:50:39.0000 1572 ohci1394 - ok
18:50:39.0062 1572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:50:39.0062 1572 ose - ok
18:50:39.0078 1572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:50:39.0093 1572 Parport - ok
18:50:39.0093 1572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:50:39.0093 1572 PartMgr - ok
18:50:39.0140 1572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:50:39.0140 1572 ParVdm - ok
18:50:39.0140 1572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:50:39.0140 1572 PCI - ok
18:50:39.0156 1572 PCIDump - ok
18:50:39.0156 1572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:50:39.0156 1572 PCIIde - ok
18:50:39.0203 1572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:50:39.0203 1572 Pcmcia - ok
18:50:39.0203 1572 PDCOMP - ok
18:50:39.0218 1572 PDFRAME - ok
18:50:39.0218 1572 PDRELI - ok
18:50:39.0218 1572 PDRFRAME - ok
18:50:39.0234 1572 perc2 - ok
18:50:39.0234 1572 perc2hib - ok
18:50:39.0312 1572 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
18:50:39.0312 1572 pinger - ok
18:50:39.0390 1572 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:50:39.0390 1572 PlugPlay - ok
18:50:39.0484 1572 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:50:39.0484 1572 PolicyAgent - ok
18:50:39.0625 1572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:50:39.0625 1572 PptpMiniport - ok
18:50:39.0640 1572 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:50:39.0640 1572 ProtectedStorage - ok
18:50:39.0671 1572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:50:39.0687 1572 PSched - ok
18:50:39.0734 1572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:50:39.0734 1572 Ptilink - ok
18:50:39.0750 1572 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:50:39.0750 1572 PxHelp20 - ok
18:50:39.0765 1572 ql1080 - ok
18:50:39.0765 1572 Ql10wnt - ok
18:50:39.0765 1572 ql12160 - ok
18:50:39.0781 1572 ql1240 - ok
18:50:39.0781 1572 ql1280 - ok
18:50:39.0796 1572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:50:39.0796 1572 RasAcd - ok
18:50:39.0812 1572 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:50:39.0812 1572 RasAuto - ok
18:50:39.0828 1572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:50:39.0828 1572 Rasl2tp - ok
18:50:39.0875 1572 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:50:39.0875 1572 RasMan - ok
18:50:39.0890 1572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:50:39.0906 1572 RasPppoe - ok
18:50:39.0921 1572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:50:39.0921 1572 Raspti - ok
18:50:39.0937 1572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:50:39.0937 1572 Rdbss - ok
18:50:39.0984 1572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:50:39.0984 1572 RDPCDD - ok
18:50:40.0015 1572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:50:40.0031 1572 rdpdr - ok
18:50:40.0078 1572 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:50:40.0078 1572 RDPWD - ok
18:50:40.0125 1572 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:50:40.0140 1572 RDSessMgr - ok
18:50:40.0156 1572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:50:40.0187 1572 redbook - ok
18:50:40.0296 1572 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:50:40.0312 1572 RegSrvc - ok
18:50:40.0343 1572 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:50:40.0343 1572 RemoteAccess - ok
18:50:40.0390 1572 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:50:40.0390 1572 RemoteRegistry - ok
18:50:40.0406 1572 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:50:40.0406 1572 RpcLocator - ok
18:50:40.0500 1572 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:50:40.0500 1572 RpcSs - ok
18:50:40.0562 1572 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:50:40.0562 1572 RSVP - ok
18:50:40.0656 1572 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
18:50:40.0671 1572 S24EventMonitor - ok
18:50:40.0765 1572 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:50:40.0765 1572 s24trans - ok
18:50:40.0812 1572 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:50:40.0812 1572 SamSs - ok
18:50:40.0890 1572 SavRoam (778f31aa8685426ca2d0d38b423c2512) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:50:40.0906 1572 SavRoam - ok
18:50:40.0968 1572 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
18:50:40.0968 1572 SAVRT - ok
18:50:41.0000 1572 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:50:41.0000 1572 SAVRTPEL - ok
18:50:41.0046 1572 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:50:41.0046 1572 SCardSvr - ok
18:50:41.0109 1572 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:50:41.0125 1572 Schedule - ok
18:50:41.0156 1572 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:50:41.0156 1572 sdbus - ok
18:50:41.0203 1572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:50:41.0203 1572 Secdrv - ok
18:50:41.0203 1572 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:50:41.0218 1572 seclogon - ok
18:50:41.0234 1572 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:50:41.0234 1572 SENS - ok
18:50:41.0281 1572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:50:41.0281 1572 Serial - ok
18:50:41.0343 1572 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:50:41.0343 1572 sffdisk - ok
18:50:41.0359 1572 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:50:41.0375 1572 sffp_sd - ok
18:50:41.0390 1572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:50:41.0390 1572 Sfloppy - ok
18:50:41.0437 1572 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:50:41.0437 1572 ShellHWDetection - ok
18:50:41.0453 1572 Simbad - ok
18:50:41.0500 1572 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys
18:50:41.0500 1572 smihlp - ok
18:50:41.0578 1572 SNDSrvc (443e397643965e08c5ab6a6caa732b97) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:50:41.0578 1572 SNDSrvc - ok
18:50:41.0609 1572 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:50:41.0609 1572 SONYPVU1 - ok
18:50:41.0609 1572 Sparrow - ok
18:50:41.0703 1572 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:50:41.0718 1572 SPBBCDrv - ok
18:50:41.0796 1572 SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:50:41.0812 1572 SPBBCSvc - ok
18:50:42.0015 1572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:50:42.0015 1572 splitter - ok
18:50:42.0062 1572 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:50:42.0062 1572 Spooler - ok
18:50:42.0140 1572 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:50:42.0156 1572 SQLBrowser - ok
18:50:42.0187 1572 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:50:42.0203 1572 SQLWriter - ok
18:50:42.0218 1572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:50:42.0218 1572 sr - ok
18:50:42.0281 1572 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:50:42.0281 1572 srservice - ok
18:50:42.0359 1572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:50:42.0359 1572 Srv - ok
18:50:42.0390 1572 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:50:42.0390 1572 SSDPSRV - ok
18:50:42.0500 1572 STHDA (ba225dbe19060a8bece4cfbcdcc8b69d) C:\WINDOWS\system32\drivers\sthda.sys
18:50:42.0531 1572 STHDA - ok
18:50:42.0593 1572 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:50:42.0593 1572 stisvc - ok
18:50:42.0687 1572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:50:42.0687 1572 swenum - ok
18:50:42.0703 1572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:50:42.0718 1572 swmidi - ok
18:50:42.0718 1572 SwPrv - ok
18:50:42.0781 1572 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
18:50:42.0781 1572 Swupdtmr - ok
18:50:42.0968 1572 Symantec AntiVirus (bc59bc3b68d45eb1716cc95e567a3b69) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:50:43.0015 1572 Symantec AntiVirus - ok
18:50:43.0140 1572 symc810 - ok
18:50:43.0156 1572 symc8xx - ok
18:50:43.0250 1572 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
18:50:43.0250 1572 SymEvent - ok
18:50:43.0312 1572 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:50:43.0312 1572 SYMREDRV - ok
18:50:43.0343 1572 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:50:43.0343 1572 SYMTDI - ok
18:50:43.0359 1572 sym_hi - ok
18:50:43.0359 1572 sym_u3 - ok
18:50:43.0390 1572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:50:43.0406 1572 sysaudio - ok
18:50:43.0453 1572 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:50:43.0453 1572 SysmonLog - ok
18:50:43.0484 1572 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:50:43.0484 1572 TapiSrv - ok
18:50:43.0531 1572 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
18:50:43.0531 1572 tbiosdrv - ok
18:50:43.0546 1572 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
18:50:43.0546 1572 TBtnKey - ok
18:50:43.0625 1572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:50:43.0640 1572 Tcpip - ok
18:50:43.0640 1572 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
18:50:43.0640 1572 TcUsb - ok
18:50:43.0687 1572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:50:43.0687 1572 TDPIPE - ok
18:50:43.0703 1572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:50:43.0718 1572 TDTCP - ok
18:50:43.0765 1572 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
18:50:43.0781 1572 TEchoCan - ok
18:50:43.0796 1572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:50:43.0796 1572 TermDD - ok
18:50:43.0859 1572 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:50:43.0859 1572 TermService - ok
18:50:43.0921 1572 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:50:43.0921 1572 Themes - ok
18:50:43.0968 1572 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
18:50:43.0968 1572 Thpdrv - ok
18:50:43.0984 1572 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
18:50:43.0984 1572 Thpevm - ok
18:50:44.0031 1572 Thpsrv (737ac9ec5e8107b72152e4f9c0ae1694) C:\WINDOWS\system32\ThpSrv.exe
18:50:44.0046 1572 Thpsrv - ok
18:50:44.0062 1572 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
18:50:44.0078 1572 tifm21 - ok
18:50:44.0109 1572 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:50:44.0125 1572 TlntSvr - ok
18:50:44.0140 1572 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
18:50:44.0140 1572 TMEI3E - ok
18:50:44.0234 1572 Tmesrv (1251afe77ce784d447e0d09dead08f1b) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
18:50:44.0234 1572 Tmesrv - ok
18:50:44.0250 1572 TosIde - ok
18:50:44.0296 1572 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
18:50:44.0296 1572 tosrfec - ok
18:50:44.0359 1572 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:50:44.0359 1572 TrkWks - ok
18:50:44.0390 1572 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
18:50:44.0390 1572 TVALZ - ok
18:50:44.0421 1572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:50:44.0421 1572 Udfs - ok
18:50:44.0421 1572 ultra - ok
18:50:44.0484 1572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:50:44.0484 1572 Update - ok
18:50:44.0531 1572 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:50:44.0531 1572 upnphost - ok
18:50:44.0562 1572 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:50:44.0562 1572 UPS - ok
18:50:44.0593 1572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:50:44.0593 1572 usbccgp - ok
18:50:44.0625 1572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:50:44.0625 1572 usbehci - ok
18:50:44.0640 1572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:50:44.0640 1572 usbhub - ok
18:50:44.0656 1572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:50:44.0656 1572 USBSTOR - ok
18:50:44.0671 1572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:50:44.0671 1572 usbuhci - ok
18:50:44.0734 1572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:50:44.0734 1572 VgaSave - ok
18:50:44.0734 1572 ViaIde - ok
18:50:44.0750 1572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:50:44.0765 1572 VolSnap - ok
18:50:44.0812 1572 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:50:44.0828 1572 VSS - ok
18:50:44.0843 1572 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:50:44.0859 1572 W32Time - ok
18:50:44.0906 1572 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
18:50:44.0906 1572 WacomPen - ok
18:50:44.0906 1572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:50:44.0921 1572 Wanarp - ok
18:50:44.0953 1572 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:50:44.0968 1572 wanatw - ok
18:50:44.0968 1572 WDICA - ok
18:50:45.0015 1572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:50:45.0015 1572 wdmaud - ok
18:50:45.0031 1572 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:50:45.0031 1572 WebClient - ok
18:50:45.0125 1572 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:50:45.0125 1572 winmgmt - ok
18:50:45.0359 1572 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:50:45.0390 1572 wlidsvc - ok
18:50:45.0546 1572 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:50:45.0546 1572 WmdmPmSN - ok
18:50:45.0640 1572 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:50:45.0656 1572 Wmi - ok
18:50:45.0734 1572 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:50:45.0734 1572 WmiApSrv - ok
18:50:45.0890 1572 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:50:45.0937 1572 WMPNetworkSvc - ok
18:50:46.0015 1572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:50:46.0015 1572 WS2IFSL - ok
18:50:46.0015 1572 WSearch - ok
18:50:46.0078 1572 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:50:46.0078 1572 wuauserv - ok
18:50:46.0125 1572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:50:46.0140 1572 WudfPf - ok
18:50:46.0156 1572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:50:46.0156 1572 WudfRd - ok
18:50:46.0187 1572 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:50:46.0187 1572 WudfSvc - ok
18:50:46.0250 1572 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:50:46.0265 1572 WZCSVC - ok
18:50:46.0296 1572 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:50:46.0296 1572 xmlprov - ok
18:50:46.0343 1572 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
18:50:46.0890 1572 \Device\Harddisk0\DR0 - ok
18:50:46.0890 1572 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR5
18:50:47.0125 1572 \Device\Harddisk1\DR5 - ok
18:50:47.0125 1572 Boot (0x1200) (86ed4c36f11fb909843811da37817b52) \Device\Harddisk0\DR0\Partition0
18:50:47.0140 1572 \Device\Harddisk0\DR0\Partition0 - ok
18:50:47.0140 1572 Boot (0x1200) (5d31fd3c4333948453a497b48be0de70) \Device\Harddisk1\DR5\Partition0
18:50:47.0140 1572 \Device\Harddisk1\DR5\Partition0 - ok
18:50:47.0140 1572 ============================================================
18:50:47.0140 1572 Scan finished
18:50:47.0140 1572 ============================================================
18:50:47.0156 2748 Detected object count: 0
18:50:47.0156 2748 Actual detected object count: 0
18:51:28.0046 0264 Deinitialize success











aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 18:55:09
-----------------------------
18:55:09.359 OS Version: Windows 5.1.2600 Service Pack 3
18:55:09.359 Number of processors: 2 586 0xF02
18:55:09.359 ComputerName: DAN UserName:
18:55:09.703 Initialize success
18:59:56.609 AVAST engine defs: 12071301
19:03:21.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\KR10I1Port1Path0Target0Lun0
19:03:21.062 Disk 0 Vendor: TOSHIBA_ ____ Size: 76317MB BusType: 1
19:03:21.093 Disk 0 MBR read successfully
19:03:21.093 Disk 0 MBR scan
19:03:21.187 Disk 0 Windows XP default MBR code
19:03:21.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70268 MB offset 63
19:03:21.218 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 6047 MB offset 143910270
19:03:21.218 Disk 0 scanning sectors +156296385
19:03:21.296 Disk 0 scanning C:\WINDOWS\system32\drivers
19:03:38.281 Service scanning
19:04:14.640 Modules scanning
19:04:23.203 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:04:25.390 Disk 0 trace - called modules:
19:04:25.421 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll SCSIPORT.SYS KR10I.sys
19:04:25.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd2ab8]
19:04:25.437 3 CLASSPNP.SYS[f777afd7] -> nt!IofCallDriver -> \Device\THPDRV[0x86fddba0]
19:04:25.437 5 thpdrv.sys[f778c71d] -> nt!IofCallDriver -> \Device\Scsi\KR10I1Port1Path0Target0Lun0[0x86fac030]
19:04:26.078 AVAST engine scan C:\WINDOWS
19:04:50.812 AVAST engine scan C:\WINDOWS\system32
19:09:50.125 AVAST engine scan C:\WINDOWS\system32\drivers
19:10:11.031 AVAST engine scan C:\Documents and Settings\Daniel
19:15:42.718 File: C:\Documents and Settings\Daniel\Local Settings\Application Data\{73b27770-5d2f-c4fd-c986-69cea867a3bf}\n **INFECTED** Win32:Sirefef-PL [Rtk]
19:18:03.531 AVAST engine scan C:\Documents and Settings\All Users
19:21:58.453 Scan finished successfully
20:15:34.921 Disk 0 MBR has been saved successfully to "E:\Dan\MBR.dat"
20:15:35.546 The log file has been saved successfully to "E:\Dan\aswMBR.txt"













C:\Documents and Settings\Daniel\Local Settings\Application Data\{73b27770-5d2f-c4fd-c986-69cea867a3bf}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{73b27770-5d2f-c4fd-c986-69cea867a3bf}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 14 July 2012 - 04:37 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 July 2012 - 12:20 PM

Farbar Service Scanner Version: 08-07-2012
Ran by Daniel (administrator) on 14-07-2012 at 06:43:56
Running from "C:\Documents and Settings\Daniel\Desktop\Malware"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) SYMTDI(11) Tcpip(3)
0x0B000000040000000100000002000000030000000B0000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****








Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Daniel :: DAN [administrator]

Protection: Enabled

7/14/2012 6:49:11 AM
mbam-log-2012-07-14 (06-49-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347856
Time elapsed: 1 hour(s), 22 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







MiniToolBox by Farbar Version: 25-06-2012
Ran by Daniel (administrator) on 14-07-2012 at 13:14:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

192.168.5.3 SERVER-PC

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 12814 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DAN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1B-77-C5-AF-2C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.39

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, July 14, 2012 6:28:55 AM

Lease Expires . . . . . . . . . . : Sunday, July 15, 2012 6:28:55 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-15-B7-11-48-E6

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.34, 74.125.228.35, 74.125.228.36, 74.125.228.37
74.125.228.38, 74.125.228.39, 74.125.228.40, 74.125.228.41, 74.125.228.46
74.125.228.32, 74.125.228.33



Pinging google.com [74.125.228.78] with 32 bytes of data:



Reply from 74.125.228.78: bytes=32 time=22ms TTL=51

Reply from 74.125.228.78: bytes=32 time=21ms TTL=51



Ping statistics for 74.125.228.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=52ms TTL=48

Reply from 98.139.183.24: bytes=32 time=81ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 81ms, Average = 66ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b 77 c5 af 2c ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 15 b7 11 48 e6 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.39 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.39 192.168.1.39 20
192.168.1.0 255.255.255.0 192.168.1.39 192.168.1.39 25
192.168.1.39 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.39 192.168.1.39 25
224.0.0.0 240.0.0.0 192.168.1.39 192.168.1.39 25
255.255.255.255 255.255.255.255 192.168.1.39 3 1
255.255.255.255 255.255.255.255 192.168.1.39 192.168.1.39 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/11/2012 01:55:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen.2 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


System errors:
=============
Error: (07/14/2012 06:29:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/13/2012 06:54:55 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.5.105 for the Network Card with network address 001B77C5AF2C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/13/2012 06:13:19 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (07/13/2012 06:13:19 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Error: (07/13/2012 06:13:08 PM) (Source: DCOM) (User: DAN)
Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (07/13/2012 06:11:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KR10I2K

Error: (07/13/2012 06:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/13/2012 00:50:22 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/12/2012 07:38:01 PM) (Source: 0) (User: )
Description:

Error: (07/12/2012 07:38:00 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Wacom Serial Pen Tablet' (ACPI\WACF004\4&38462492&0) disappeared from the system without first being prepared for removal.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Agilix GoBinder Lite (Version: 4.0.905)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.822.0)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.36(T))
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Carbonite Online Backup Setup (Version: 3.7.3)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
CollaborateMD 8.1.3
Crystal Reports 2008 Runtime (Version: 12.0.0.683)
DVD-RAM Driver (Version: 5.0.2.5)
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Hard Disk Recovery Utilities
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Ink Art (Version: 1.3)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4436)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 10.50.0000)
Inter-Tel Collaboration Client 2.0 (Version: 4.2.2.0)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.529)
iTunes (Version: 10.5.1.42)
J2SE Runtime Environment 5.0 Update 7 (Version: 1.5.0.70)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Kyocera Product Library (Version: 2.0.713)
LimeWire 5.5.14 (Version: 5.5.14)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
mCore (Version: 7.05.0000)
mDrWiFi (Version: 7.05.0000)
mHelp (Version: 7.05.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Education Pack for Windows XP Tablet PC Edition (Version: 1.0.0)
Microsoft Energy Blue Theme Pack (Version: 1.0.0)
Microsoft Experience Pack for Tablet PC (Version: 1.0.0)
Microsoft Ink Crossword (Version: 1.1)
Microsoft Ink Desktop (Version: 1.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer (Version: 1.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Snipping Tool 2.0 (Version: 2.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA (Version: 7.05.0000)
mLogView (Version: 7.05.0000)
mMHouse (Version: 7.05.0000)
MobileMe Control Panel (Version: 3.1.8.0)
mPfMgr (Version: 7.05.0000)
mPfWiz (Version: 7.05.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
mWlsSafe (Version: 7.05.0000)
mXML (Version: 7.05.0000)
mZConfig (Version: 7.05.0000)
Office 2003 Trial Assistant (Version: 1.0.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Protector Suite 5.4 (Version: 5.4.0.2934)
QuickTime (Version: 7.71.80.42)
RealPlayer Basic
Reason 4.0 (Version: 4.0)
Safari (Version: 5.34.52.7)
SD Secure Module (Version: 1.0.4)
SigmaTel Audio (Version: 5.10.4650.0)
Sonic DLA (Version: 5.2.0)
Sonic RecordNow! (Version: 7.31)
Symantec AntiVirus (Version: 10.0.359.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.16.0000)
TheraOffice (Version: 09.1.0.15)
TIPCI (Version: 1.16.0000)
TOSHIBA Accelerometer Utilities (Version: 2.02.02)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.06)
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection (Version: 1.01.08e)
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Mic Effect (Version: 2.06.00)
TOSHIBA Mobile Extension3 for Windows XP V3.80.00.XP
TOSHIBA Password Utility (Version: 2.01.01)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.08.02)
TOSHIBA RAID Utility (Version: 1.3.4.0)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Rotation Utility (Version: 4.00.00.06)
TOSHIBA SD Memory Boot Utility (Version: 1.1.0.0A)
TOSHIBA SD Memory Card Format
TOSHIBA Security Assist (Version: 1.1.8)
TOSHIBA Software Modem (Version: 2.1.62 (SM2162ALD04))
TOSHIBA Software Upgrades (Version: 4.2)
TOSHIBA Tablet Access Code Logon Utility (Version: 1.16.00)
TOSHIBA TouchPad On/Off Utility V2.05.01
TOSHIBA Utilities (Version: 4.30.11)
TOSHIBA Wireless Key Logon (Version: 1.0.0.13)
TOSHIBA Zooming Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wireless Hotkey (Version: 2.0.0.6)

========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 1014.85 MB
Available physical RAM: 268.16 MB
Total Pagefile: 2443.73 MB
Available Pagefile: 1801.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.46 MB

========================= Partitions: =====================================

1 Drive c: (SQ004491P04) (Fixed) (Total:68.62 GB) (Free:34.19 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:2.82 GB) FAT32

========================= Users: ========================================

User accounts for \\DAN

Administrator ASPNET Daniel
Everyone Else Guest HelpAssistant
SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 14 July 2012 - 01:19 PM

Download

System look

Copy this script and paste it in search box

:filefind
services.exe
:folderfind
{73b27770-5d2f-c4fd-c986-69cea867a3bf}

Click on LOOK,post the generated log

Edited by narenxp, 14 July 2012 - 01:21 PM.


#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 July 2012 - 09:26 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:20 on 14/07/2012 by Daniel
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 110592 bytes [17:48 15/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 108032 bytes [13:50 29/08/2008] [12:00 04/08/2004] C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 108544 bytes [15:49 17/04/2009] [00:12 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\ServicePackFiles\i386\services.exe ------- 108544 bytes [13:37 26/08/2008] [00:12 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\system32\services.exe --a---- 110592 bytes [22:06 11/09/2006] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\system32\dllcache\services.exe -----c- 110592 bytes [17:48 15/04/2009] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315

========== folderfind ==========

Searching for "{73b27770-5d2f-c4fd-c986-69cea867a3bf}"
C:\Documents and Settings\Daniel\Local Settings\Application Data\{73b27770-5d2f-c4fd-c986-69cea867a3bf} d--hs-- [22:06 11/09/2006]
C:\WINDOWS\Installer\{73b27770-5d2f-c4fd-c986-69cea867a3bf} d--hs-- [22:06 11/09/2006]

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 14 July 2012 - 09:35 PM

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\Daniel\Local Settings\Application Data\{73b27770-5d2f-c4fd-c986-69cea867a3bf}
C:\WINDOWS\Installer\{73b27770-5d2f-c4fd-c986-69cea867a3bf}

delete both the folders

Create a restore point,

Download

Shared access
wscsvc

Launch the keys,click YES

Restart the PC ,post the new FSS log

Edited by narenxp, 14 July 2012 - 09:37 PM.


#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 July 2012 - 09:40 PM

Done...

Nevermind, stand by...didn't read everything hahaha

#10 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 July 2012 - 09:54 PM

Farbar Service Scanner Version: 08-07-2012
Ran by Daniel (administrator) on 14-07-2012 at 22:52:47
Running from "C:\Documents and Settings\Daniel\Desktop\Malware"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) SYMTDI(11) Tcpip(3)
0x0B000000040000000100000002000000030000000B0000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 14 July 2012 - 10:11 PM

Download

Hosts fix

Run it,

Press Windows+R key and type

cmd and click ok,run this command

netsh winsock reset

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 July 2012 - 11:08 PM

TFC freezes up the computer completely...I've tried to run it a few times and total lockup. Also, many start menu items show up as "empty" still. I know they are there because they are in the c:\Program Files drive.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 15 July 2012 - 08:41 AM

Ignore TFC now

Press Windows+R key and type

%temp% and click ok

Copy SMTMP folder to a safe location and let me know

Is your files are hidden?

#14 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 15 July 2012 - 08:48 AM

I copied the folder to a safe location, but it didn't change anything..was I supposed to do anything with the folder?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:32 PM

Posted 15 July 2012 - 08:55 AM

1. Copy the entire content of this folder
smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

2. Copy the entire contents of this folder:

smtmp\2
and paste it to this folder:
C:\Documents and Settings\Username\Application Data\Microsoft\Internet Explorer\Quick Launch.

3. Copy the entire content of this folder:

smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop.

Let me know how it goes

Edited by narenxp, 15 July 2012 - 09:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users