Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Redirecting Searchers With Pop-Ups


  • Please log in to reply
18 replies to this topic

#1 Beauty

Beauty

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 22 August 2012 - 01:07 PM

Hello
Everytime I search something on any search engine andI click on a link it starts to load then i see the word Redirect and it sends me to some unknown search.And when i go directly to a website like aol or something i get a pop up of some type of ad. I ran my antivirus and it finds the problems and says its been deleted but the problem is still there.

Edited by Orange Blossom, 22 August 2012 - 01:38 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 22 August 2012 - 01:12 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 25 August 2012 - 12:38 AM

sorry i did not know you reply to the post. i have completed 2 of the 3 task and i will post what i have so far:
TDSSkiller

21:52:38.0296 2200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:52:39.0781 2200 ============================================================
21:52:39.0781 2200 Current date / time: 2012/08/24 21:52:39.0781
21:52:39.0781 2200 SystemInfo:
21:52:39.0781 2200
21:52:39.0781 2200 OS Version: 5.1.2600 ServicePack: 3.0
21:52:39.0781 2200 Product type: Workstation
21:52:39.0781 2200 ComputerName: HOME-A7DC498E6C
21:52:39.0781 2200 UserName: LaVi
21:52:39.0781 2200 Windows directory: C:\WINDOWS
21:52:39.0781 2200 System windows directory: C:\WINDOWS
21:52:39.0781 2200 Processor architecture: Intel x86
21:52:39.0781 2200 Number of processors: 2
21:52:39.0781 2200 Page size: 0x1000
21:52:39.0781 2200 Boot type: Normal boot
21:52:39.0781 2200 ============================================================
21:52:49.0875 2200 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:52:50.0062 2200 ============================================================
21:52:50.0062 2200 \Device\Harddisk0\DR0:
21:52:50.0125 2200 MBR partitions:
21:52:50.0140 2200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
21:52:50.0140 2200 ============================================================
21:52:50.0875 2200 C: <-> \Device\Harddisk0\DR0\Partition1
21:52:50.0875 2200 ============================================================
21:52:50.0875 2200 Initialize success
21:52:50.0875 2200 ============================================================

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 22:44:21
-----------------------------
22:44:21.765 OS Version: Windows 5.1.2600 Service Pack 3
22:44:21.765 Number of processors: 2 586 0xF0D
22:44:21.765 ComputerName: HOME-A7DC498E6C UserName: LaVi
22:44:25.734 Initialize success
23:27:45.515 AVAST engine defs: 12082402
23:27:57.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:27:57.109 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7KP Size: 76319MB BusType: 3
23:27:57.390 Disk 0 MBR read successfully
23:27:57.500 Disk 0 MBR scan
23:27:58.312 Disk 0 Windows XP default MBR code
23:27:58.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
23:27:58.734 Disk 0 scanning sectors +156296385
23:28:00.984 Disk 0 scanning C:\WINDOWS\system32\drivers
23:29:11.671 Service scanning
23:29:43.296 Service FsFilter c:\documents and settings\lavi\application data\adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
23:30:27.093 Service SPService C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL **INFECTED** Win32:Kryptik-JQW [Trj]
23:30:47.140 Modules scanning
23:31:36.171 Disk 0 trace - called modules:
23:31:36.187
23:31:40.671 AVAST engine scan C:\WINDOWS
23:32:25.187 AVAST engine scan C:\WINDOWS\system32
23:32:32.484 File: C:\WINDOWS\system32\acprfmgrsvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:32:32.546 File: C:\WINDOWS\system32\acrotray.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:32:54.875 File: C:\WINDOWS\system32\avg7rsw.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:35:18.859 File: C:\WINDOWS\system32\Epfwndis.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:35:28.281 File: C:\WINDOWS\system32\fasttx2k.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:35:52.484 File: C:\WINDOWS\system32\flashcom.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:36:05.281 File: C:\WINDOWS\system32\Gernuwa.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:38:20.765 File: C:\WINDOWS\system32\M3AD.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:40:31.203 File: C:\WINDOWS\system32\nalntservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:41:26.265 File: C:\WINDOWS\system32\pdlndoem.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:41:30.984 File: C:\WINDOWS\system32\PNDIS5.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:42:30.187 File: C:\WINDOWS\system32\rtl8029.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:43:00.000 File: C:\WINDOWS\system32\softfax.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:43:48.562 File: C:\WINDOWS\system32\usbbus.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:45:56.750 File: C:\WINDOWS\system32\x10nets.dll **INFECTED** Win32:Sirefef-SM [Trj]
23:52:00.000 AVAST engine scan C:\WINDOWS\system32\drivers
23:53:19.656 AVAST engine scan C:\Documents and Settings\LaVi
23:53:26.515 File: C:\Documents and Settings\LaVi\Application Data\Adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
23:53:26.734 File: C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL **INFECTED** Win32:Kryptik-JQW [Trj]
00:02:11.281 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\n **INFECTED** Win32:Sirefef-AIG [Trj]
00:02:11.437 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
00:02:11.578 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
00:02:44.343 File: C:\Documents and Settings\LaVi\Local Settings\temp\0.0075491456926713996.htm **INFECTED** Win32:Malware-gen
00:03:44.578 File: C:\Documents and Settings\LaVi\Local Settings\temp\install_0_msi.exe **INFECTED** Win32:FakeAlert-CXE [Trj]
00:35:19.281 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
00:43:51.890 Scan finished successfully
01:31:27.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\MBR.dat"
01:31:27.937 The log file has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 25 August 2012 - 12:50 AM

TDSSkiller log is incomplete.I want you to run ASWMBR and post the new log after finishing with ESET scan

#5 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 25 August 2012 - 10:06 AM

Here is the last part:
ESET
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-4efa23de Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-167130c1 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-3828478c probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-3f96fb5e probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-47957a5e probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-5ed29e56 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-72755088 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-13ffaf38 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-1abaa01e a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-1d61411a a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-36094b31 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-53706546 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\43\78a7dab-7a578701 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Application Data\Sun\Java\Deployment\cache\6.0\44\3b21af6c-626d4e22 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\n a variant of Win32/Kryptik.AKOG trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Local Settings\temp\0.0075491456926713996.htm a variant of Win32/BHO.OEB trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Local Settings\temp\install_0_msi.exe a variant of Win32/Kryptik.AKQS trojan cleaned by deleting - quarantined
C:\Documents and Settings\LaVi\Local Settings\temp\NOD22C4.tmp a variant of Win32/Kryptik.AKOG trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Application Data\Sun\Java\Deployment\cache\6.0\27\227948db-5215d12f a variant of Win32/Kryptik.YXO trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Application Data\Sun\Java\Deployment\cache\6.0\32\3183cbe0-6e1411d0 a variant of Win32/Kryptik.YWV trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Application Data\Sun\Java\Deployment\cache\6.0\50\21a7b932-51633a48 Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\LW11R829\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\MTNJYB4R\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP223\A0387817.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP226\A0387842.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP226\A0387850.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP234\A0388850.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP234\A0388861.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP235\A0389861.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP236\A0390861.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP236\A0391861.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP236\A0392861.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP236\A0392871.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP236\A0393871.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP237\A0394871.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP237\A0395871.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP237\A0395881.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP237\A0396881.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP237\A0396891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP238\A0397891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP238\A0398891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP238\A0399891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0400891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0401891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0402891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0403891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0404891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP239\A0405891.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP240\A0405906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP240\A0406906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP240\A0407906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP240\A0408906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP241\A0409906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP241\A0410906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0411906.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0411917.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0412917.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0413917.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0413925.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0414925.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0414930.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0415930.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0415935.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0416935.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0417935.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0417969.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0417992.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418000.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418035.exe a variant of Win32/Kryptik.AJZF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418036.exe a variant of Win32/Delf.QSC trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418037.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418038.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418041.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0418045.DLL a variant of Win32/Kryptik.AFQN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0419040.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420040.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420050.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420051.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420052.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420056.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0420069.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0421069.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0422069.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0422077.exe a variant of Win32/Kryptik.AJZF trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0422078.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0422079.exe Win32/Adware.SecurityShield.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0422082.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP242\A0423081.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423091.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423092.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423093.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423094.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423095.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423096.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423097.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423098.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423099.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423100.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423101.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423102.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423103.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423104.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423105.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423106.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423107.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423108.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423109.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423110.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423111.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423112.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423113.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423114.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423115.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423116.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423117.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423118.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423119.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423120.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423121.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423122.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423123.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423124.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423125.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423126.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423127.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423128.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423129.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423130.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423131.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423132.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423133.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423134.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423135.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423136.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423137.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423138.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423139.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423140.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423141.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423142.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423143.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423151.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423193.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423194.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423195.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423196.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423209.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423251.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0423266.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0424081.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0425081.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0426081.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP243\A0427081.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427089.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427090.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427159.exe a variant of Win32/Delf.QSC trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427160.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427162.DLL a variant of Win32/Kryptik.AFQN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427164.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427165.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427166.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427176.exe Win32/Adware.SecurityShield.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427183.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427184.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427185.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0427206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0428206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0429206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0430206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0431206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432206.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432217.exe a variant of Win32/Delf.QSC trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432218.exe Win32/Adware.SecurityShield.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432223.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432225.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP244\A0432226.DLL a variant of Win32/Kryptik.AFQN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0433222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0434222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0435222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0436222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0436232.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0437222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0438222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP245\A0438235.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP246\A0439222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP246\A0439231.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP247\A0440222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP247\A0440232.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0441222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0441236.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0442222.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0442232.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0442235.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0443235.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0444235.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP248\A0444244.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0444250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0445250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0445260.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0446250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0447250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0448250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0448260.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0449250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0449260.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0450250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0450260.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0451250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0451259.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0452250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0452260.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453250.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453259.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453272.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453281.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453288.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1D4A548-78F7-4E2B-827B-C984F34A6F0A}\RP249\A0453296.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\rtkt0000\zafs0000\tsk0003.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\rtkt0000\zafs0000\tsk0013.dta probably a variant of Win32/Agent.GSJKHXJ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\rtkt0000\zafs0000\tsk0015.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\rtkt0000\zafs0000\tsk0017.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.08.2012_21.10.29\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\acprfmgrsvc.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\acrotray.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\avg7rsw.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\Epfwndis.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\fasttx2k.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\flashcom.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\Gernuwa.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\M3AD.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\nalntservice.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\pdlndoem.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\PNDIS5.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\rtl8029.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\softfax.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\usbbus.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\x10nets.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\L.class Java/Exploit.CVE-2011-3544.BK trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\Main.class Java/TrojanDownloader.Agent.NEC trojan cleaned by deleting - quarantined
Operating memory multiple threats

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 25 August 2012 - 10:08 AM

Restart the PC,run TDSSkiller and aswmbr once again and post the new logs

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 26 August 2012 - 01:14 PM

I have restarted my computer as directed and i can not find the TDSSkiller or ASWMBR

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 26 August 2012 - 01:15 PM

They should be in DOWNLOADS folder.If you dont find them.Download the tools again and run them

#9 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 27 August 2012 - 07:22 PM

Here is the scans you wanted me to do
TDSSkiller
20:11:05.0187 8060 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:11:07.0187 8060 ============================================================
20:11:07.0187 8060 Current date / time: 2012/08/27 20:11:07.0187
20:11:07.0187 8060 SystemInfo:
20:11:07.0187 8060
20:11:07.0187 8060 OS Version: 5.1.2600 ServicePack: 3.0
20:11:07.0187 8060 Product type: Workstation
20:11:07.0187 8060 ComputerName: HOME-A7DC498E6C
20:11:07.0187 8060 UserName: LaVi
20:11:07.0187 8060 Windows directory: C:\WINDOWS
20:11:07.0187 8060 System windows directory: C:\WINDOWS
20:11:07.0187 8060 Processor architecture: Intel x86
20:11:07.0187 8060 Number of processors: 2
20:11:07.0187 8060 Page size: 0x1000
20:11:07.0187 8060 Boot type: Normal boot
20:11:07.0187 8060 ============================================================
20:11:10.0515 8060 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:11:10.0515 8060 ============================================================
20:11:10.0515 8060 \Device\Harddisk0\DR0:
20:11:10.0515 8060 MBR partitions:
20:11:10.0515 8060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
20:11:10.0515 8060 ============================================================
20:11:10.0625 8060 C: <-> \Device\Harddisk0\DR0\Partition1
20:11:10.0671 8060 ============================================================
20:11:10.0671 8060 Initialize success
20:11:10.0671 8060 ============================================================
20:11:17.0578 4356 ============================================================
20:11:17.0578 4356 Scan started
20:11:17.0578 4356 Mode: Manual;
20:11:17.0578 4356 ============================================================
20:11:19.0171 4356 ================ Scan system memory ========================
20:11:19.0187 4356 System memory - ok
20:11:19.0187 4356 ================ Scan services =============================
20:11:19.0984 4356 Abiosdsk - ok
20:11:20.0000 4356 abp480n5 - ok
20:11:20.0171 4356 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:11:20.0343 4356 ACPI - ok
20:11:20.0390 4356 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:11:20.0390 4356 ACPIEC - ok
20:11:20.0734 4356 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:20.0937 4356 AdobeFlashPlayerUpdateSvc - ok
20:11:20.0953 4356 adpu160m - ok
20:11:21.0156 4356 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:11:21.0281 4356 aec - ok
20:11:21.0468 4356 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:11:21.0593 4356 AFD - ok
20:11:21.0609 4356 Aha154x - ok
20:11:21.0625 4356 aic78u2 - ok
20:11:21.0625 4356 aic78xx - ok
20:11:21.0703 4356 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:11:21.0734 4356 Alerter - ok
20:11:21.0796 4356 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:11:21.0828 4356 ALG - ok
20:11:21.0843 4356 AliIde - ok
20:11:21.0859 4356 amsint - ok
20:11:22.0031 4356 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:11:22.0156 4356 ApfiltrService - ok
20:11:22.0218 4356 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:11:22.0234 4356 APPDRV - ok
20:11:22.0546 4356 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:22.0578 4356 Apple Mobile Device - ok
20:11:22.0718 4356 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:11:22.0906 4356 AppMgmt - ok
20:11:23.0078 4356 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:11:23.0140 4356 Arp1394 - ok
20:11:23.0140 4356 asc - ok
20:11:23.0156 4356 asc3350p - ok
20:11:23.0171 4356 asc3550 - ok
20:11:23.0312 4356 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
20:11:23.0375 4356 ASFIPmon - ok
20:11:23.0640 4356 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:11:23.0750 4356 aspnet_state - ok
20:11:23.0796 4356 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:11:23.0812 4356 AsyncMac - ok
20:11:23.0921 4356 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:11:23.0921 4356 atapi - ok
20:11:23.0937 4356 Atdisk - ok
20:11:24.0015 4356 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:11:24.0078 4356 Atmarpc - ok
20:11:24.0171 4356 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:11:24.0203 4356 AudioSrv - ok
20:11:24.0234 4356 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:11:24.0250 4356 audstub - ok
20:11:24.0453 4356 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:11:24.0593 4356 b57w2k - ok
20:11:24.0625 4356 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
20:11:24.0625 4356 BASFND - ok
20:11:27.0093 4356 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:11:29.0609 4356 BCM43XX - ok
20:11:29.0703 4356 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:11:29.0703 4356 Beep - ok
20:11:30.0140 4356 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:11:30.0484 4356 Bonjour Service - ok
20:11:30.0593 4356 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:11:30.0656 4356 Browser - ok
20:11:30.0656 4356 catchme - ok
20:11:30.0718 4356 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:11:30.0734 4356 cbidf2k - ok
20:11:30.0796 4356 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:11:30.0812 4356 CCDECODE - ok
20:11:30.0828 4356 cd20xrnt - ok
20:11:30.0875 4356 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:11:30.0890 4356 Cdaudio - ok
20:11:30.0968 4356 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:11:30.0984 4356 Cdfs - ok
20:11:31.0078 4356 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:11:31.0156 4356 Cdrom - ok
20:11:31.0234 4356 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
20:11:31.0265 4356 cercsr6 - ok
20:11:31.0281 4356 Changer - ok
20:11:31.0312 4356 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:11:31.0312 4356 CiSvc - ok
20:11:31.0375 4356 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:11:31.0421 4356 ClipSrv - ok
20:11:31.0515 4356 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:31.0671 4356 clr_optimization_v2.0.50727_32 - ok
20:11:31.0671 4356 CLTNetCnService - ok
20:11:31.0718 4356 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:11:31.0734 4356 CmBatt - ok
20:11:31.0750 4356 CmdIde - ok
20:11:31.0765 4356 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:11:31.0765 4356 Compbatt - ok
20:11:31.0781 4356 COMSysApp - ok
20:11:31.0796 4356 Cpqarray - ok
20:11:31.0906 4356 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:11:32.0000 4356 CryptSvc - ok
20:11:32.0000 4356 dac2w2k - ok
20:11:32.0015 4356 dac960nt - ok
20:11:32.0468 4356 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:11:32.0906 4356 DcomLaunch - ok
20:11:33.0203 4356 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:11:33.0328 4356 Dhcp - ok
20:11:33.0421 4356 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:11:33.0421 4356 Disk - ok
20:11:33.0437 4356 dmadmin - ok
20:11:33.0656 4356 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:11:33.0859 4356 dmboot - ok
20:11:34.0000 4356 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:11:34.0140 4356 dmio - ok
20:11:34.0171 4356 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:11:34.0171 4356 dmload - ok
20:11:34.0234 4356 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:11:34.0265 4356 dmserver - ok
20:11:34.0343 4356 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:11:34.0390 4356 DMusic - ok
20:11:34.0453 4356 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:11:34.0500 4356 Dnscache - ok
20:11:34.0640 4356 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:11:34.0812 4356 Dot3svc - ok
20:11:34.0812 4356 dpti2o - ok
20:11:34.0859 4356 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:34.0859 4356 drmkaud - ok
20:11:34.0921 4356 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:11:34.0968 4356 EapHost - ok
20:11:35.0031 4356 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:11:35.0062 4356 ERSvc - ok
20:11:35.0234 4356 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:11:35.0328 4356 Eventlog - ok
20:11:35.0609 4356 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:11:35.0843 4356 EventSystem - ok
20:11:35.0953 4356 [ 9032405F762F1AFA92DFEF99CB078306 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
20:11:36.0031 4356 ewusbnet - ok
20:11:36.0234 4356 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:11:36.0390 4356 Fastfat - ok
20:11:36.0609 4356 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:11:36.0734 4356 FastUserSwitchingCompatibility - ok
20:11:36.0796 4356 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:11:36.0828 4356 Fdc - ok
20:11:36.0890 4356 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:11:36.0921 4356 Fips - ok
20:11:37.0015 4356 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:11:37.0046 4356 Flpydisk - ok
20:11:37.0171 4356 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:37.0250 4356 FltMgr - ok
20:11:37.0359 4356 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:11:37.0453 4356 FontCache3.0.0.0 - ok
20:11:38.0015 4356 [ 86908D0C072CE28A7650B78BAB5A06E5 ] FsFilter c:\documents and settings\lavi\application data\adobe\rxsupply.sys
20:11:38.0015 4356 Suspicious file (NoAccess): c:\documents and settings\lavi\application data\adobe\rxsupply.sys. md5: 86908D0C072CE28A7650B78BAB5A06E5
20:11:38.0015 4356 FsFilter ( LockedFile.Multi.Generic ) - warning
20:11:38.0015 4356 FsFilter - detected LockedFile.Multi.Generic (1)
20:11:38.0328 4356 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:11:38.0437 4356 fssfltr - ok
20:11:39.0515 4356 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:11:40.0156 4356 fsssvc - ok
20:11:40.0187 4356 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:40.0203 4356 Fs_Rec - ok
20:11:40.0328 4356 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:11:40.0421 4356 Ftdisk - ok
20:11:40.0484 4356 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:11:40.0531 4356 Gpc - ok
20:11:40.0640 4356 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
20:11:40.0703 4356 guardian2 - ok
20:11:40.0968 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:11:41.0093 4356 gupdate - ok
20:11:41.0218 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:11:41.0234 4356 gupdatem - ok
20:11:41.0687 4356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:11:41.0937 4356 gusvc - ok
20:11:42.0171 4356 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:11:42.0375 4356 HDAudBus - ok
20:11:42.0625 4356 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:11:42.0656 4356 helpsvc - ok
20:11:42.0734 4356 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:11:42.0812 4356 HidServ - ok
20:11:42.0937 4356 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:11:42.0968 4356 HidUsb - ok
20:11:43.0140 4356 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:11:43.0343 4356 hkmsvc - ok
20:11:43.0343 4356 hpn - ok
20:11:43.0500 4356 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:11:43.0593 4356 HPZid412 - ok
20:11:43.0671 4356 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:11:43.0687 4356 HPZipr12 - ok
20:11:43.0781 4356 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:11:43.0859 4356 HPZius12 - ok
20:11:44.0421 4356 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:11:44.0750 4356 HSFHWAZL - ok
20:11:45.0921 4356 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:11:47.0296 4356 HSF_DPV - ok
20:11:47.0718 4356 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:11:48.0125 4356 HTTP - ok
20:11:48.0281 4356 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:11:48.0312 4356 HTTPFilter - ok
20:11:48.0734 4356 [ 60AEC3F4EC355D9F46D545A0FA08CE87 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:11:48.0890 4356 hwdatacard - ok
20:11:49.0218 4356 [ B93D3C81EF1D372DC5BD5E6275362E1A ] hwusbdev C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
20:11:49.0343 4356 hwusbdev - ok
20:11:49.0359 4356 i2omgmt - ok
20:11:49.0359 4356 i2omp - ok
20:11:49.0453 4356 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:11:49.0515 4356 i8042prt - ok
20:11:57.0000 4356 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:12:04.0578 4356 ialm - ok
20:12:05.0468 4356 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:12:06.0562 4356 idsvc - ok
20:12:07.0078 4356 [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:12:07.0484 4356 IHA_MessageCenter - ok
20:12:07.0609 4356 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:12:07.0656 4356 Imapi - ok
20:12:07.0906 4356 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:12:08.0171 4356 ImapiService - ok
20:12:08.0218 4356 ini910u - ok
20:12:08.0234 4356 IntelIde - ok
20:12:08.0359 4356 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:12:08.0421 4356 intelppm - ok
20:12:08.0531 4356 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:12:08.0578 4356 Ip6Fw - ok
20:12:08.0734 4356 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:12:08.0765 4356 IpFilterDriver - ok
20:12:08.0828 4356 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:12:08.0843 4356 IpInIp - ok
20:12:09.0093 4356 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:12:09.0296 4356 IpNat - ok
20:12:09.0796 4356 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:12:09.0890 4356 IPSec - ok
20:12:09.0984 4356 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:12:10.0015 4356 IRENUM - ok
20:12:10.0203 4356 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:12:10.0343 4356 isapnp - ok
20:12:10.0671 4356 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:12:10.0796 4356 JavaQuickStarterService - ok
20:12:10.0890 4356 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:12:10.0906 4356 Kbdclass - ok
20:12:11.0109 4356 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:12:11.0265 4356 kmixer - ok
20:12:11.0375 4356 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:12:11.0406 4356 KSecDD - ok
20:12:11.0515 4356 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:12:11.0609 4356 lanmanserver - ok
20:12:11.0781 4356 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:12:11.0890 4356 lanmanworkstation - ok
20:12:11.0906 4356 lbrtfdc - ok
20:12:11.0953 4356 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:12:11.0968 4356 LmHosts - ok
20:12:11.0984 4356 LVUSBSta - ok
20:12:12.0062 4356 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:12:12.0125 4356 MBAMSwissArmy - ok
20:12:12.0625 4356 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:12:12.0953 4356 MDM - ok
20:12:13.0062 4356 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:12:13.0078 4356 mdmxsdk - ok
20:12:13.0171 4356 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:12:13.0234 4356 Messenger - ok
20:12:13.0281 4356 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:12:13.0296 4356 mnmdd - ok
20:12:13.0359 4356 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:12:13.0406 4356 mnmsrvc - ok
20:12:13.0500 4356 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:12:13.0531 4356 Modem - ok
20:12:13.0578 4356 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:12:13.0593 4356 Mouclass - ok
20:12:13.0656 4356 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:12:13.0656 4356 mouhid - ok
20:12:13.0703 4356 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:12:13.0703 4356 MountMgr - ok
20:12:13.0828 4356 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
20:12:13.0906 4356 MQAC - ok
20:12:13.0921 4356 mraid35x - ok
20:12:14.0109 4356 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:12:14.0218 4356 MRxDAV - ok
20:12:14.0843 4356 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:12:15.0218 4356 MRxSmb - ok
20:12:15.0296 4356 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:12:15.0296 4356 MSDTC - ok
20:12:15.0343 4356 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:12:15.0343 4356 Msfs - ok
20:12:15.0343 4356 MSIServer - ok
20:12:15.0390 4356 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:12:15.0406 4356 MSKSSRV - ok
20:12:15.0468 4356 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
20:12:15.0468 4356 MSMQ - ok
20:12:15.0593 4356 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
20:12:15.0734 4356 MSMQTriggers - ok
20:12:15.0750 4356 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:12:15.0765 4356 MSPCLOCK - ok
20:12:15.0812 4356 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:12:15.0828 4356 MSPQM - ok
20:12:15.0906 4356 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:12:15.0921 4356 mssmbios - ok
20:12:15.0968 4356 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:12:15.0968 4356 MSTEE - ok
20:12:16.0109 4356 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:12:16.0187 4356 Mup - ok
20:12:16.0250 4356 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:12:16.0296 4356 NABTSFEC - ok
20:12:16.0500 4356 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:12:16.0828 4356 napagent - ok
20:12:17.0000 4356 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:12:17.0187 4356 NDIS - ok
20:12:17.0234 4356 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:12:17.0234 4356 NdisIP - ok
20:12:17.0296 4356 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:12:17.0312 4356 NdisTapi - ok
20:12:17.0343 4356 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:12:17.0359 4356 Ndisuio - ok
20:12:17.0453 4356 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:17.0546 4356 NdisWan - ok
20:12:17.0625 4356 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:12:17.0671 4356 NDProxy - ok
20:12:17.0750 4356 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:12:17.0781 4356 Net Driver HPZ12 - ok
20:12:17.0859 4356 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
20:12:17.0875 4356 Netaapl - ok
20:12:17.0953 4356 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:12:17.0953 4356 NetBIOS - ok
20:12:18.0125 4356 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:12:18.0265 4356 NetBT - ok
20:12:18.0406 4356 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:12:18.0562 4356 NetDDE - ok
20:12:18.0640 4356 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:12:18.0640 4356 NetDDEdsdm - ok
20:12:18.0687 4356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:12:18.0703 4356 Netlogon - ok
20:12:18.0906 4356 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:12:19.0109 4356 Netman - ok
20:12:19.0234 4356 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:19.0390 4356 NetTcpPortSharing - ok
20:12:19.0500 4356 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:12:19.0562 4356 NIC1394 - ok
20:12:20.0203 4356 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
20:12:20.0609 4356 NICCONFIGSVC - ok
20:12:20.0937 4356 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
20:12:21.0109 4356 Nla - ok
20:12:21.0109 4356 nmservice - ok
20:12:21.0265 4356 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:12:21.0265 4356 Npfs - ok
20:12:21.0859 4356 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:12:21.0859 4356 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Ntfs.sys. md5: 78A08DD6A8D65E697C18E1DB01C5CDCA
20:12:21.0859 4356 Ntfs ( LockedFile.Multi.Generic ) - warning
20:12:21.0859 4356 Ntfs - detected LockedFile.Multi.Generic (1)
20:12:21.0921 4356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:12:21.0921 4356 NtLmSsp - ok
20:12:22.0296 4356 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:12:22.0687 4356 NtmsSvc - ok
20:12:22.0718 4356 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:12:22.0718 4356 Null - ok
20:12:22.0937 4356 [ 2D7E00B3899AFFFB800361D89A0C7660 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
20:12:23.0109 4356 NWADI - ok
20:12:23.0156 4356 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:12:23.0171 4356 NwlnkFlt - ok
20:12:23.0218 4356 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:12:23.0234 4356 NwlnkFwd - ok
20:12:23.0343 4356 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:12:23.0343 4356 ohci1394 - ok
20:12:23.0468 4356 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:23.0531 4356 ose - ok
20:12:23.0656 4356 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:12:23.0734 4356 Parport - ok
20:12:23.0812 4356 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:12:23.0812 4356 PartMgr - ok
20:12:23.0875 4356 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:12:23.0890 4356 ParVdm - ok
20:12:23.0937 4356 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
20:12:23.0968 4356 PCASp50 - ok
20:12:24.0031 4356 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:12:24.0109 4356 PCI - ok
20:12:24.0125 4356 PCIDump - ok
20:12:24.0250 4356 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:12:24.0265 4356 PCIIde - ok
20:12:24.0390 4356 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:12:24.0453 4356 Pcmcia - ok
20:12:24.0484 4356 PCTINDIS5 - ok
20:12:24.0500 4356 PDCOMP - ok
20:12:24.0515 4356 PDFRAME - ok
20:12:24.0531 4356 PDRELI - ok
20:12:24.0546 4356 PDRFRAME - ok
20:12:24.0562 4356 perc2 - ok
20:12:24.0578 4356 perc2hib - ok
20:12:24.0609 4356 PID_PEPI - ok
20:12:24.0750 4356 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:12:24.0765 4356 PlugPlay - ok
20:12:24.0890 4356 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:12:24.0937 4356 Pml Driver HPZ12 - ok
20:12:24.0968 4356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:12:24.0968 4356 PolicyAgent - ok
20:12:25.0093 4356 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:12:25.0140 4356 PptpMiniport - ok
20:12:25.0156 4356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:12:25.0156 4356 ProtectedStorage - ok
20:12:25.0250 4356 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:12:25.0312 4356 PSched - ok
20:12:25.0328 4356 pshost - ok
20:12:25.0359 4356 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:12:25.0375 4356 Ptilink - ok
20:12:25.0468 4356 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:12:25.0468 4356 PxHelp20 - ok
20:12:25.0500 4356 ql1080 - ok
20:12:25.0531 4356 Ql10wnt - ok
20:12:25.0562 4356 ql12160 - ok
20:12:25.0578 4356 ql1240 - ok
20:12:25.0593 4356 ql1280 - ok
20:12:25.0656 4356 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:12:25.0671 4356 RasAcd - ok
20:12:25.0750 4356 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:12:25.0828 4356 RasAuto - ok
20:12:25.0921 4356 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:12:25.0984 4356 Rasl2tp - ok
20:12:26.0296 4356 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:12:26.0593 4356 RasMan - ok
20:12:26.0640 4356 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:12:26.0687 4356 RasPppoe - ok
20:12:26.0765 4356 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:12:26.0781 4356 Raspti - ok
20:12:26.0953 4356 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:12:27.0046 4356 Rdbss - ok
20:12:27.0093 4356 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:12:27.0093 4356 RDPCDD - ok
20:12:27.0343 4356 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:12:27.0531 4356 rdpdr - ok
20:12:27.0671 4356 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:12:27.0765 4356 RDPWD - ok
20:12:27.0890 4356 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:12:28.0062 4356 RDSessMgr - ok
20:12:28.0140 4356 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:12:28.0187 4356 redbook - ok
20:12:28.0265 4356 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:12:28.0296 4356 RemoteAccess - ok
20:12:28.0390 4356 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:12:28.0468 4356 RemoteRegistry - ok
20:12:28.0484 4356 RimUsb - ok
20:12:28.0625 4356 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:12:28.0671 4356 RimVSerPort - ok
20:12:28.0906 4356 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
20:12:29.0109 4356 RMCAST - ok
20:12:29.0156 4356 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:12:29.0156 4356 ROOTMODEM - ok
20:12:29.0250 4356 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:12:29.0296 4356 RpcLocator - ok
20:12:29.0406 4356 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\WINDOWS\system32\rpcnet.exe
20:12:29.0453 4356 rpcnet - ok
20:12:29.0953 4356 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:12:30.0000 4356 RpcSs - ok
20:12:30.0171 4356 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:12:30.0296 4356 RSVP - ok
20:12:30.0343 4356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:12:30.0343 4356 SamSs - ok
20:12:30.0500 4356 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:12:30.0750 4356 SCardSvr - ok
20:12:31.0000 4356 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:12:31.0187 4356 Schedule - ok
20:12:31.0718 4356 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:12:32.0015 4356 SeaPort - ok
20:12:32.0062 4356 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:12:32.0093 4356 Secdrv - ok
20:12:32.0156 4356 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:12:32.0234 4356 seclogon - ok
20:12:32.0375 4356 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:12:32.0421 4356 SENS - ok
20:12:32.0500 4356 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:12:32.0562 4356 serenum - ok
20:12:32.0671 4356 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:12:32.0812 4356 Serial - ok
20:12:32.0875 4356 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:12:32.0890 4356 Sfloppy - ok
20:12:33.0296 4356 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:12:33.0750 4356 SharedAccess - ok
20:12:33.0937 4356 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:12:33.0937 4356 ShellHWDetection - ok
20:12:33.0953 4356 Simbad - ok
20:12:34.0015 4356 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:12:34.0031 4356 SLIP - ok
20:12:34.0062 4356 Sparrow - ok
20:12:34.0078 4356 SPBBCDrv - ok
20:12:34.0125 4356 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:12:34.0125 4356 splitter - ok
20:12:34.0281 4356 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:12:34.0343 4356 Spooler - ok
20:12:34.0468 4356 sprtsvc_verizondm - ok
20:12:34.0828 4356 [ 6E6EA15412240774772A5DEB474CC0E5 ] SPService C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL
20:12:34.0828 4356 Suspicious file (NoAccess): C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL. md5: 6E6EA15412240774772A5DEB474CC0E5
20:12:34.0828 4356 SPService ( LockedFile.Multi.Generic ) - warning
20:12:34.0828 4356 SPService - detected LockedFile.Multi.Generic (1)
20:12:34.0937 4356 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:12:35.0015 4356 sr - ok
20:12:35.0359 4356 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:12:35.0656 4356 srservice - ok
20:12:36.0078 4356 [ DA852E3E0BF1CEA75D756F9866241E57 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:12:36.0406 4356 Srv - ok
20:12:36.0562 4356 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:12:36.0671 4356 SSDPSRV - ok
20:12:37.0171 4356 [ 686FA4ACFDCB4E16B7F0230B88F6D17E ] STacSV C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
20:12:37.0265 4356 STacSV - ok
20:12:38.0625 4356 [ 31BA85E1CFF39A57F702A2A0877BB8E1 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
20:12:40.0406 4356 STHDA - ok
20:12:41.0000 4356 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:12:41.0406 4356 stisvc - ok
20:12:41.0562 4356 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:12:41.0578 4356 streamip - ok
20:12:41.0625 4356 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:12:41.0640 4356 swenum - ok
20:12:41.0765 4356 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:12:41.0812 4356 swmidi - ok
20:12:41.0828 4356 SwPrv - ok
20:12:41.0843 4356 symc810 - ok
20:12:41.0843 4356 symc8xx - ok
20:12:41.0859 4356 sym_hi - ok
20:12:41.0875 4356 sym_u3 - ok
20:12:41.0953 4356 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:12:42.0015 4356 sysaudio - ok
20:12:42.0125 4356 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:12:42.0203 4356 SysmonLog - ok
20:12:42.0453 4356 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:12:42.0734 4356 TapiSrv - ok
20:12:43.0156 4356 [ 456E0F5B9BEB184521B0EE8FA7CC92C7 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:12:43.0531 4356 Tcpip - ok
20:12:43.0625 4356 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:12:43.0640 4356 TDPIPE - ok
20:12:43.0750 4356 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:12:43.0765 4356 TDTCP - ok
20:12:43.0875 4356 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:12:43.0921 4356 TermDD - ok
20:12:44.0281 4356 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:12:44.0671 4356 TermService - ok
20:12:44.0671 4356 tgsrvc_verizondm - ok
20:12:45.0031 4356 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:12:45.0062 4356 Themes - ok
20:12:45.0265 4356 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:12:45.0390 4356 TlntSvr - ok
20:12:45.0406 4356 TosIde - ok
20:12:45.0578 4356 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:12:45.0765 4356 TrkWks - ok
20:12:45.0953 4356 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:12:46.0031 4356 Udfs - ok
20:12:46.0031 4356 UIUSys - ok
20:12:46.0046 4356 ultra - ok
20:12:46.0468 4356 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:12:46.0875 4356 Update - ok
20:12:47.0093 4356 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:12:47.0265 4356 upnphost - ok
20:12:47.0312 4356 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:12:47.0328 4356 UPS - ok
20:12:47.0406 4356 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:12:47.0453 4356 USBAAPL - ok
20:12:47.0546 4356 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:12:47.0671 4356 usbaudio - ok
20:12:47.0765 4356 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:12:47.0796 4356 usbccgp - ok
20:12:47.0875 4356 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:12:47.0921 4356 usbehci - ok
20:12:48.0031 4356 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:12:48.0093 4356 usbhub - ok
20:12:48.0218 4356 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:12:48.0281 4356 usbprint - ok
20:12:48.0343 4356 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:12:48.0359 4356 usbscan - ok
20:12:48.0421 4356 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:12:48.0437 4356 USBSTOR - ok
20:12:48.0484 4356 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:12:48.0546 4356 usbuhci - ok
20:12:48.0625 4356 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:12:48.0640 4356 VgaSave - ok
20:12:48.0656 4356 ViaIde - ok
20:12:48.0703 4356 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:12:48.0703 4356 VolSnap - ok
20:12:48.0890 4356 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:12:49.0187 4356 VSS - ok
20:12:49.0406 4356 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:12:49.0578 4356 W32Time - ok
20:12:49.0765 4356 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:12:49.0828 4356 Wanarp - ok
20:12:49.0843 4356 wanatw - ok
20:12:50.0515 4356 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:12:51.0046 4356 Wdf01000 - ok
20:12:51.0062 4356 WDICA - ok
20:12:51.0187 4356 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:12:51.0265 4356 wdmaud - ok
20:12:51.0390 4356 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:12:51.0453 4356 WebClient - ok
20:12:52.0265 4356 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:12:53.0078 4356 winachsf - ok
20:12:53.0359 4356 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:12:53.0500 4356 winmgmt - ok
20:12:53.0750 4356 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:12:54.0078 4356 WLSetupSvc - ok
20:12:54.0078 4356 wltrysvc - ok
20:12:54.0125 4356 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:12:54.0171 4356 WmdmPmSN - ok
20:12:54.0781 4356 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:12:55.0328 4356 Wmi - ok
20:12:55.0359 4356 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:12:55.0359 4356 WmiAcpi - ok
20:12:55.0500 4356 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:12:55.0640 4356 WmiApSrv - ok
20:12:56.0296 4356 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:12:56.0968 4356 WMPNetworkSvc - ok
20:12:57.0015 4356 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:12:57.0046 4356 WSTCODEC - ok
20:12:57.0125 4356 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:12:57.0171 4356 WudfPf - ok
20:12:57.0250 4356 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:12:57.0312 4356 WudfRd - ok
20:12:57.0375 4356 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:12:57.0453 4356 WudfSvc - ok
20:12:57.0921 4356 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:12:58.0359 4356 WZCSVC - ok
20:12:58.0484 4356 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:12:58.0656 4356 xmlprov - ok
20:12:58.0671 4356 ZSMC211 - ok
20:12:58.0703 4356 ================ Scan global ===============================
20:12:58.0812 4356 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:12:59.0187 4356 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
20:12:59.0687 4356 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
20:12:59.0796 4356 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:12:59.0812 4356 [Global] - ok
20:12:59.0812 4356 ================ Scan MBR ==================================
20:12:59.0875 4356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:13:00.0406 4356 \Device\Harddisk0\DR0 - ok
20:13:00.0406 4356 ================ Scan VBR ==================================
20:13:00.0421 4356 [ FDD718EB911A819E19A4D03A70DD6EF9 ] \Device\Harddisk0\DR0\Partition1
20:13:00.0421 4356 \Device\Harddisk0\DR0\Partition1 - ok
20:13:00.0421 4356 ============================================================
20:13:00.0421 4356 Scan finished
20:13:00.0421 4356 ============================================================
20:13:00.0453 7252 Detected object count: 3
20:13:00.0453 7252 Actual detected object count: 3
20:13:15.0750 7252 FsFilter ( LockedFile.Multi.Generic ) - skipped by user
20:13:15.0765 7252 FsFilter ( LockedFile.Multi.Generic ) - User select action: Skip
20:13:15.0765 7252 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
20:13:15.0765 7252 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
20:13:15.0765 7252 SPService ( LockedFile.Multi.Generic ) - skipped by user
20:13:15.0765 7252 SPService ( LockedFile.Multi.Generic ) - User select action: Skip

ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 17:41:43
-----------------------------
17:41:43.406 OS Version: Windows 5.1.2600 Service Pack 3
17:41:43.406 Number of processors: 2 586 0xF0D
17:41:43.406 ComputerName: HOME-A7DC498E6C UserName: LaVi
17:41:49.875 Initialize success
17:43:34.156 AVAST engine defs: 12082600
17:43:51.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:43:51.031 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7KP Size: 76319MB BusType: 3
17:43:51.062 Disk 0 MBR read successfully
17:43:51.062 Disk 0 MBR scan
17:43:51.171 Disk 0 Windows XP default MBR code
17:43:51.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:43:51.218 Disk 0 scanning sectors +156296385
17:43:51.406 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:58.015 Service scanning
17:45:30.078 Service FsFilter c:\documents and settings\lavi\application data\adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
17:46:14.015 Service SPService C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL **INFECTED** Win32:Kryptik-JQW [Trj]
17:46:33.937 Modules scanning
17:47:18.437 Disk 0 trace - called modules:
17:47:18.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
17:47:18.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8755cab8]
17:47:18.484 3 CLASSPNP.SYS[f75defd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x87585030]
17:47:21.046 AVAST engine scan C:\WINDOWS
17:48:04.546 AVAST engine scan C:\WINDOWS\system32
18:07:09.453 AVAST engine scan C:\WINDOWS\system32\drivers
18:08:19.531 AVAST engine scan C:\Documents and Settings\LaVi
18:08:26.078 File: C:\Documents and Settings\LaVi\Application Data\Adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
18:08:26.296 File: C:\Documents and Settings\LaVi\Application Data\Adobe\sp.DLL **INFECTED** Win32:Kryptik-JQW [Trj]
18:16:14.812 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\00000001.@ **INFECTED** Win32:Malware-gen
18:16:14.968 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
18:16:15.078 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
18:54:25.109 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
19:00:42.640 Scan finished successfully
20:10:26.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\MBR.dat"
20:10:26.234 The log file has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\aswMBR2.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 27 August 2012 - 09:51 PM

Will wait for other logs

#11 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 28 August 2012 - 05:04 PM

Here are the logs
MBAM
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
LaVi :: HOME-A7DC498E6C [administrator]

8/28/2012 3:26:20 PM
mbam-log-2012-08-28 (15-26-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 560607
Time elapsed: 2 hour(s), 10 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MTB
MiniToolBox by Farbar Version: 23-07-2012
Ran by LaVi (administrator) on 28-08-2012 at 17:57:13
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: DGNET.DLL.


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-a7dc498e6c

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.actdsltmp



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.actdsltmp

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-12-CD-FA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, August 28, 2012 5:45:04 PM

Lease Expires . . . . . . . . . . : Tuesday, September 04, 2012 5:45:04 PM

Server:
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.197, 74.125.226.194, 74.125.226.198, 74.125.226.192
74.125.226.193, 74.125.226.206, 74.125.226.200, 74.125.226.195, 74.125.226.196
74.125.226.201, 74.125.226.199



Pinging google.com [74.125.226.193] with 32 bytes of data:



Reply from 74.125.226.193: bytes=32 time=434ms TTL=55

Reply from 74.125.226.193: bytes=32 time=378ms TTL=55



Ping statistics for 74.125.226.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 378ms, Maximum = 434ms, Average = 406ms

Server:
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=287ms TTL=56

Reply from 72.30.38.140: bytes=32 time=642ms TTL=56



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 287ms, Maximum = 642ms, Average = 464ms

Server:
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 12 cd fa ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 07:51:48 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/26/2012 07:21:52 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (08/26/2012 01:28:15 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (08/25/2012 04:09:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/24/2012 11:10:57 AM) (Source: MSMQ) (User: )
Description: The RPC service cannot be used with the TCP/IP protocol. Consequently, the Message Queuing service cannot communicate with other computers.

Error: (08/23/2012 09:43:05 PM) (Source: MSMQ) (User: )
Description: The RPC service cannot be used with the TCP/IP protocol. Consequently, the Message Queuing service cannot communicate with other computers.

Error: (08/23/2012 02:28:04 PM) (Source: MSMQ) (User: )
Description: The RPC service cannot be used with the TCP/IP protocol. Consequently, the Message Queuing service cannot communicate with other computers.

Error: (08/22/2012 10:01:59 PM) (Source: MSMQ) (User: )
Description: The RPC service cannot be used with the TCP/IP protocol. Consequently, the Message Queuing service cannot communicate with other computers.

Error: (08/22/2012 00:57:24 PM) (Source: MSMQ) (User: )
Description: The RPC service cannot be used with the TCP/IP protocol. Consequently, the Message Queuing service cannot communicate with other computers.

Error: (08/22/2012 00:10:24 AM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/28/2012 05:49:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SPBBCDrv

Error: (08/28/2012 05:49:29 PM) (Source: Service Control Manager) (User: )
Description: The Cmpci service terminated with the following error:
%%126

Error: (08/28/2012 05:49:29 PM) (Source: Service Control Manager) (User: )
Description: The Freesshdservice service terminated with the following error:
%%126

Error: (08/28/2012 05:49:29 PM) (Source: Service Control Manager) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%1053

Error: (08/28/2012 05:49:29 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service to connect.

Error: (08/28/2012 03:38:33 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/28/2012 03:38:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/28/2012 03:38:23 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/28/2012 03:38:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (08/28/2012 03:38:15 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Abexo Free Registry Cleaner
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader X (10.0.1) (Version: 10.0.1)
AIO_Scan (Version: 90.0.222.000)
AOL Messaging Toolbar
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.2 (Version: 2.1.2-Build#3036)
Bonjour (Version: 3.0.0.2)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Mobile Broadband Card Utility (Version: 2.06.01.027)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
DW WLAN Card Utility (Version: 5.60.18.47)
ESET Online Scanner v3
Google Talk Plugin (Version: 3.5.1.8982)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
IHA_MessageCenter (Version: 1.8.70)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Media Player Codec Pack 3.9.9
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 (Version: 4.20.9818.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
QuickSet (Version: 8.3.17)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4820.0)
Spotmau Wincare 2008 (Version: 2008)
SpywareBlaster 4.6 (Version: 4.6.0)
Toolbox (Version: 90.0.146.000)
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Download Manager (Version: 25)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Vz In Home Agent (Version: 8.03.53)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 20.0.2011.0)

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1014.04 MB
Available physical RAM: 481.18 MB
Total Pagefile: 2441.32 MB
Available Pagefile: 2001.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.58 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:22.74 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-A7DC498E6C

Administrator ASPNET Guest
HelpAssistant LaVi SUPPORT_388945a0


**** End of log ****

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by LaVi (administrator) on 28-08-2012 at 17:59:10
Running from "C:\Documents and Settings\LaVi\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 06:00] - [2008-06-20 07:51] - 0361600 ____A (Microsoft Corporation) 456E0F5B9BEB184521B0EE8FA7CC92C7

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000800000005000000010000000200000003000000040000000900000006000000070000000A000000


**** End of log ****

ADWCleaner
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 17:40:23
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : LaVi - HOME-A7DC498E6C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\LaVi\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\LaVi\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\LaVi\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder

***** [Registry] *****

Key Deleted : HKCU\Software\MarketPrecision
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [325 octets] - [28/08/2012 12:29:16]
AdwCleaner[S2].txt - [4490 octets] - [28/08/2012 17:40:23]

########## EOF - C:\AdwCleaner[S2].txt - [4618 octets] ##########

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 28 August 2012 - 05:10 PM

Download

wscsvc
Sharedaccess
BITS
wuauserv

Launch them,click YES

Restart the PC,post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#13 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 28 August 2012 - 09:31 PM

The FSS Log
Farbar Service Scanner Version: 06-08-2012
Ran by LaVi (administrator) on 28-08-2012 at 22:23:08
Running from "C:\Documents and Settings\LaVi\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 06:00] - [2008-06-20 07:51] - 0361600 ____A (Microsoft Corporation) 456E0F5B9BEB184521B0EE8FA7CC92C7

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000800000005000000010000000200000003000000040000000900000006000000070000000A000000


**** End of log ****

#14 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 28 August 2012 - 09:38 PM

RKILL LOG

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2012 10:32:43 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 1456) [WD-HEUR]
* C:\WINDOWS\System32\bcmwltry.exe (PID: 1472) [WD-HEUR]
* C:\WINDOWS\system32\WLTRAY.exe (PID: 2196) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!

* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!


Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\ntfs.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys : 574,976 : 02/09/2007 00:23 AM : 05ab81909514bfd69cbb1f2c147cf6b9 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys : 574,464 : 02/09/2007 00:10 AM : 19a811ef5f1ed5c926a028ce107ff1af [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys : 574,592 : 08/04/2004 00:00 AM : b78be402c3f63dd55521f73876951cdd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntfs.sys : 574,976 : 04/13/2008 03:15 PM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 04/13/2008 03:15 PM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys : 360,832 : 10/30/2007 00:53 AM : 64798ecfa43d78c7178375fcdd16d8c8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360,960 : 06/20/2008 00:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361,600 : 06/20/2008 00:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 00:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360,320 : 06/20/2008 00:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys : 359,040 : 08/04/2004 00:00 AM : 9f4b36614a0fc234525ba224957de55c [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys : 361,344 : 04/13/2008 03:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys : 360,064 : 10/30/2007 01:20 PM : 90caff4b094573449a0872a0f919b178 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 03:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 03:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe : 502,272 : 08/04/2004 01:00 AM : 01c3346c241652f43aed8e2149881bfe [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe : 507,904 : 04/13/2008 08:12 PM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 507,904 : 01/21/2011 08:00 AM : 3f061815a6754c0a1c9bf3d78a14bb54 [Pos Repl]

* C:\WINDOWS\explorer.exe [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe : 1,033,216 : 06/13/2007 00:26 AM : 7712df0cdde3a5ac89843e61cd5b3658 [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe : 1,033,216 : 06/13/2007 01:23 AM : 97bd6515465659ff8f3b7be375b2ea87 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB938828$\explorer.exe : 1,032,192 : 08/04/2004 01:00 AM : a0732187050030ae399b241436565e64 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,033,728 : 04/13/2008 08:12 PM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 01/21/2011 08:01 AM : eaf851a4387da45e9ac48c89fae16a6c [Pos Repl]

Program finished at: 08/28/2012 10:36:24 PM
Execution time: 0 hours(s), 3 minute(s), and 41 seconds(s)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:54 AM

Posted 28 August 2012 - 09:42 PM

C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\drivers\ntfs.sys
C:\WINDOWS\System32\Drivers\tcpip.sys

Copy all these files to desktop

Go to

https://www.virustotal.com/

Click on CHOOSE FILE

Browse to desktop and upload these files one by one

Post the generated report link here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users