Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loads of trojans - seem to have been removed but worried a keylogger/backdoor remains


  • Please log in to reply
20 replies to this topic

#1 -clare-

-clare-

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 18 August 2012 - 05:15 PM

Hi there

I have had a raft of infections on my windows XP professional PC the last few days...
Trojan.zeroaccess
Trojan.zeroaccess.A
Trojan.zeroaccess.C
Trojan.midhos
Trojan.winlock.P
SecShieldFraud!gen7
and more I didn't write down

I have Symantec anti-virus and Malware bytes, both of which were up to date and ran the day before this happened.

It's all a bit of a blur but when it first happened, symantec was picking up infection after infection and eventually told me to restart which I did.

From then on my CPU was running at 100%, symantec would not open, google results in IE were clicking through to spam sites, more and more trojans were being discovered by malware bytes. Also I could not run the trojan.zeroaccess removal tool I downloaded

I tried to do a system restore but the only restore point was after the attack. i restarted in safe mode and ran malwarebytes. When I restarted again I was able to run Symantec and malwarebytes again which both got rid of more trojans

The situation now is that my CPU is back to normal and symantec/malware bytes are returning clear scans.
Things seem fine except a couple of red flags.... Google links in IE click through to spam sites sometimes but not always, and all my cookies have disappeared so I have to type in ALL my registration details for each website I visit so I'm worried there's a keylogger in place.

Is there something I can do please to check if there's a keylogger or backdoor in place please?

Many thanks if you can spare some time to help, I would really appreciate it!
Clare

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:05 AM

Posted 18 August 2012 - 06:30 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 09:11 AM

Thank you thank you thank you!!! Below the 3 scan results, aswMBR seems to find 1 infection and ESET online scanner 4!!



12:06:28.0797 4864 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:06:28.0907 4864 ============================================================
12:06:28.0907 4864 Current date / time: 2012/08/19 12:06:28.0907
12:06:28.0907 4864 SystemInfo:
12:06:28.0907 4864
12:06:28.0907 4864 OS Version: 5.1.2600 ServicePack: 3.0
12:06:28.0907 4864 Product type: Workstation
12:06:28.0907 4864 ComputerName: WEBSITES_PC
12:06:28.0907 4864 UserName: Bill
12:06:28.0907 4864 Windows directory: C:\WINDOWS
12:06:28.0907 4864 System windows directory: C:\WINDOWS
12:06:28.0907 4864 Processor architecture: Intel x86
12:06:28.0907 4864 Number of processors: 4
12:06:28.0907 4864 Page size: 0x1000
12:06:28.0907 4864 Boot type: Normal boot
12:06:28.0907 4864 ============================================================
12:06:30.0969 4864 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:06:30.0969 4864 ============================================================
12:06:30.0969 4864 \Device\Harddisk0\DR0:
12:06:30.0969 4864 MBR partitions:
12:06:30.0969 4864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
12:06:30.0969 4864 ============================================================
12:06:31.0000 4864 C: <-> \Device\Harddisk0\DR0\Partition1
12:06:31.0000 4864 ============================================================
12:06:31.0000 4864 Initialize success
12:06:31.0000 4864 ============================================================
12:06:59.0500 0952 ============================================================
12:06:59.0500 0952 Scan started
12:06:59.0500 0952 Mode: Manual; TDLFS;
12:06:59.0500 0952 ============================================================
12:07:01.0235 0952 ================ Scan services =============================
12:07:01.0282 0952 Abiosdsk - ok
12:07:01.0282 0952 abp480n5 - ok
12:07:01.0391 0952 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:07:01.0391 0952 ACDaemon - ok
12:07:01.0453 0952 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:07:01.0453 0952 ACPI - ok
12:07:01.0485 0952 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:07:01.0516 0952 ACPIEC - ok
12:07:01.0657 0952 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:07:01.0703 0952 AdobeFlashPlayerUpdateSvc - ok
12:07:01.0703 0952 adpu160m - ok
12:07:02.0188 0952 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:07:02.0469 0952 aec - ok
12:07:02.0985 0952 [ 30bb1bde595ca65fd5549462080d94e5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:07:02.0985 0952 AegisP - ok
12:07:03.0000 0952 [ a7b8a3a79d35215d798a300df49ed23f ] Afc C:\WINDOWS\system32\drivers\Afc.sys
12:07:03.0016 0952 Afc - ok
12:07:03.0047 0952 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:07:03.0063 0952 AFD - ok
12:07:03.0063 0952 Aha154x - ok
12:07:03.0063 0952 aic78u2 - ok
12:07:03.0063 0952 aic78xx - ok
12:07:03.0110 0952 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:07:03.0110 0952 Alerter - ok
12:07:03.0141 0952 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:07:03.0157 0952 ALG - ok
12:07:03.0157 0952 AliIde - ok
12:07:03.0157 0952 amsint - ok
12:07:03.0188 0952 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:07:03.0188 0952 AppMgmt - ok
12:07:03.0219 0952 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:07:03.0219 0952 Arp1394 - ok
12:07:03.0219 0952 asc - ok
12:07:03.0219 0952 asc3350p - ok
12:07:03.0235 0952 asc3550 - ok
12:07:03.0282 0952 [ 2b4e66fac6503494a2c6f32bb6ab3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
12:07:03.0282 0952 AsIO - ok
12:07:03.0375 0952 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:07:03.0422 0952 aspnet_state - ok
12:07:03.0469 0952 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:07:03.0469 0952 AsyncMac - ok
12:07:03.0500 0952 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:07:03.0500 0952 atapi - ok
12:07:03.0500 0952 Atdisk - ok
12:07:03.0516 0952 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:07:03.0532 0952 Atmarpc - ok
12:07:03.0563 0952 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:07:03.0563 0952 AudioSrv - ok
12:07:03.0594 0952 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:07:03.0594 0952 audstub - ok
12:07:03.0625 0952 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:07:03.0641 0952 Beep - ok
12:07:03.0688 0952 [ acc9c8c560c567fad6f79c977ab2ea09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
12:07:03.0688 0952 bgsvcgen - ok
12:07:03.0735 0952 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:07:03.0813 0952 BITS - ok
12:07:03.0844 0952 [ cfd4c3352e29a8b729536648466e8df5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:07:03.0844 0952 Bonjour Service - ok
12:07:03.0891 0952 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
12:07:03.0891 0952 Browser - ok
12:07:03.0922 0952 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:07:03.0922 0952 cbidf2k - ok
12:07:04.0000 0952 [ e403a2d0f451500ff12638c19cffc87c ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
12:07:04.0000 0952 ccEvtMgr - ok
12:07:04.0047 0952 [ 64ca18128973124df92d516d50c03aef ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
12:07:04.0047 0952 ccSetMgr - ok
12:07:04.0063 0952 cd20xrnt - ok
12:07:04.0094 0952 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:07:04.0110 0952 Cdaudio - ok
12:07:04.0125 0952 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:07:04.0125 0952 Cdfs - ok
12:07:04.0157 0952 [ e0042bd5bef17a6a3ef1df576bde24d1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
12:07:04.0172 0952 cdrbsdrv - ok
12:07:04.0219 0952 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:07:04.0219 0952 Cdrom - ok
12:07:04.0219 0952 Changer - ok
12:07:04.0250 0952 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:07:04.0250 0952 CiSvc - ok
12:07:04.0282 0952 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:07:04.0282 0952 ClipSrv - ok
12:07:04.0328 0952 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:04.0516 0952 clr_optimization_v2.0.50727_32 - ok
12:07:04.0578 0952 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:07:04.0594 0952 clr_optimization_v4.0.30319_32 - ok
12:07:04.0594 0952 CmdIde - ok
12:07:04.0594 0952 COMSysApp - ok
12:07:04.0594 0952 Cpqarray - ok
12:07:04.0625 0952 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:07:04.0625 0952 CryptSvc - ok
12:07:04.0625 0952 dac2w2k - ok
12:07:04.0625 0952 dac960nt - ok
12:07:04.0672 0952 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:07:04.0672 0952 DcomLaunch - ok
12:07:04.0719 0952 [ 213153e1ee098feef56098536b2a6dd7 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
12:07:04.0719 0952 DefWatch - ok
12:07:04.0735 0952 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:07:04.0735 0952 Dhcp - ok
12:07:04.0735 0952 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:07:04.0735 0952 Disk - ok
12:07:04.0750 0952 dmadmin - ok
12:07:04.0766 0952 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:07:04.0797 0952 dmboot - ok
12:07:04.0813 0952 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:07:04.0828 0952 dmio - ok
12:07:04.0844 0952 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:07:04.0860 0952 dmload - ok
12:07:04.0875 0952 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:07:04.0875 0952 dmserver - ok
12:07:04.0907 0952 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:07:04.0907 0952 DMusic - ok
12:07:04.0938 0952 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:07:04.0938 0952 Dnscache - ok
12:07:04.0953 0952 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:07:04.0969 0952 Dot3svc - ok
12:07:04.0969 0952 dpti2o - ok
12:07:04.0969 0952 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:07:04.0985 0952 drmkaud - ok
12:07:05.0000 0952 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:07:05.0000 0952 EapHost - ok
12:07:05.0047 0952 [ 85b8b4032a895a746d46a288a9b30ded ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:07:05.0063 0952 eeCtrl - ok
12:07:05.0094 0952 [ b5a8a04a6e5b4e86b95b1553aa918f5f ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
12:07:05.0110 0952 EraserUtilDrv11220 - ok
12:07:05.0125 0952 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:07:05.0125 0952 ERSvc - ok
12:07:05.0157 0952 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:07:05.0172 0952 Eventlog - ok
12:07:05.0219 0952 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:07:05.0219 0952 EventSystem - ok
12:07:05.0235 0952 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:07:05.0266 0952 Fastfat - ok
12:07:05.0282 0952 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:07:05.0282 0952 FastUserSwitchingCompatibility - ok
12:07:05.0313 0952 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:07:05.0313 0952 Fdc - ok
12:07:05.0328 0952 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:07:05.0344 0952 Fips - ok
12:07:05.0344 0952 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:07:05.0360 0952 Flpydisk - ok
12:07:05.0375 0952 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:07:05.0391 0952 FltMgr - ok
12:07:05.0453 0952 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:07:05.0469 0952 FontCache3.0.0.0 - ok
12:07:05.0485 0952 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:07:05.0485 0952 Fs_Rec - ok
12:07:05.0500 0952 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:07:05.0500 0952 Ftdisk - ok
12:07:05.0500 0952 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:07:05.0516 0952 Gpc - ok
12:07:05.0594 0952 [ 626a24ed1228580b9518c01930936df9 ] gupdate1c9b214d6b16f94 C:\Program Files\Google\Update\GoogleUpdate.exe
12:07:05.0594 0952 gupdate1c9b214d6b16f94 - ok
12:07:05.0610 0952 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:07:05.0610 0952 HDAudBus - ok
12:07:05.0657 0952 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:07:05.0657 0952 helpsvc - ok
12:07:05.0672 0952 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:07:05.0672 0952 HidServ - ok
12:07:05.0688 0952 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:07:05.0703 0952 hidusb - ok
12:07:05.0719 0952 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:07:05.0719 0952 hkmsvc - ok
12:07:05.0719 0952 hpn - ok
12:07:05.0766 0952 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:07:05.0766 0952 HTTP - ok
12:07:05.0813 0952 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:07:05.0828 0952 HTTPFilter - ok
12:07:05.0828 0952 i2omgmt - ok
12:07:05.0828 0952 i2omp - ok
12:07:05.0844 0952 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:07:05.0844 0952 i8042prt - ok
12:07:05.0922 0952 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:07:05.0953 0952 idsvc - ok
12:07:06.0016 0952 [ db3c22745c0da4666f3be31f1af36b2f ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
12:07:06.0016 0952 IISADMIN - ok
12:07:06.0032 0952 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:07:06.0032 0952 Imapi - ok
12:07:06.0063 0952 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:07:06.0078 0952 ImapiService - ok
12:07:06.0078 0952 ini910u - ok
12:07:06.0235 0952 [ 19afbb8427ce65042599555e578170df ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:07:06.0266 0952 IntcAzAudAddService - ok
12:07:06.0266 0952 IntelIde - ok
12:07:06.0282 0952 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:07:06.0282 0952 intelppm - ok
12:07:06.0297 0952 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:07:06.0313 0952 Ip6Fw - ok
12:07:06.0360 0952 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:07:06.0360 0952 IpFilterDriver - ok
12:07:06.0375 0952 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:07:06.0375 0952 IpInIp - ok
12:07:06.0391 0952 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:07:06.0407 0952 IpNat - ok
12:07:06.0438 0952 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:07:06.0453 0952 IPSec - ok
12:07:06.0516 0952 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:07:06.0516 0952 IRENUM - ok
12:07:06.0547 0952 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:07:06.0563 0952 isapnp - ok
12:07:06.0657 0952 [ 9ae07549a0d691a103faf8946554bdb7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:07:06.0657 0952 JavaQuickStarterService - ok
12:07:06.0703 0952 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:07:06.0719 0952 Kbdclass - ok
12:07:06.0735 0952 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:07:06.0735 0952 kbdhid - ok
12:07:06.0735 0952 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:07:06.0735 0952 kmixer - ok
12:07:06.0766 0952 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:07:06.0766 0952 KSecDD - ok
12:07:06.0797 0952 [ b3a21f963bf315a29e1d5eb376a51078 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
12:07:06.0797 0952 L1e - ok
12:07:06.0844 0952 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:07:06.0844 0952 LanmanServer - ok
12:07:06.0875 0952 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:07:06.0875 0952 lanmanworkstation - ok
12:07:07.0000 0952 [ 55afd4a9d5ed4ad40d5215ccdf4d65f3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
12:07:07.0000 0952 Lavasoft Ad-Aware Service - ok
12:07:07.0047 0952 [ 6c4a3804510ad8e0f0c07b5be3d44ddb ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
12:07:07.0047 0952 Lavasoft Kernexplorer - ok
12:07:07.0063 0952 [ 336abe8721cbc3110f1c6426da633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:07:07.0063 0952 Lbd - ok
12:07:07.0078 0952 lbrtfdc - ok
12:07:07.0141 0952 [ 559c9b7800fac92fc515cd0003d7c631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:07:07.0141 0952 LightScribeService - ok
12:07:07.0250 0952 [ 010fd2b41e75a98e3a4d23f44405f5c9 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:07:07.0328 0952 LiveUpdate - ok
12:07:07.0360 0952 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:07:07.0360 0952 LmHosts - ok
12:07:07.0375 0952 [ 0db7527db188c7d967a37bb51bbf3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
12:07:07.0391 0952 MBAMSwissArmy - ok
12:07:07.0391 0952 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:07:07.0407 0952 Messenger - ok
12:07:07.0422 0952 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:07:07.0422 0952 mnmdd - ok
12:07:07.0453 0952 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:07:07.0453 0952 mnmsrvc - ok
12:07:07.0500 0952 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:07:07.0516 0952 Modem - ok
12:07:07.0563 0952 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:07:07.0563 0952 Mouclass - ok
12:07:07.0610 0952 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:07:07.0610 0952 mouhid - ok
12:07:07.0625 0952 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:07:07.0625 0952 MountMgr - ok
12:07:07.0657 0952 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:07:07.0688 0952 MozillaMaintenance - ok
12:07:07.0688 0952 mraid35x - ok
12:07:07.0703 0952 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:07:07.0703 0952 MRxDAV - ok
12:07:07.0766 0952 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:07:07.0782 0952 MRxSmb - ok
12:07:07.0813 0952 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:07:07.0813 0952 MSDTC - ok
12:07:07.0828 0952 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:07:07.0828 0952 Msfs - ok
12:07:07.0828 0952 MSIServer - ok
12:07:07.0860 0952 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:07:07.0875 0952 MSKSSRV - ok
12:07:07.0891 0952 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:07:07.0891 0952 MSPCLOCK - ok
12:07:07.0907 0952 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:07:07.0907 0952 MSPQM - ok
12:07:07.0953 0952 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:07:07.0953 0952 mssmbios - ok
12:07:08.0032 0952 MSSQL$SQLEXPRESS - ok
12:07:08.0094 0952 [ adaf062116b4e6d96e44d26486a87af6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:07:08.0110 0952 MSSQLServerADHelper - ok
12:07:08.0141 0952 [ d48659bb24c48345d926ecb45c1ebdf5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:07:08.0157 0952 MTsensor - ok
12:07:08.0172 0952 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:07:08.0188 0952 Mup - ok
12:07:08.0219 0952 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:07:08.0235 0952 napagent - ok
12:07:08.0344 0952 [ f11033730b38260b6892e837c457fb4b ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120817.003\naveng.sys
12:07:08.0360 0952 NAVENG - ok
12:07:08.0391 0952 [ 4e4e7c0259d3bb97de24a636c0e06aba ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120817.003\navex15.sys
12:07:08.0407 0952 NAVEX15 - ok
12:07:08.0422 0952 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:07:08.0438 0952 NDIS - ok
12:07:08.0469 0952 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:07:08.0469 0952 NdisTapi - ok
12:07:08.0500 0952 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:07:08.0516 0952 Ndisuio - ok
12:07:08.0516 0952 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:07:08.0532 0952 NdisWan - ok
12:07:08.0547 0952 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:07:08.0547 0952 NDProxy - ok
12:07:08.0563 0952 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:07:08.0563 0952 NetBIOS - ok
12:07:08.0594 0952 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:07:08.0610 0952 NetBT - ok
12:07:08.0625 0952 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:07:08.0641 0952 NetDDE - ok
12:07:08.0641 0952 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:07:08.0641 0952 NetDDEdsdm - ok
12:07:08.0688 0952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:07:08.0688 0952 Netlogon - ok
12:07:08.0703 0952 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:07:08.0703 0952 Netman - ok
12:07:08.0735 0952 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:07:08.0750 0952 NetTcpPortSharing - ok
12:07:08.0766 0952 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:07:08.0766 0952 NIC1394 - ok
12:07:08.0782 0952 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:07:08.0782 0952 Nla - ok
12:07:08.0844 0952 NMIndexingService - ok
12:07:08.0844 0952 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:07:08.0860 0952 Npfs - ok
12:07:08.0907 0952 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:07:08.0922 0952 Ntfs - ok
12:07:08.0938 0952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:07:08.0938 0952 NtLmSsp - ok
12:07:08.0953 0952 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:07:08.0969 0952 NtmsSvc - ok
12:07:08.0985 0952 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:07:08.0985 0952 Null - ok
12:07:09.0157 0952 [ 9f4384aa43548ddd438f7b7825d11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:07:09.0297 0952 nv - ok
12:07:09.0344 0952 [ 0c41c4acfe00d826db479c40c1d9edc8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:07:09.0344 0952 NVSvc - ok
12:07:09.0391 0952 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:07:09.0391 0952 NwlnkFlt - ok
12:07:09.0407 0952 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:07:09.0422 0952 NwlnkFwd - ok
12:07:09.0422 0952 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:07:09.0422 0952 ohci1394 - ok
12:07:09.0453 0952 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:07:09.0500 0952 ose - ok
12:07:09.0516 0952 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:07:09.0532 0952 Parport - ok
12:07:09.0532 0952 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:07:09.0532 0952 PartMgr - ok
12:07:09.0547 0952 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:07:09.0563 0952 ParVdm - ok
12:07:09.0594 0952 [ fd2041e9ba03db7764b2248f02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:07:09.0610 0952 pccsmcfd - ok
12:07:09.0625 0952 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:07:09.0625 0952 PCI - ok
12:07:09.0625 0952 PCIDump - ok
12:07:09.0625 0952 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:07:09.0641 0952 PCIIde - ok
12:07:09.0657 0952 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:07:09.0672 0952 Pcmcia - ok
12:07:09.0672 0952 PDCOMP - ok
12:07:09.0688 0952 PDFRAME - ok
12:07:09.0688 0952 PDRELI - ok
12:07:09.0688 0952 PDRFRAME - ok
12:07:09.0688 0952 perc2 - ok
12:07:09.0688 0952 perc2hib - ok
12:07:09.0703 0952 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:07:09.0703 0952 PlugPlay - ok
12:07:09.0719 0952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:07:09.0719 0952 PolicyAgent - ok
12:07:09.0735 0952 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:07:09.0735 0952 PptpMiniport - ok
12:07:09.0735 0952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:07:09.0750 0952 ProtectedStorage - ok
12:07:09.0750 0952 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:07:09.0750 0952 Ptilink - ok
12:07:09.0750 0952 ql1080 - ok
12:07:09.0750 0952 Ql10wnt - ok
12:07:09.0766 0952 ql12160 - ok
12:07:09.0766 0952 ql1240 - ok
12:07:09.0766 0952 ql1280 - ok
12:07:09.0766 0952 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:07:09.0766 0952 RasAcd - ok
12:07:09.0782 0952 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:07:09.0797 0952 RasAuto - ok
12:07:09.0813 0952 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:07:09.0828 0952 Rasl2tp - ok
12:07:09.0844 0952 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:07:09.0844 0952 RasMan - ok
12:07:09.0844 0952 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:07:09.0860 0952 RasPppoe - ok
12:07:09.0860 0952 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:07:09.0875 0952 Raspti - ok
12:07:09.0891 0952 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:07:09.0907 0952 Rdbss - ok
12:07:09.0907 0952 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:07:09.0907 0952 RDPCDD - ok
12:07:09.0953 0952 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:07:09.0969 0952 rdpdr - ok
12:07:10.0000 0952 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:07:10.0000 0952 RDPWD - ok
12:07:10.0032 0952 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:07:10.0047 0952 RDSessMgr - ok
12:07:10.0063 0952 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:07:10.0078 0952 redbook - ok
12:07:10.0110 0952 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:07:10.0110 0952 RemoteAccess - ok
12:07:10.0141 0952 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:07:10.0141 0952 RemoteRegistry - ok
12:07:10.0172 0952 [ 4f4a4c09cc5be58a76cac1c337e004e6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
12:07:10.0172 0952 RimUsb - ok
12:07:10.0203 0952 [ 3a5633ad615e2b15291bd0b1b97ccd8a ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:07:10.0203 0952 RimVSerPort - ok
12:07:10.0219 0952 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:07:10.0219 0952 ROOTMODEM - ok
12:07:10.0250 0952 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:07:10.0250 0952 RpcLocator - ok
12:07:10.0266 0952 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:07:10.0266 0952 RpcSs - ok
12:07:10.0297 0952 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:07:10.0313 0952 RSVP - ok
12:07:10.0360 0952 [ 4e812ac89eec95aac9cacea29a0f8dc8 ] RTL8187B C:\WINDOWS\system32\DRIVERS\wg111v3.sys
12:07:10.0375 0952 RTL8187B - ok
12:07:10.0375 0952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:07:10.0375 0952 SamSs - ok
12:07:10.0407 0952 [ 735debf79a6da44d56542e12edf51b75 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
12:07:10.0422 0952 SavRoam - ok
12:07:10.0469 0952 [ e768eff5753906272e375282d7a511e0 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
12:07:10.0469 0952 SAVRT - ok
12:07:10.0485 0952 [ d9d45ad65063e8966acafb1f574c8617 ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
12:07:10.0485 0952 SAVRTPEL - ok
12:07:10.0516 0952 [ b244960e5a1db8e9d5d17086de37c1e4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:07:10.0532 0952 sbp2port - ok
12:07:10.0563 0952 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:07:10.0578 0952 SCardSvr - ok
12:07:10.0610 0952 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:07:10.0610 0952 Schedule - ok
12:07:10.0625 0952 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:07:10.0641 0952 Secdrv - ok
12:07:10.0672 0952 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:07:10.0672 0952 seclogon - ok
12:07:10.0672 0952 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:07:10.0688 0952 SENS - ok
12:07:10.0688 0952 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:07:10.0688 0952 serenum - ok
12:07:10.0703 0952 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:07:10.0703 0952 Serial - ok
12:07:10.0766 0952 [ 8988d1f32f56b3cd3f0f6c39f8a91a98 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:07:10.0797 0952 ServiceLayer - ok
12:07:10.0828 0952 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:07:10.0828 0952 Sfloppy - ok
12:07:10.0860 0952 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:07:10.0860 0952 ShellHWDetection - ok
12:07:10.0860 0952 Simbad - ok
12:07:10.0875 0952 [ db3c22745c0da4666f3be31f1af36b2f ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
12:07:10.0875 0952 SMTPSVC - ok
12:07:10.0907 0952 [ 092eac5e31bc10a7ab47196ea2a2a809 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
12:07:10.0938 0952 SNDSrvc - ok
12:07:10.0969 0952 [ a1eceeaa5c5e74b2499eb51d38185b84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:07:10.0969 0952 SONYPVU1 - ok
12:07:11.0047 0952 [ 595c38ba6d3a50399a7fb255924aab34 ] Sophos Agent C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
12:07:11.0047 0952 Sophos Agent - ok
12:07:11.0110 0952 [ b4f4e976ed409979ce9a579f6b8dadb0 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
12:07:11.0125 0952 Sophos AutoUpdate Service - ok
12:07:11.0157 0952 [ 28ea3e0a51df9ce5d599758462b1257e ] Sophos Message Router C:\Program Files\Sophos\Remote Management System\RouterNT.exe
12:07:11.0157 0952 Sophos Message Router - ok
12:07:11.0157 0952 Sparrow - ok
12:07:11.0203 0952 [ 60053e9c1fc4f6887c296c19cb825244 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:07:11.0219 0952 SPBBCDrv - ok
12:07:11.0266 0952 [ 8a09ab7a1fd856acc469bd0cd4e98351 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
12:07:11.0266 0952 SPBBCSvc - ok
12:07:11.0297 0952 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:07:11.0313 0952 splitter - ok
12:07:11.0328 0952 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:07:11.0328 0952 Spooler - ok
12:07:11.0328 0952 [ d2b096cd2f56fac6eeeed9a77ddf6dc8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:07:11.0328 0952 SQLBrowser - ok
12:07:11.0360 0952 [ 54902536aad0e9b99bc65f89c0caf93f ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:07:11.0360 0952 SQLWriter - ok
12:07:11.0407 0952 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:07:11.0407 0952 sr - ok
12:07:11.0422 0952 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:07:11.0422 0952 srservice - ok
12:07:11.0453 0952 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:07:11.0453 0952 Srv - ok
12:07:11.0500 0952 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:07:11.0500 0952 SSDPSRV - ok
12:07:11.0547 0952 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:07:11.0547 0952 stisvc - ok
12:07:11.0563 0952 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:07:11.0578 0952 swenum - ok
12:07:11.0594 0952 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:07:11.0594 0952 swmidi - ok
12:07:11.0594 0952 SwPrv - ok
12:07:11.0672 0952 [ 26b3e57f33d3f6fe7e88beac82aeb12a ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
12:07:11.0672 0952 Symantec AntiVirus - ok
12:07:11.0688 0952 symc810 - ok
12:07:11.0688 0952 symc8xx - ok
12:07:11.0703 0952 [ c5eafb6a8c73fb26b73ee613c1a5aef6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:07:11.0703 0952 SymEvent - ok
12:07:11.0750 0952 [ 4ed314756eb2811a9d4226ed4385d35c ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:07:11.0750 0952 SYMREDRV - ok
12:07:11.0797 0952 [ 4aed788390802b1500e6b05127af3a2e ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:07:11.0813 0952 SYMTDI - ok
12:07:11.0813 0952 sym_hi - ok
12:07:11.0813 0952 sym_u3 - ok
12:07:11.0828 0952 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:07:11.0844 0952 sysaudio - ok
12:07:11.0860 0952 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:07:11.0860 0952 SysmonLog - ok
12:07:11.0891 0952 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:07:11.0891 0952 TapiSrv - ok
12:07:11.0938 0952 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:07:11.0953 0952 Tcpip - ok
12:07:12.0000 0952 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:07:12.0000 0952 TDPIPE - ok
12:07:12.0016 0952 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:07:12.0032 0952 TDTCP - ok
12:07:12.0032 0952 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:07:12.0047 0952 TermDD - ok
12:07:12.0078 0952 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:07:12.0094 0952 TermService - ok
12:07:12.0094 0952 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:07:12.0094 0952 Themes - ok
12:07:12.0125 0952 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:07:12.0141 0952 TlntSvr - ok
12:07:12.0141 0952 TosIde - ok
12:07:12.0157 0952 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:07:12.0172 0952 TrkWks - ok
12:07:12.0188 0952 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:07:12.0203 0952 Udfs - ok
12:07:12.0203 0952 ultra - ok
12:07:12.0235 0952 [ c81b8635dee0d3ef5f64b3dd643023a5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:07:12.0235 0952 UMWdf - ok
12:07:12.0250 0952 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:07:12.0266 0952 Update - ok
12:07:12.0282 0952 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:07:12.0313 0952 upnphost - ok
12:07:12.0313 0952 upperdev - ok
12:07:12.0360 0952 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:07:12.0375 0952 UPS - ok
12:07:12.0407 0952 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:07:12.0422 0952 usbaudio - ok
12:07:12.0438 0952 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:07:12.0453 0952 usbccgp - ok
12:07:12.0485 0952 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:07:12.0485 0952 usbehci - ok
12:07:12.0485 0952 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:07:12.0500 0952 usbhub - ok
12:07:12.0547 0952 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:07:12.0547 0952 usbprint - ok
12:07:12.0578 0952 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:07:12.0594 0952 usbscan - ok
12:07:12.0625 0952 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:07:12.0641 0952 USBSTOR - ok
12:07:12.0672 0952 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:07:12.0688 0952 usbuhci - ok
12:07:12.0703 0952 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:07:12.0703 0952 VgaSave - ok
12:07:12.0703 0952 ViaIde - ok
12:07:12.0750 0952 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:07:12.0750 0952 VolSnap - ok
12:07:12.0782 0952 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:07:12.0797 0952 VSS - ok
12:07:12.0813 0952 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
12:07:12.0813 0952 W32Time - ok
12:07:12.0828 0952 [ db3c22745c0da4666f3be31f1af36b2f ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
12:07:12.0828 0952 W3SVC - ok
12:07:12.0844 0952 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:07:12.0844 0952 Wanarp - ok
12:07:12.0891 0952 [ bbcfeab7e871cddac2d397ee7fa91fdc ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:07:12.0907 0952 Wdf01000 - ok
12:07:12.0907 0952 WDICA - ok
12:07:12.0953 0952 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:07:12.0953 0952 wdmaud - ok
12:07:12.0985 0952 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:07:12.0985 0952 WebClient - ok
12:07:13.0063 0952 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:07:13.0063 0952 winmgmt - ok
12:07:13.0078 0952 [ a477391b7a8b0a0daabadb17cf533a4b ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:07:13.0094 0952 WmdmPmSN - ok
12:07:13.0141 0952 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:07:13.0141 0952 Wmi - ok
12:07:13.0172 0952 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:07:13.0172 0952 WmiApSrv - ok
12:07:13.0235 0952 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:07:13.0282 0952 WPFFontCache_v0400 - ok
12:07:13.0313 0952 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:07:13.0313 0952 wuauserv - ok
12:07:13.0344 0952 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:07:13.0375 0952 WZCSVC - ok
12:07:13.0391 0952 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:07:13.0422 0952 xmlprov - ok
12:07:13.0422 0952 ================ Scan global ===============================
12:07:13.0453 0952 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:07:13.0485 0952 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:07:13.0500 0952 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:07:13.0516 0952 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:07:13.0516 0952 [Global] - ok
12:07:13.0516 0952 ================ Scan MBR ==================================
12:07:13.0532 0952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:07:13.0766 0952 \Device\Harddisk0\DR0 - ok
12:07:13.0766 0952 ================ Scan VBR ==================================
12:07:13.0766 0952 Boot (0x1200) (6d0296ab34fa96f9f37244b9df3096e1) \Device\Harddisk0\DR0\Partition1
12:07:13.0766 0952 \Device\Harddisk0\DR0\Partition1 - ok
12:07:13.0766 0952 ============================================================
12:07:13.0766 0952 Scan finished
12:07:13.0766 0952 ============================================================
12:07:13.0782 1140 Detected object count: 0
12:07:13.0782 1140 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 12:10:50
-----------------------------
12:10:50.891 OS Version: Windows 5.1.2600 Service Pack 3
12:10:50.891 Number of processors: 4 586 0xF0B
12:10:50.891 ComputerName: WEBSITES_PC UserName: Bill
12:10:52.422 Initialize success
12:21:13.922 AVAST engine defs: 12081900
12:24:02.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
12:24:02.438 Disk 0 Vendor: WDC_WD10EACS-00D6B0 01.01A01 Size: 953869MB BusType: 3
12:24:02.438 Disk 0 MBR read successfully
12:24:02.438 Disk 0 MBR scan
12:24:02.453 Disk 0 Windows XP default MBR code
12:24:02.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
12:24:02.453 Disk 0 scanning sectors +1953504000
12:24:02.516 Disk 0 scanning C:\WINDOWS\system32\drivers
12:24:10.250 Service scanning
12:24:28.703 Modules scanning
12:24:31.875 Disk 0 trace - called modules:
12:24:31.891 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:24:31.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae54ab8]
12:24:31.907 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8aeb99e8]
12:24:31.907 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8ae59d98]
12:24:33.719 AVAST engine scan C:\WINDOWS
12:24:53.688 AVAST engine scan C:\WINDOWS\system32
12:28:31.750 AVAST engine scan C:\WINDOWS\system32\drivers
12:29:06.203 AVAST engine scan C:\Documents and Settings\Bill
12:30:15.875 File: C:\Documents and Settings\Bill\Application Data\sascoi.dll **INFECTED** Win32:Agent-APLJ [Trj]
13:16:45.485 AVAST engine scan C:\Documents and Settings\All Users
13:25:35.297 Scan finished successfully
13:27:28.313 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\Desktop\MBR.dat"
13:27:28.313 The log file has been saved successfully to "C:\Documents and Settings\Bill\Desktop\aswMBR.txt"






C:\Documents and Settings\Bill\Application Data\sascoi.dll a variant of Win32/Medfos.CN trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Bill\Local Settings\Application Data\{120E495E-E6DB-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Bill\Local Settings\Temp\NOD5A9.tmp a variant of Win32/Medfos.CN trojan cleaned by deleting (after the next restart) - quarantined
C:\Inetpub\wwwroot\!HillsInt\www\images\banners\98.aspx probably a variant of ASP/WebAdmin.B trojan cleaned by deleting - quarantined







Do you think I am clean now? Is it OK to turn of/do a restart?

Many many thanks for your help
C

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:05 AM

Posted 19 August 2012 - 09:13 AM

Yes

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 10:24 AM

Hi, I am just running MBAM in regular windows mode is that right or should i be running it in safe mode first then regular mode?

thanks!
C

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:05 AM

Posted 19 August 2012 - 11:17 AM

Run it in regular mode

#7 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 12:17 PM

Thank you

I ran MBAM just once and got a clear result

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bill :: WEBSITES_PC [administrator]

19/08/2012 16:21:46
mbam-log-2012-08-19 (16-21-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428449
Time elapsed: 1 hour(s), 35 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




mini toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Bill (administrator) on 19-08-2012 at 18:14:20
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter = Wireless Network Connection (Connected)
Atheros AR8121/AR8113 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : websites_pc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter

Physical Address. . . . . . . . . : 00-1E-2A-B1-95-1C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.67

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 19 August 2012 16:19:47

Lease Expires . . . . . . . . . . : 20 August 2012 16:19:47



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR8121/AR8113 PCI-E Ethernet Controller

Physical Address. . . . . . . . . : 00-22-15-35-06-C5

Server: speedtouch.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.169, 173.194.34.174, 173.194.34.160, 173.194.34.161
173.194.34.162, 173.194.34.163, 173.194.34.164, 173.194.34.165, 173.194.34.166
173.194.34.167, 173.194.34.168



Pinging google.com [173.194.34.169] with 32 bytes of data:



Reply from 173.194.34.169: bytes=32 time=28ms TTL=57

Reply from 173.194.34.169: bytes=32 time=27ms TTL=57



Ping statistics for 173.194.34.169:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server: speedtouch.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=147ms TTL=53

Reply from 98.139.183.24: bytes=32 time=149ms TTL=52



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 147ms, Maximum = 149ms, Average = 148ms

Server: speedtouch.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 2a b1 95 1c ...... NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter
0x10004 ...00 22 15 35 06 c5 ...... Atheros AR8121/AR8113 PCI-E Ethernet Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.67 192.168.1.67 30
192.168.1.0 255.255.255.0 192.168.1.67 192.168.1.67 25
192.168.1.67 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.67 192.168.1.67 25
224.0.0.0 240.0.0.0 192.168.1.67 192.168.1.67 25
255.255.255.255 255.255.255.255 192.168.1.67 10004 1
255.255.255.255 255.255.255.255 192.168.1.67 192.168.1.67 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/18/2012 06:29:03 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (08/18/2012 01:58:01 PM) (Source: Application Hang) (User: )
Description: Hanging application Ad-Aware.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 00:46:26 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: DNS lookup failure trying to resolve the following addresses: server2.%%3

Error: (08/15/2012 09:32:08 PM) (Source: nview_info) (User: )
Description: NVIEW : iexplore: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (08/15/2012 06:09:37 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess in File: C:\WINDOWS\Installer\{7eedad49-9306-21c7-4941-d35824d2779b}\U\80000000.$ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus) (User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus) (User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus) (User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\DefWatch.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus) (User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus) (User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58


System errors:
=============
Error: (08/19/2012 03:56:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/19/2012 03:56:47 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate1c9b214d6b16f94) service failed to start due to the following error:
%%1053

Error: (08/19/2012 03:56:47 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9b214d6b16f94) service to connect.

Error: (08/19/2012 11:58:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/19/2012 11:58:32 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate1c9b214d6b16f94) service failed to start due to the following error:
%%1053

Error: (08/19/2012 11:58:32 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9b214d6b16f94) service to connect.

Error: (08/18/2012 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/18/2012 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate1c9b214d6b16f94) service failed to start due to the following error:
%%1053

Error: (08/18/2012 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9b214d6b16f94) service to connect.

Error: (08/18/2012 02:03:47 PM) (Source: Service Control Manager) (User: )
Description: The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (08/18/2012 06:29:03 PM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (08/18/2012 01:58:01 PM) (Source: Application Hang)(User: )
Description: Ad-Aware.exe9.0.0.0hungapp0.0.0.000000000

Error: (08/18/2012 00:46:26 PM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description: server2

Error: (08/15/2012 09:32:08 PM) (Source: nview_info)(User: )
Description: NVIEW : iexplore: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (08/15/2012 06:09:37 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess in File: C:\WINDOWS\Installer\{7eedad49-9306-21c7-4941-d35824d2779b}\U\80000000.$ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus)(User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus)(User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus)(User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\DefWatch.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus)(User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58

Error: (08/15/2012 02:16:58 PM) (Source: Symantec AntiVirus)(User: WEBSITES_PC)WEBSITES_PC
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Bill\Local Settings\Temp\~!#1F1.tmp (PID 4760)
Time: 15 August 2012 14:16:58


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.5.0)
Ad-Aware (Version: 9.6.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader 9.1 (Version: 9.1.0)
Advertising Center (Version: 0.0.0.2)
AI Suite (Version: 1.04.10)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Software Suite (Version: 1.0)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Bonjour (Version: 1.0.104)
Canon iP5200
CCleaner
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Core FTP LE 2.1
ESET Online Scanner v3
FileZilla Client 3.3.4.1 (Version: 3.3.4.1)
Free Easy Burner V 4.4.1 (Version: 4.4.1.0)
Google Chrome (Version: 21.0.1180.79)
Google Earth Plug-in (Version: 5.1.3509.4636)
Google Gears (Version: 0.4.24.0)
Google Update Helper (Version: 1.2.183.7)
HijackThis 1.99.1 (Version: 1.99.1)
IIS 6.0 Resource Kit Tools (Version: 6.00.0000)
IIS6 Manager (Version: 0)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 7 (Version: 1.6.0.70)
Karen's Replicator (Version: 3.6.0.5)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
LimeWire 5.5.14 (Version: 5.5.14)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.85)
Macromedia HomeSite 5
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft DirectX SDK (June 2008)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS) (Version: 9.2.3042.00)
Microsoft SQL Server 2005 Tools (Version: 9.2.3042.00)
Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Database Publishing Wizard 1.3 (Version: 10.0.1600.22)
Microsoft SQL Server Management Studio Express (Version: 9.00.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual Web Developer 2008 Express Edition - ENU
Microsoft Visual Web Developer 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022)
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero 9 Lite
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.31.100)
neroxml (Version: 1.0.0)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.00.0000)
NVIDIA Drivers
OpenOffice.org 2.4 (Version: 2.4.9310)
Opera 11.52 (Version: 11.52)
PC Connectivity Solution (Version: 9.44.0.3)
PHOTOfunSTUDIO HD Edition (Version: 3.00.126)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Safari (Version: 3.525.21.0)
Skype™ 5.5 (Version: 5.5.124)
Sophos AutoUpdate (Version: 2.2.5)
Sophos Remote Management System (Version: 3.0.4)
Symantec AntiVirus (Version: 10.1.9000.9)
TeamViewer 7 (Version: 7.0.12979)
TopStyle Lite (Version 2)
TopStyle Lite (Version 3)
TortoiseSVN 1.5.5.14361 (32 bit) (Version: 1.5.14361)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 4.5 SDK (Version: 4.5.6001.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3326.97 MB
Available physical RAM: 1960.03 MB
Total Pagefile: 5211.04 MB
Available Pagefile: 4355.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.17 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:794.76 GB) NTFS

========================= Users: ========================================

User accounts for \\WEBSITES_PC

Administrator ASPNET Bill
Guest HelpAssistant IUSR_WEBSITES_PC
IWAM_WEBSITES_PC SophosSAUWEBSITES_P0 SUPPORT_388945a0


**** End of log ****




FSS


Farbar Service Scanner Version: 06-08-2012
Ran by Bill (administrator) on 19-08-2012 at 18:15:15
Running from "C:\Documents and Settings\Bill\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****




Just about to run adware cleaner will post imminently

#8 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 12:35 PM

OK adwcleaner closed a load of programs then crashed itself? Is it definitely right to hit 'delete' on that program?

#9 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 12:36 PM

when I ran search I got this:

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 18:35:32
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bill - WEBSITES_PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bill\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Bill\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Bill\Local Settings\Application Data\AskToolbar
Folder Found : C:\DOCUME~1\Bill\LOCALS~1\Temp\AskSearch
Folder Found : C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\1qq8xspf.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\FCTB000061107
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\1qq8xspf.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Found : "description": "The fastest way to search the web.",

-\\ Opera v11.52.1100.0

File : C:\Documents and Settings\Bill\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [306 octets] - [19/08/2012 18:15:56]
AdwCleaner[S2].txt - [306 octets] - [19/08/2012 18:17:49]
AdwCleaner[R1].txt - [4735 octets] - [19/08/2012 18:35:32]

########## EOF - C:\AdwCleaner[R1].txt - [4863 octets] ##########

#10 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 12:37 PM

should i press delete on it again?

thank you! Cant believe I nearly have a clean PC!

#11 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 01:12 PM

Ah OK I ran it by pressing delete and it ran properly this time, rebooted & here is the log




# AdwCleaner v1.801 - Logfile created 08/19/2012 at 19:04:15
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bill - WEBSITES_PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bill\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Bill\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Bill\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\DOCUME~1\Bill\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\1qq8xspf.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\FCTB000061107
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\1qq8xspf.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Deleted : "description": "The fastest way to search the web.",

-\\ Opera v11.52.1100.0

File : C:\Documents and Settings\Bill\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [306 octets] - [19/08/2012 18:15:56]
AdwCleaner[S2].txt - [306 octets] - [19/08/2012 18:17:49]
AdwCleaner[R1].txt - [4864 octets] - [19/08/2012 18:35:32]
AdwCleaner[S3].txt - [4879 octets] - [19/08/2012 19:04:15]

########## EOF - C:\AdwCleaner[S3].txt - [5007 octets] ##########

#12 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 August 2012 - 02:32 PM

May I ask, I have an external hard drive I use for backups, which was plugged in at the time of the attack

Do you think I need to worry about scanning them with any of the above programs? It has been scanned with MBAM and come up clean

Thanks

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:05 AM

Posted 19 August 2012 - 10:08 PM

That should be ok

Download

Sharedaccess
wscsvc

Launch them,click YES

Restart the PC ,post the new FSS log

Any current issues?

#14 -clare-

-clare-
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 20 August 2012 - 08:02 AM

Thank you! No current issues

New FFS log:



Farbar Service Scanner Version: 06-08-2012
Ran by Bill (administrator) on 20-08-2012 at 14:00:32
Running from "C:\Documents and Settings\Bill\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:05 AM

Posted 20 August 2012 - 08:10 AM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users