Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Flash Player Installer Malware


  • Please log in to reply
11 replies to this topic

#1 coramardnab

coramardnab

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 August 2012 - 12:22 PM

Hullo, first time poster. I read a topic in this forum just last month where someone was able to fix the exact brand of nasty I've encountered... but as I have a different machine possibly at different stages, I don't dare try to follow the exact same instructions. I have a glimmer of hope now, however, that someone here can help me.

Please let me know if I've left out information you need.

OS: Windows XP

DATE OF INFECTION: I've only just encountered symptoms today (August 20th), though I don't know if I may have actually been infected at an earlier date.

SYMPTOMS: Every ten to twenty minutes, "Adobe Flash Player Installer" pops up, with loading bar. If bar manages to fill, an autorun installer screen for adobe launches. Only other current symptom is a google search redirect. Everything else appears to be functioning at this point. However, for fear of bumbling into a stickier situation, I'm posting on my laptop (desktop is the infected machine).

I'm currently running Malwarebytes Anti-Malware, but so far nothing has been detected, and I'm guessing this won't be enough anyway.

I'm sure the vast majority of people posting here are in similar states of panic... but still, know how much any help I receive will be immensely appreciated, particularly as I'm starting grad school in two weeks, and having my desktop out of working order is pretty much the top of my nightmare list right now.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:24 PM

Posted 20 August 2012 - 12:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 August 2012 - 12:52 PM

Well, to start, MBAM found more than I expected to... upon restarting I (so far) no longer have symptoms. Still following instructions obviously to see if there is more I should be concerned about.

When the aswMBR program first opened, I received an error message that disappeared too quickly for me to document. However, a very similar-looking message appeared at the end of downloading Avast! virus definitions, which is as follows:

"aswMBR.exe - Entry Point Not Found
The procedure entry point aswscnGetVirusID could not be located in the dynamic link library aswScan.dll."

After hitting OK, however, things appear to proceed normally.

Currently scanning with aswMBR.

In the meantime, here is the TDSSKiller log:

13:34:48.0656 3184 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
13:34:48.0953 3184 ============================================================
13:34:48.0953 3184 Current date / time: 2012/08/20 13:34:48.0953
13:34:48.0953 3184 SystemInfo:
13:34:48.0953 3184
13:34:48.0953 3184 OS Version: 5.1.2600 ServicePack: 3.0
13:34:48.0953 3184 Product type: Workstation
13:34:48.0953 3184 ComputerName: USER-C9B8A45F34
13:34:48.0953 3184 UserName: Owner
13:34:48.0953 3184 Windows directory: C:\WINDOWS
13:34:48.0953 3184 System windows directory: C:\WINDOWS
13:34:48.0953 3184 Processor architecture: Intel x86
13:34:48.0953 3184 Number of processors: 2
13:34:48.0953 3184 Page size: 0x1000
13:34:48.0953 3184 Boot type: Normal boot
13:34:48.0953 3184 ============================================================
13:34:50.0531 3184 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:50.0546 3184 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:50.0546 3184 ============================================================
13:34:50.0546 3184 \Device\Harddisk0\DR0:
13:34:50.0546 3184 MBR partitions:
13:34:50.0546 3184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
13:34:50.0546 3184 \Device\Harddisk1\DR1:
13:34:50.0546 3184 MBR partitions:
13:34:50.0546 3184 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
13:34:50.0546 3184 ============================================================
13:34:50.0578 3184 C: <-> \Device\Harddisk1\DR1\Partition1
13:34:50.0625 3184 E: <-> \Device\Harddisk0\DR0\Partition1
13:34:50.0625 3184 ============================================================
13:34:50.0625 3184 Initialize success
13:34:50.0625 3184 ============================================================
13:35:09.0968 3820 ============================================================
13:35:09.0968 3820 Scan started
13:35:09.0968 3820 Mode: Manual; TDLFS;
13:35:09.0968 3820 ============================================================
13:35:10.0453 3820 ================ Scan system memory ========================
13:35:10.0453 3820 System memory - ok
13:35:10.0453 3820 ================ Scan services =============================
13:35:10.0640 3820 [ 467F062F76E07512ECC1F5F60AAB2988 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
13:35:10.0640 3820 Aavmker4 - ok
13:35:10.0640 3820 Abiosdsk - ok
13:35:10.0640 3820 abp480n5 - ok
13:35:10.0703 3820 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:10.0703 3820 ACPI - ok
13:35:10.0734 3820 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:10.0734 3820 ACPIEC - ok
13:35:10.0734 3820 adpu160m - ok
13:35:10.0750 3820 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:35:10.0750 3820 aec - ok
13:35:10.0781 3820 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:35:10.0781 3820 AegisP - ok
13:35:10.0812 3820 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:35:10.0812 3820 AFD - ok
13:35:10.0812 3820 Aha154x - ok
13:35:10.0812 3820 aic78u2 - ok
13:35:10.0812 3820 aic78xx - ok
13:35:10.0875 3820 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:35:10.0875 3820 Alerter - ok
13:35:10.0906 3820 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:35:10.0906 3820 ALG - ok
13:35:10.0906 3820 AliIde - ok
13:35:10.0906 3820 amsint - ok
13:35:10.0906 3820 AppMgmt - ok
13:35:10.0906 3820 asc - ok
13:35:10.0906 3820 asc3350p - ok
13:35:10.0906 3820 asc3550 - ok
13:35:11.0000 3820 [ 0AD63526F1D224B63A60D240064FDF24 ] ASKService C:\Program Files\AskBarDis\bar\bin\AskService.exe
13:35:11.0015 3820 ASKService - ok
13:35:11.0031 3820 [ A7ACF110739929DBC6C7651F95FCB42C ] ASKUpgrade C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
13:35:11.0031 3820 ASKUpgrade - ok
13:35:11.0140 3820 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:35:11.0140 3820 aspnet_state - ok
13:35:11.0187 3820 [ 0C0B08847F2F24BAA7BD43D8F2C6C8B0 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:35:11.0187 3820 aswFsBlk - ok
13:35:11.0234 3820 [ AA504FA592C9ED79174CB06B8AE340AA ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
13:35:11.0234 3820 aswMon2 - ok
13:35:11.0296 3820 [ F385FFD39165453FDA96736AA3EDFD9D ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
13:35:11.0296 3820 aswRdr - ok
13:35:11.0312 3820 [ 45ADEA26BF613A54FED64ECDD12E58A7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
13:35:11.0312 3820 aswSP - ok
13:35:11.0390 3820 [ C4EE975C87176F1900662D2874233C7F ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
13:35:11.0390 3820 aswTdi - ok
13:35:11.0437 3820 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:11.0437 3820 AsyncMac - ok
13:35:11.0437 3820 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:11.0453 3820 atapi - ok
13:35:11.0453 3820 Atdisk - ok
13:35:11.0453 3820 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:11.0453 3820 Atmarpc - ok
13:35:11.0515 3820 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:35:11.0515 3820 AudioSrv - ok
13:35:11.0546 3820 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:11.0546 3820 audstub - ok
13:35:11.0640 3820 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:35:11.0640 3820 avast! Antivirus - ok
13:35:11.0640 3820 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:35:11.0640 3820 avast! Mail Scanner - ok
13:35:11.0640 3820 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:35:11.0640 3820 avast! Web Scanner - ok
13:35:11.0671 3820 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
13:35:11.0671 3820 BANTExt - ok
13:35:11.0671 3820 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:35:11.0671 3820 Beep - ok
13:35:11.0718 3820 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:35:11.0718 3820 Bonjour Service - ok
13:35:11.0781 3820 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:35:11.0781 3820 Browser - ok
13:35:11.0781 3820 catchme - ok
13:35:11.0796 3820 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:11.0796 3820 cbidf2k - ok
13:35:11.0796 3820 cd20xrnt - ok
13:35:11.0828 3820 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:11.0828 3820 Cdaudio - ok
13:35:11.0890 3820 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:11.0890 3820 Cdfs - ok
13:35:11.0890 3820 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:11.0890 3820 Cdrom - ok
13:35:11.0890 3820 Changer - ok
13:35:11.0953 3820 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:35:11.0953 3820 CiSvc - ok
13:35:12.0015 3820 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:35:12.0015 3820 ClipSrv - ok
13:35:12.0046 3820 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:35:12.0046 3820 clr_optimization_v2.0.50727_32 - ok
13:35:12.0046 3820 CmdIde - ok
13:35:12.0046 3820 COMSysApp - ok
13:35:12.0046 3820 Cpqarray - ok
13:35:12.0093 3820 [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
13:35:12.0093 3820 cpuz135 - ok
13:35:12.0156 3820 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:35:12.0156 3820 CryptSvc - ok
13:35:12.0156 3820 dac2w2k - ok
13:35:12.0156 3820 dac960nt - ok
13:35:12.0218 3820 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:35:12.0281 3820 DcomLaunch - ok
13:35:12.0312 3820 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:35:12.0328 3820 Dhcp - ok
13:35:12.0375 3820 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:12.0375 3820 Disk - ok
13:35:12.0375 3820 dmadmin - ok
13:35:12.0453 3820 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:35:12.0468 3820 dmboot - ok
13:35:12.0500 3820 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:35:12.0515 3820 dmio - ok
13:35:12.0546 3820 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:35:12.0546 3820 dmload - ok
13:35:12.0609 3820 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:35:12.0609 3820 dmserver - ok
13:35:12.0625 3820 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:35:12.0625 3820 DMusic - ok
13:35:12.0656 3820 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:35:12.0656 3820 Dnscache - ok
13:35:12.0671 3820 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:35:12.0671 3820 Dot3svc - ok
13:35:12.0671 3820 dpti2o - ok
13:35:12.0734 3820 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:12.0734 3820 drmkaud - ok
13:35:12.0765 3820 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:35:12.0765 3820 EapHost - ok
13:35:12.0796 3820 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
13:35:12.0796 3820 EAPPkt - ok
13:35:12.0843 3820 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:35:12.0843 3820 ERSvc - ok
13:35:12.0906 3820 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:35:12.0906 3820 Eventlog - ok
13:35:12.0968 3820 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:35:12.0968 3820 EventSystem - ok
13:35:12.0984 3820 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:12.0984 3820 Fastfat - ok
13:35:13.0046 3820 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:35:13.0062 3820 FastUserSwitchingCompatibility - ok
13:35:13.0093 3820 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:13.0093 3820 Fdc - ok
13:35:13.0140 3820 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:35:13.0140 3820 Fips - ok
13:35:13.0156 3820 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:35:13.0156 3820 Flpydisk - ok
13:35:13.0218 3820 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:35:13.0218 3820 FltMgr - ok
13:35:13.0296 3820 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:35:13.0296 3820 FontCache3.0.0.0 - ok
13:35:13.0328 3820 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:13.0328 3820 Fs_Rec - ok
13:35:13.0328 3820 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:13.0328 3820 Ftdisk - ok
13:35:13.0343 3820 [ DF6E37B27A9A1A498C6D9F29995B7A03 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:35:13.0343 3820 GEARAspiWDM - ok
13:35:13.0375 3820 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:13.0375 3820 Gpc - ok
13:35:13.0421 3820 [ 2796390792DF6BBEF04EE07454042114 ] HdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
13:35:13.0437 3820 HdAudAddService - ok
13:35:13.0484 3820 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:35:13.0484 3820 HDAudBus - ok
13:35:13.0578 3820 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:35:13.0578 3820 helpsvc - ok
13:35:13.0640 3820 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:35:13.0640 3820 HidServ - ok
13:35:13.0640 3820 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:13.0640 3820 hidusb - ok
13:35:13.0687 3820 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:35:13.0687 3820 hkmsvc - ok
13:35:13.0687 3820 hpn - ok
13:35:13.0750 3820 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:13.0750 3820 HTTP - ok
13:35:13.0812 3820 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:35:13.0812 3820 HTTPFilter - ok
13:35:13.0812 3820 i2omgmt - ok
13:35:13.0812 3820 i2omp - ok
13:35:13.0828 3820 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:13.0828 3820 i8042prt - ok
13:35:13.0890 3820 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:35:13.0906 3820 idsvc - ok
13:35:13.0906 3820 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:13.0906 3820 Imapi - ok
13:35:14.0000 3820 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:35:14.0000 3820 ImapiService - ok
13:35:14.0000 3820 ini910u - ok
13:35:14.0000 3820 IntelIde - ok
13:35:14.0031 3820 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:35:14.0031 3820 intelppm - ok
13:35:14.0062 3820 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:35:14.0062 3820 Ip6Fw - ok
13:35:14.0093 3820 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:14.0109 3820 IpFilterDriver - ok
13:35:14.0109 3820 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:14.0109 3820 IpInIp - ok
13:35:14.0187 3820 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:14.0187 3820 IpNat - ok
13:35:14.0234 3820 [ 5C7538B244E439DF39388DA28E0A18D1 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:35:14.0250 3820 iPod Service - ok
13:35:14.0296 3820 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:14.0296 3820 IPSec - ok
13:35:14.0312 3820 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:14.0312 3820 IRENUM - ok
13:35:14.0343 3820 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:14.0343 3820 isapnp - ok
13:35:14.0390 3820 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:35:14.0390 3820 JavaQuickStarterService - ok
13:35:14.0453 3820 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:14.0453 3820 Kbdclass - ok
13:35:14.0468 3820 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:35:14.0468 3820 kmixer - ok
13:35:14.0500 3820 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:14.0500 3820 KSecDD - ok
13:35:14.0531 3820 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:35:14.0531 3820 lanmanserver - ok
13:35:14.0593 3820 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:35:14.0609 3820 lanmanworkstation - ok
13:35:14.0609 3820 lbrtfdc - ok
13:35:14.0625 3820 [ A1043645D16915DF12A6F2E049922A18 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
13:35:14.0625 3820 LexBceS - ok
13:35:14.0718 3820 [ 89BFFB6A09652DA7D019A387354D0D19 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:35:14.0765 3820 LiveUpdate - ok
13:35:14.0828 3820 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:35:14.0828 3820 LmHosts - ok
13:35:14.0953 3820 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
13:35:14.0953 3820 McComponentHostService - ok
13:35:15.0000 3820 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:35:15.0000 3820 Messenger - ok
13:35:15.0046 3820 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:15.0046 3820 mnmdd - ok
13:35:15.0093 3820 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:35:15.0093 3820 mnmsrvc - ok
13:35:15.0140 3820 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:35:15.0140 3820 Modem - ok
13:35:15.0171 3820 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:15.0187 3820 Mouclass - ok
13:35:15.0203 3820 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:15.0218 3820 mouhid - ok
13:35:15.0250 3820 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:15.0250 3820 MountMgr - ok
13:35:15.0312 3820 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:35:15.0312 3820 MozillaMaintenance - ok
13:35:15.0312 3820 mraid35x - ok
13:35:15.0328 3820 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:15.0328 3820 MRxDAV - ok
13:35:15.0390 3820 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:35:15.0390 3820 MRxSmb - ok
13:35:15.0453 3820 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:35:15.0453 3820 MSDTC - ok
13:35:15.0468 3820 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:35:15.0468 3820 Msfs - ok
13:35:15.0468 3820 MSIServer - ok
13:35:15.0531 3820 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:15.0531 3820 MSKSSRV - ok
13:35:15.0531 3820 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:15.0531 3820 MSPCLOCK - ok
13:35:15.0546 3820 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:15.0546 3820 MSPQM - ok
13:35:15.0562 3820 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:15.0562 3820 mssmbios - ok
13:35:15.0578 3820 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:35:15.0578 3820 Mup - ok
13:35:15.0640 3820 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:35:15.0640 3820 napagent - ok
13:35:15.0671 3820 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:35:15.0671 3820 NDIS - ok
13:35:15.0718 3820 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:15.0718 3820 NdisTapi - ok
13:35:15.0734 3820 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:15.0734 3820 Ndisuio - ok
13:35:15.0734 3820 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:15.0734 3820 NdisWan - ok
13:35:15.0765 3820 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:15.0765 3820 NDProxy - ok
13:35:15.0796 3820 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:35:15.0796 3820 NetBIOS - ok
13:35:15.0828 3820 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:15.0828 3820 NetBT - ok
13:35:15.0937 3820 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:35:15.0937 3820 NetDDE - ok
13:35:15.0937 3820 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:35:15.0937 3820 NetDDEdsdm - ok
13:35:15.0968 3820 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:35:15.0968 3820 Netlogon - ok
13:35:16.0031 3820 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:35:16.0031 3820 Netman - ok
13:35:16.0062 3820 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:35:16.0062 3820 NetTcpPortSharing - ok
13:35:16.0093 3820 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:35:16.0093 3820 Nla - ok
13:35:16.0156 3820 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:35:16.0156 3820 Npfs - ok
13:35:16.0171 3820 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:16.0187 3820 Ntfs - ok
13:35:16.0187 3820 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:35:16.0187 3820 NtLmSsp - ok
13:35:16.0281 3820 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:35:16.0281 3820 NtmsSvc - ok
13:35:16.0328 3820 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
13:35:16.0328 3820 NuidFltr - ok
13:35:16.0343 3820 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:35:16.0343 3820 Null - ok
13:35:16.0625 3820 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:35:16.0843 3820 nv - ok
13:35:16.0890 3820 [ 0258D664F93B4B01DDD621B8C084F322 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:35:16.0890 3820 NVENETFD - ok
13:35:16.0921 3820 [ 56EC9207906435EF1BF02F5C68E3FFEC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:35:16.0921 3820 nvnetbus - ok
13:35:16.0968 3820 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:35:16.0968 3820 NVSvc - ok
13:35:17.0062 3820 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:35:17.0109 3820 nvUpdatusService - ok
13:35:17.0140 3820 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:17.0140 3820 NwlnkFlt - ok
13:35:17.0140 3820 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:17.0140 3820 NwlnkFwd - ok
13:35:17.0250 3820 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:35:17.0250 3820 odserv - ok
13:35:17.0328 3820 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:35:17.0328 3820 ose - ok
13:35:17.0390 3820 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:35:17.0390 3820 Parport - ok
13:35:17.0390 3820 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:17.0390 3820 PartMgr - ok
13:35:17.0421 3820 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:17.0421 3820 ParVdm - ok
13:35:17.0437 3820 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:17.0437 3820 PCI - ok
13:35:17.0453 3820 PCIDump - ok
13:35:17.0453 3820 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:35:17.0453 3820 PCIIde - ok
13:35:17.0531 3820 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:17.0531 3820 Pcmcia - ok
13:35:17.0531 3820 PDCOMP - ok
13:35:17.0531 3820 PDFRAME - ok
13:35:17.0531 3820 PDRELI - ok
13:35:17.0546 3820 PDRFRAME - ok
13:35:17.0546 3820 perc2 - ok
13:35:17.0546 3820 perc2hib - ok
13:35:17.0578 3820 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:35:17.0578 3820 PlugPlay - ok
13:35:17.0593 3820 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:35:17.0593 3820 PolicyAgent - ok
13:35:17.0656 3820 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:17.0656 3820 PptpMiniport - ok
13:35:17.0656 3820 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:35:17.0656 3820 ProtectedStorage - ok
13:35:17.0656 3820 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:35:17.0656 3820 PSched - ok
13:35:17.0687 3820 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:17.0687 3820 Ptilink - ok
13:35:17.0718 3820 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:35:17.0718 3820 PxHelp20 - ok
13:35:17.0718 3820 ql1080 - ok
13:35:17.0718 3820 Ql10wnt - ok
13:35:17.0718 3820 ql12160 - ok
13:35:17.0718 3820 ql1240 - ok
13:35:17.0718 3820 ql1280 - ok
13:35:17.0734 3820 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:17.0734 3820 RasAcd - ok
13:35:17.0796 3820 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:35:17.0796 3820 RasAuto - ok
13:35:17.0812 3820 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:17.0812 3820 Rasl2tp - ok
13:35:17.0859 3820 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:35:17.0859 3820 RasMan - ok
13:35:17.0875 3820 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:17.0875 3820 RasPppoe - ok
13:35:17.0875 3820 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:17.0875 3820 Raspti - ok
13:35:17.0937 3820 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:35:17.0937 3820 Rdbss - ok
13:35:17.0937 3820 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:17.0937 3820 RDPCDD - ok
13:35:18.0015 3820 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:35:18.0015 3820 RDPWD - ok
13:35:18.0062 3820 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:35:18.0078 3820 RDSessMgr - ok
13:35:18.0078 3820 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:35:18.0078 3820 redbook - ok
13:35:18.0140 3820 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:35:18.0140 3820 RemoteAccess - ok
13:35:18.0187 3820 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:35:18.0187 3820 RpcLocator - ok
13:35:18.0218 3820 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:35:18.0218 3820 RpcSs - ok
13:35:18.0250 3820 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:35:18.0250 3820 RSVP - ok
13:35:18.0296 3820 [ 4A6E7CD1AAFDD88A6DF6348E277951C2 ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
13:35:18.0296 3820 rtl8185 - ok
13:35:18.0328 3820 [ B29EEB1EA7971BD83069EB2E2258D224 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:35:18.0359 3820 RTL8192su - ok
13:35:18.0359 3820 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:35:18.0359 3820 SamSs - ok
13:35:18.0390 3820 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:35:18.0390 3820 SCardSvr - ok
13:35:18.0437 3820 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:35:18.0437 3820 Schedule - ok
13:35:18.0500 3820 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:35:18.0500 3820 Secdrv - ok
13:35:18.0531 3820 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:35:18.0531 3820 seclogon - ok
13:35:18.0562 3820 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:35:18.0562 3820 SENS - ok
13:35:18.0625 3820 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:35:18.0625 3820 serenum - ok
13:35:18.0640 3820 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:35:18.0640 3820 Serial - ok
13:35:18.0640 3820 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:35:18.0640 3820 Sfloppy - ok
13:35:18.0656 3820 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:35:18.0656 3820 ShellHWDetection - ok
13:35:18.0656 3820 Simbad - ok
13:35:18.0656 3820 Sparrow - ok
13:35:18.0718 3820 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:35:18.0718 3820 splitter - ok
13:35:18.0765 3820 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:35:18.0781 3820 Spooler - ok
13:35:18.0781 3820 sptd - ok
13:35:18.0781 3820 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:35:18.0781 3820 sr - ok
13:35:18.0796 3820 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:35:18.0796 3820 srservice - ok
13:35:18.0843 3820 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:35:18.0843 3820 Srv - ok
13:35:18.0859 3820 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:35:18.0859 3820 SSDPSRV - ok
13:35:18.0921 3820 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:35:18.0937 3820 stisvc - ok
13:35:18.0968 3820 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:35:18.0968 3820 swenum - ok
13:35:19.0000 3820 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:35:19.0000 3820 swmidi - ok
13:35:19.0000 3820 SwPrv - ok
13:35:19.0000 3820 symc810 - ok
13:35:19.0000 3820 symc8xx - ok
13:35:19.0000 3820 sym_hi - ok
13:35:19.0000 3820 sym_u3 - ok
13:35:19.0046 3820 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:35:19.0046 3820 sysaudio - ok
13:35:19.0093 3820 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:35:19.0093 3820 SysmonLog - ok
13:35:19.0125 3820 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:35:19.0125 3820 TapiSrv - ok
13:35:19.0171 3820 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:35:19.0187 3820 Tcpip - ok
13:35:19.0234 3820 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:35:19.0234 3820 TDPIPE - ok
13:35:19.0250 3820 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:35:19.0265 3820 TDTCP - ok
13:35:19.0312 3820 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:35:19.0328 3820 TermDD - ok
13:35:19.0343 3820 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:35:19.0343 3820 TermService - ok
13:35:19.0359 3820 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:35:19.0359 3820 Themes - ok
13:35:19.0359 3820 TosIde - ok
13:35:19.0421 3820 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:35:19.0437 3820 TrkWks - ok
13:35:19.0437 3820 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:35:19.0437 3820 Udfs - ok
13:35:19.0437 3820 ultra - ok
13:35:19.0500 3820 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:35:19.0500 3820 Update - ok
13:35:19.0578 3820 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:35:19.0578 3820 upnphost - ok
13:35:19.0625 3820 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:35:19.0625 3820 UPS - ok
13:35:19.0640 3820 USBAAPL - ok
13:35:19.0687 3820 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:35:19.0687 3820 usbehci - ok
13:35:19.0734 3820 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:35:19.0734 3820 usbhub - ok
13:35:19.0796 3820 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:35:19.0796 3820 usbohci - ok
13:35:19.0796 3820 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:35:19.0812 3820 usbprint - ok
13:35:19.0812 3820 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:35:19.0812 3820 usbscan - ok
13:35:19.0843 3820 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:35:19.0843 3820 USBSTOR - ok
13:35:19.0875 3820 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:35:19.0875 3820 VgaSave - ok
13:35:19.0875 3820 ViaIde - ok
13:35:19.0937 3820 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
13:35:19.0937 3820 Viewpoint Manager Service - ok
13:35:19.0953 3820 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:35:19.0953 3820 VolSnap - ok
13:35:20.0015 3820 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:35:20.0015 3820 VSS - ok
13:35:20.0046 3820 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:35:20.0046 3820 W32Time - ok
13:35:20.0109 3820 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:35:20.0109 3820 Wanarp - ok
13:35:20.0140 3820 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:35:20.0140 3820 Wdf01000 - ok
13:35:20.0140 3820 WDICA - ok
13:35:20.0156 3820 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:35:20.0156 3820 wdmaud - ok
13:35:20.0187 3820 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:35:20.0187 3820 WebClient - ok
13:35:20.0312 3820 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:35:20.0312 3820 winmgmt - ok
13:35:20.0343 3820 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:35:20.0343 3820 WmdmPmSN - ok
13:35:20.0359 3820 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:35:20.0359 3820 WmiAcpi - ok
13:35:20.0421 3820 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:35:20.0437 3820 WmiApSrv - ok
13:35:20.0531 3820 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:35:20.0562 3820 WMPNetworkSvc - ok
13:35:20.0609 3820 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:35:20.0609 3820 WudfPf - ok
13:35:20.0625 3820 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:35:20.0625 3820 WudfRd - ok
13:35:20.0656 3820 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:35:20.0656 3820 WudfSvc - ok
13:35:20.0718 3820 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:35:20.0750 3820 WZCSVC - ok
13:35:20.0812 3820 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:35:20.0812 3820 xmlprov - ok
13:35:20.0812 3820 ================ Scan global ===============================
13:35:20.0875 3820 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:35:20.0921 3820 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:35:20.0937 3820 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:35:20.0953 3820 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:35:20.0953 3820 [Global] - ok
13:35:20.0953 3820 ================ Scan MBR ==================================
13:35:20.0953 3820 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:35:21.0000 3820 \Device\Harddisk0\DR0 - ok
13:35:21.0015 3820 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:35:21.0250 3820 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
13:35:21.0250 3820 \Device\Harddisk1\DR1 - detected TDSS File System (1)
13:35:21.0250 3820 ================ Scan VBR ==================================
13:35:21.0281 3820 [ FC67831947D9FECAEC86BAC31302BC9D ] \Device\Harddisk0\DR0\Partition1
13:35:21.0281 3820 \Device\Harddisk0\DR0\Partition1 - ok
13:35:21.0281 3820 [ FCABB82A42493564A32891DFDE24AC3A ] \Device\Harddisk1\DR1\Partition1
13:35:21.0281 3820 \Device\Harddisk1\DR1\Partition1 - ok
13:35:21.0281 3820 ============================================================
13:35:21.0281 3820 Scan finished
13:35:21.0281 3820 ============================================================
13:35:21.0281 3812 Detected object count: 1
13:35:21.0281 3812 Actual detected object count: 1
13:35:33.0578 3812 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
13:35:33.0578 3812 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

#4 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 August 2012 - 12:56 PM

aswMBR completed... moving on to ESET.

aswMBR log results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 13:38:16
-----------------------------
13:38:16.734 OS Version: Windows 5.1.2600 Service Pack 3
13:38:16.734 Number of processors: 2 586 0x1706
13:38:16.734 ComputerName: USER-C9B8A45F34 UserName: Owner
13:38:17.156 Initialize success
13:51:48.046 AVAST engine error: 2
13:51:58.250 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
13:51:58.250 Disk 0 Vendor: Maxtor_6L200P0 BAH41G10 Size: 194481MB BusType: 3
13:51:58.250 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-19
13:51:58.250 Disk 1 Vendor: WL80GSA872 05.06H05 Size: 76293MB BusType: 3
13:51:58.265 Disk 1 MBR read successfully
13:51:58.265 Disk 1 MBR scan
13:51:58.265 Disk 1 Windows XP default MBR code
13:51:58.265 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
13:51:58.265 Disk 1 scanning sectors +156232125
13:51:58.359 Disk 1 scanning C:\WINDOWS\system32\drivers
13:52:06.671 Service scanning
13:52:18.437 Modules scanning
13:52:24.015 Disk 1 trace - called modules:
13:52:24.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:52:24.031 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a15cab8]
13:52:24.031 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a258a00]
13:52:24.031 5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-19[0x8a16fd98]
13:52:24.031 Scan finished successfully
13:54:52.140 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
13:54:52.171 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:24 PM

Posted 20 August 2012 - 01:00 PM

13:51:48.046 AVAST engine error: 2

ASWMBR failed to update.Run it in safemode with networking if normal mode doesnt work

#6 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 August 2012 - 02:13 PM

I'll try the safemode with networking for ASWMBR... but I'm not sure if it will work. My previous version of Avast! was damaged earlier this spring by a bad infection. Got the machine fixed, but the damaged program could not be deleted by basic uninstallation or add/remove programs. Thus, the broken software remains on my computer. I hope this isn't what's interfering with the process now?

Again, I'll try the safemode first.

ESET results:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Program Files\SUPERAntiSpyware\SASCore.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\AskService.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\ViewpointService.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\3774683997.vir:2732851743.exe Win32/Sirefef.CT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\LEXBCES.EXE.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DG trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\LEXPPS.EXE Win32/Patched.HN trojan cleaned (after the next restart) - quarantined

#7 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 August 2012 - 02:31 PM

Same error in safe mode.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:24 PM

Posted 20 August 2012 - 09:02 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#9 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 21 August 2012 - 10:13 AM

MiniToolBox Results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 21-08-2012 at 11:11:29
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

iMicro 802.11b/g Wireless Adapter = Wireless Network Connection 4 (Disconnected)
Belkin Basic Wireless USB Adapter = Wireless Network Connection 5 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 5"

set address name="Wireless Network Connection 5" source=dhcp
set dns name="Wireless Network Connection 5" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 5" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-c9b8a45f34

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-1E-90-77-FD-F0



Ethernet adapter Wireless Network Connection 5:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Belkin Basic Wireless USB Adapter

Physical Address. . . . . . . . . : 94-44-52-13-13-21

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, August 21, 2012 11:09:47 AM

Lease Expires . . . . . . . . . . : Wednesday, August 22, 2012 11:09:47 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.99, 74.125.228.100, 74.125.228.101, 74.125.228.102
74.125.228.103, 74.125.228.104, 74.125.228.105, 74.125.228.110, 74.125.228.96
74.125.228.97, 74.125.228.98



Pinging google.com [74.125.228.71] with 32 bytes of data:



Reply from 74.125.228.71: bytes=32 time=61ms TTL=52

Reply from 74.125.228.71: bytes=32 time=42ms TTL=52



Ping statistics for 74.125.228.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 61ms, Average = 51ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=106ms TTL=48

Reply from 98.138.253.109: bytes=32 time=106ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 106ms, Average = 106ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 90 77 fd f0 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x10004 ...94 44 52 13 13 21 ...... Belkin Basic Wireless USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 30
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 30
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 30
255.255.255.255 255.255.255.255 192.168.1.2 2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2012 10:35:25 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 2.0.181.0, faulting module WebInfoScanner.dll, version 2.0.181.0, fault address 0x00021373.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (07/21/2012 03:01:51 PM) (Source: Application Hang) (User: )
Description: Hanging application gta_sa.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/19/2012 10:31:24 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 2.0.181.0, faulting module WebInfoScanner.dll, version 2.0.181.0, fault address 0x00021373.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (07/18/2012 06:46:24 PM) (Source: Application Hang) (User: )
Description: Hanging application gta_sa.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2012 00:53:15 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2012 10:38:41 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 2.0.181.0, faulting module WebInfoScanner.dll, version 2.0.181.0, fault address 0x00021373.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (06/27/2012 09:37:25 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module urlmon.dll, version 6.0.2900.6212, fault address 0x000040e6.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/21/2012 10:41:21 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 2.0.181.0, faulting module WebInfoScanner.dll, version 2.0.181.0, fault address 0x00021373.
Processing media-specific event for [McCHSvc.exe!ws!]

Error: (05/23/2012 08:08:50 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 12.0.0.4493, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 10:47:42 AM) (Source: Application Error) (User: )
Description: Faulting application McCHSvc.exe, version 2.0.181.0, faulting module WebInfoScanner.dll, version 2.0.181.0, fault address 0x00021373.
Processing media-specific event for [McCHSvc.exe!ws!]


System errors:
=============
Error: (08/21/2012 11:11:18 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/21/2012 11:11:18 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 03:31:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/20/2012 03:31:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 03:29:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2012 03:19:55 PM) (Source: DCOM) (User: USER-C9B8A45F34)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2012 03:19:55 PM) (Source: DCOM) (User: USER-C9B8A45F34)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2012 03:19:34 PM) (Source: DCOM) (User: USER-C9B8A45F34)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2012 03:18:51 PM) (Source: DCOM) (User: USER-C9B8A45F34)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2012 03:18:37 PM) (Source: DCOM) (User: USER-C9B8A45F34)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (12/08/2008 02:39:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 263546 seconds with 360 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

ABBYY FineReader 5.0 Sprint (Version: 5.0.482.3421)
AC3Filter (remove only)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.2 (Version: 9.2.0)
AIM 6
Baldur's Gate™ II - Shadows of Amn™
Battle.net
Belarc Advisor 8.2 (Version: 8.2.6.0)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4)
Bonjour (Version: 1.0.106)
Circus Rmpire (Version: 1.00)
CPUID CPU-Z 1.60
CreateInstall (Version: 2002.1.20)
Diablo
DivX Converter (Version: 6.6.1)
DivX Setup (Version: 2.4.0.6)
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
FaxTools (Version: 5.10)
FirstClass® Client (Version: 10.0 (build 10.009))
Google Chrome (Version: 21.0.1180.79)
Google Gmail Notifier
GTA San Andreas (Version: 1.00.00001)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
iMicro Wireless Adapter Driver and Utility (Version: Package:1.02.0007 Driver:5.1100.717.2007 UI:502.1491.725.2007)
iTunes (Version: 8.1.0.52)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
League of Legends (Version: 1.3)
Lexmark 1200 Series
Lexmark Z600 Series
LiveUpdate 3.0 (Symantec Corporation) (Version: 3.0.0.160)
Magic ISO Maker v5.5 (build 0273)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MuseScore 1.0 MuseScore score typesetter (Version: 1.0.0)
Nero PhotoShow Express (Version: 3.0)
Nero Suite
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Drivers
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Oblivion (Version: 1.00.0000)
On-line Help Console (Version: 2.0.0.2)
Origin (Version: 8.5.0.4550)
Pando Media Booster (Version: 2.6.0.8)
Platform (Version: 1.25)
QuickTime (Version: 7.60.92.0)
ResNet Registration Wizard 2.0
Sanitarium
Segoe UI (Version: 14.0.4327.805)
Skype web features (Version: 1.0.3971)
Skype™ 4.1 (Version: 4.1.179)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SYSTAT 12 (Version: 12.0.8)
SYSTAT 12 Manuals (Version: 1.0.0)
The KMPlayer (remove only)
The Sims™ 3 (Version: 1.36.45)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 High-End Loft Stuff (Version: 3.13.1)
The Sims™ 3 Late Night (Version: 6.5.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIA Platform Device Manager (Version: 1.25)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vuze Toolbar (Version: 4.1.0.5)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.541 )
Winamp Remote (Version: 2.2008.0508.1530)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Xvid 1.1.3 final uninstall (Version: 1.1)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 1791.17 MB
Available physical RAM: 1360.7 MB
Total Pagefile: 3689.35 MB
Available Pagefile: 3410.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:11.94 GB) NTFS
4 Drive e: () (Fixed) (Total:189.91 GB) (Free:75.49 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-C9B8A45F34

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0 UpdatusUser


**** End of log ****

#10 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 21 August 2012 - 10:19 AM

FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 21-08-2012 at 11:19:02
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2011-11-09 03:41] - [2010-06-22 22:29] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#11 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 21 August 2012 - 10:25 AM

adware cleaner log:


# AdwCleaner v1.801 - Logfile created 08/21/2012 at 11:20:54
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - USER-C9B8A45F34
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : AskService
Stopped & Deleted : AskUpgrade
Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\69k13f2a.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Deleted on reboot : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\AskSearch
Deleted on reboot : C:\Program Files\Viewpoint
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\69k13f2a.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\69k13f2a.default\user.js ... Deleted !

Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&g[...]
Deleted : user_pref("keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=");

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npViewpoint.dll",

*************************

AdwCleaner[S1].txt - [5799 octets] - [21/08/2012 11:20:54]

########## EOF - C:\AdwCleaner[S1].txt - [5927 octets] ##########

#12 coramardnab

coramardnab
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 21 August 2012 - 10:28 AM

Rkill log:

Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 11:27:07 AM in x86 mode.
Windows Version: Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\LEXPPS.EXE (PID: 1860) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 11:27:36 AM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users