Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google not working?


  • Please log in to reply
14 replies to this topic

#1 jojoe0326

jojoe0326

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 25 August 2012 - 11:26 AM

When I was using google.com on firefox it would bring me to Google but whenever I would search for something it would go to a plain white page and say Done. I checked IE and it was working fine so I uninstalled firefox but now it will not load on IE either...Please help, Thank you!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 AM

Posted 25 August 2012 - 12:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 26 August 2012 - 03:02 PM

I found 2 logs in the CDrive so here are both of them

15:50:43.0203 0992 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:50:43.0500 0992 ============================================================
15:50:43.0500 0992 Current date / time: 2012/08/26 15:50:43.0500
15:50:43.0500 0992 SystemInfo:
15:50:43.0500 0992
15:50:43.0500 0992 OS Version: 5.1.2600 ServicePack: 3.0
15:50:43.0500 0992 Product type: Workstation
15:50:43.0500 0992 ComputerName: COMPAQ
15:50:43.0500 0992 UserName: Computer
15:50:43.0500 0992 Windows directory: C:\WINDOWS
15:50:43.0500 0992 System windows directory: C:\WINDOWS
15:50:43.0500 0992 Processor architecture: Intel x86
15:50:43.0500 0992 Number of processors: 1
15:50:43.0500 0992 Page size: 0x1000
15:50:43.0500 0992 Boot type: Normal boot
15:50:43.0500 0992 ============================================================
15:50:46.0812 0992 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:50:46.0843 0992 ============================================================
15:50:46.0843 0992 \Device\Harddisk0\DR0:
15:50:46.0843 0992 MBR partitions:
15:50:46.0843 0992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
15:50:46.0843 0992 ============================================================
15:50:46.0890 0992 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:46.0890 0992 ============================================================
15:50:46.0906 0992 Initialize success
15:50:46.0906 0992 ============================================================
15:51:10.0765 1240 ============================================================
15:51:10.0765 1240 Scan started
15:51:10.0765 1240 Mode: Manual; TDLFS;
15:51:10.0765 1240 ============================================================
15:51:13.0015 1240 ================ Scan system memory ========================
15:51:13.0015 1240 System memory - ok
15:51:13.0031 1240 ================ Scan services =============================
15:51:13.0187 1240 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:51:13.0218 1240 !SASCORE - ok
15:51:13.0375 1240 Abiosdsk - ok
15:51:13.0375 1240 abp480n5 - ok
15:51:13.0468 1240 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:51:13.0468 1240 ACPI - ok
15:51:13.0531 1240 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:51:13.0531 1240 ACPIEC - ok
15:51:13.0687 1240 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:13.0703 1240 AdobeFlashPlayerUpdateSvc - ok
15:51:13.0703 1240 adpu160m - ok
15:51:13.0781 1240 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
15:51:13.0812 1240 aeaudio - ok
15:51:13.0890 1240 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:51:13.0937 1240 aec - ok
15:51:14.0000 1240 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:51:14.0000 1240 AFD - ok
15:51:14.0171 1240 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:51:14.0265 1240 AgereSoftModem - ok
15:51:14.0265 1240 Aha154x - ok
15:51:14.0281 1240 aic78u2 - ok
15:51:14.0296 1240 aic78xx - ok
15:51:14.0359 1240 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:51:14.0359 1240 Alerter - ok
15:51:14.0406 1240 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:51:14.0406 1240 ALG - ok
15:51:14.0406 1240 AliIde - ok
15:51:14.0484 1240 [ E6A2299284013EC4DE3419481A62069F ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:51:14.0484 1240 AmdK8 - ok
15:51:14.0484 1240 amsint - ok
15:51:14.0593 1240 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:51:14.0609 1240 AntiVirSchedulerService - ok
15:51:14.0671 1240 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:51:14.0687 1240 AntiVirService - ok
15:51:14.0687 1240 [ D3DA11B88AB29076B78FF79F35F0586B ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:51:14.0703 1240 ApfiltrService - ok
15:51:14.0718 1240 AppMgmt - ok
15:51:14.0765 1240 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:51:14.0796 1240 Arp1394 - ok
15:51:14.0812 1240 asc - ok
15:51:14.0812 1240 asc3350p - ok
15:51:14.0828 1240 asc3550 - ok
15:51:15.0015 1240 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:51:15.0203 1240 aspnet_state - ok
15:51:15.0234 1240 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:51:15.0234 1240 AsyncMac - ok
15:51:15.0281 1240 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:51:15.0281 1240 atapi - ok
15:51:15.0281 1240 Atdisk - ok
15:51:15.0328 1240 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:51:15.0343 1240 Atmarpc - ok
15:51:15.0390 1240 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:51:15.0390 1240 AudioSrv - ok
15:51:15.0468 1240 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:51:15.0500 1240 audstub - ok
15:51:15.0546 1240 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:51:15.0578 1240 avgntflt - ok
15:51:15.0609 1240 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:51:15.0625 1240 avipbb - ok
15:51:15.0640 1240 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:51:15.0640 1240 avkmgr - ok
15:51:15.0843 1240 [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:51:15.0875 1240 BCM43XX - ok
15:51:15.0921 1240 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:51:15.0937 1240 Beep - ok
15:51:16.0031 1240 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:51:16.0156 1240 BITS - ok
15:51:16.0218 1240 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:51:16.0218 1240 Browser - ok
15:51:16.0375 1240 catchme - ok
15:51:16.0406 1240 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:51:16.0406 1240 cbidf2k - ok
15:51:16.0421 1240 cd20xrnt - ok
15:51:16.0437 1240 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:51:16.0468 1240 Cdaudio - ok
15:51:16.0515 1240 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:51:16.0562 1240 Cdfs - ok
15:51:16.0609 1240 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:51:16.0625 1240 Cdrom - ok
15:51:16.0640 1240 Changer - ok
15:51:16.0703 1240 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:51:16.0703 1240 CiSvc - ok
15:51:16.0734 1240 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:51:16.0765 1240 ClipSrv - ok
15:51:16.0828 1240 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:16.0984 1240 clr_optimization_v2.0.50727_32 - ok
15:51:17.0046 1240 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:51:17.0046 1240 CmBatt - ok
15:51:17.0062 1240 CmdIde - ok
15:51:17.0078 1240 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:51:17.0078 1240 Compbatt - ok
15:51:17.0093 1240 COMSysApp - ok
15:51:17.0109 1240 Cpqarray - ok
15:51:17.0140 1240 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:51:17.0156 1240 CryptSvc - ok
15:51:17.0171 1240 dac2w2k - ok
15:51:17.0171 1240 dac960nt - ok
15:51:17.0281 1240 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:51:17.0281 1240 DcomLaunch - ok
15:51:17.0343 1240 [ 5DC28C3458FCC7258EDD9F817BAD8CC7 ] DevUpper C:\WINDOWS\system32\DRIVERS\tiumflt.sys
15:51:17.0359 1240 DevUpper - ok
15:51:17.0421 1240 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:51:17.0500 1240 Dhcp - ok
15:51:17.0562 1240 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:51:17.0593 1240 Disk - ok
15:51:17.0593 1240 dmadmin - ok
15:51:17.0671 1240 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:51:17.0687 1240 dmboot - ok
15:51:17.0718 1240 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:51:17.0765 1240 dmio - ok
15:51:17.0812 1240 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:51:17.0843 1240 dmload - ok
15:51:17.0875 1240 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:51:17.0890 1240 dmserver - ok
15:51:17.0921 1240 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:51:17.0921 1240 DMusic - ok
15:51:18.0000 1240 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:51:18.0000 1240 Dnscache - ok
15:51:18.0125 1240 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:51:18.0140 1240 Dot3svc - ok
15:51:18.0140 1240 dpti2o - ok
15:51:18.0187 1240 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:51:18.0187 1240 drmkaud - ok
15:51:18.0234 1240 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:51:18.0281 1240 EapHost - ok
15:51:18.0343 1240 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:51:18.0359 1240 ERSvc - ok
15:51:18.0437 1240 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:51:18.0453 1240 Eventlog - ok
15:51:18.0515 1240 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:51:18.0515 1240 EventSystem - ok
15:51:18.0578 1240 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:51:18.0625 1240 Fastfat - ok
15:51:18.0687 1240 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:51:18.0687 1240 FastUserSwitchingCompatibility - ok
15:51:18.0718 1240 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:51:18.0734 1240 Fdc - ok
15:51:18.0765 1240 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:51:18.0781 1240 Fips - ok
15:51:18.0843 1240 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:51:18.0859 1240 Flpydisk - ok
15:51:18.0953 1240 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:51:18.0953 1240 FltMgr - ok
15:51:19.0140 1240 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:51:19.0171 1240 FontCache3.0.0.0 - ok
15:51:19.0203 1240 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:51:19.0218 1240 Fs_Rec - ok
15:51:19.0250 1240 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:51:19.0281 1240 Ftdisk - ok
15:51:19.0343 1240 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:51:19.0359 1240 GEARAspiWDM - ok
15:51:19.0375 1240 getPlusHelper - ok
15:51:19.0437 1240 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:51:19.0453 1240 Gpc - ok
15:51:19.0562 1240 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:51:19.0562 1240 helpsvc - ok
15:51:19.0578 1240 HidServ - ok
15:51:19.0625 1240 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:51:19.0671 1240 HidUsb - ok
15:51:19.0718 1240 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:51:19.0718 1240 hkmsvc - ok
15:51:19.0734 1240 hpn - ok
15:51:19.0812 1240 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:51:19.0843 1240 HPZid412 - ok
15:51:19.0875 1240 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:51:19.0875 1240 HPZipr12 - ok
15:51:19.0906 1240 [ 1D53F2B2051A3FCE2C8EF0E01B042E25 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:51:19.0953 1240 HPZius12 - ok
15:51:20.0031 1240 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:51:20.0031 1240 HTTP - ok
15:51:20.0093 1240 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:51:20.0140 1240 HTTPFilter - ok
15:51:20.0156 1240 i2omgmt - ok
15:51:20.0156 1240 i2omp - ok
15:51:20.0203 1240 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:51:20.0203 1240 i8042prt - ok
15:51:20.0312 1240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:51:20.0359 1240 IDriverT - ok
15:51:20.0515 1240 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:51:20.0640 1240 idsvc - ok
15:51:20.0656 1240 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:51:20.0687 1240 Imapi - ok
15:51:20.0750 1240 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:51:20.0750 1240 ImapiService - ok
15:51:20.0765 1240 ini910u - ok
15:51:20.0781 1240 IntelIde - ok
15:51:20.0828 1240 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:51:20.0859 1240 ip6fw - ok
15:51:20.0953 1240 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:21.0000 1240 IpFilterDriver - ok
15:51:21.0031 1240 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:21.0125 1240 IpInIp - ok
15:51:21.0171 1240 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:21.0171 1240 IpNat - ok
15:51:21.0203 1240 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:21.0203 1240 IPSec - ok
15:51:21.0234 1240 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:21.0250 1240 IRENUM - ok
15:51:21.0328 1240 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:51:21.0343 1240 isapnp - ok
15:51:21.0890 1240 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:51:21.0968 1240 JavaQuickStarterService - ok
15:51:22.0015 1240 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:22.0015 1240 Kbdclass - ok
15:51:22.0250 1240 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:51:22.0312 1240 kmixer - ok
15:51:22.0375 1240 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:22.0390 1240 KSecDD - ok
15:51:22.0531 1240 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:51:22.0609 1240 lanmanserver - ok
15:51:22.0671 1240 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:51:22.0687 1240 lanmanworkstation - ok
15:51:22.0687 1240 lbrtfdc - ok
15:51:22.0781 1240 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:51:22.0828 1240 LmHosts - ok
15:51:22.0890 1240 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:51:22.0921 1240 MBAMProtector - ok
15:51:23.0234 1240 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\AntiMal\mbamservice.exe
15:51:23.0281 1240 MBAMService - ok
15:51:23.0296 1240 MCSTRM - ok
15:51:23.0328 1240 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:51:23.0359 1240 Messenger - ok
15:51:23.0421 1240 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:23.0421 1240 mnmdd - ok
15:51:23.0562 1240 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:51:23.0765 1240 mnmsrvc - ok
15:51:23.0968 1240 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:51:24.0031 1240 Modem - ok
15:51:24.0109 1240 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:24.0125 1240 Mouclass - ok
15:51:24.0187 1240 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:24.0234 1240 MountMgr - ok
15:51:24.0250 1240 mraid35x - ok
15:51:24.0296 1240 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:24.0312 1240 MRxDAV - ok
15:51:24.0687 1240 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:24.0781 1240 MRxSmb - ok
15:51:24.0828 1240 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:51:24.0843 1240 MSDTC - ok
15:51:24.0890 1240 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:51:24.0890 1240 Msfs - ok
15:51:24.0906 1240 MSIServer - ok
15:51:24.0937 1240 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:24.0937 1240 MSKSSRV - ok
15:51:24.0953 1240 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:24.0984 1240 MSPCLOCK - ok
15:51:25.0031 1240 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:25.0046 1240 MSPQM - ok
15:51:25.0109 1240 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:25.0125 1240 mssmbios - ok
15:51:25.0234 1240 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:51:25.0234 1240 Mup - ok
15:51:25.0406 1240 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:51:25.0515 1240 napagent - ok
15:51:25.0578 1240 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:51:25.0640 1240 NDIS - ok
15:51:25.0750 1240 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:25.0750 1240 NdisTapi - ok
15:51:25.0781 1240 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:25.0796 1240 Ndisuio - ok
15:51:25.0812 1240 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:25.0828 1240 NdisWan - ok
15:51:25.0890 1240 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:25.0890 1240 NDProxy - ok
15:51:25.0937 1240 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:26.0000 1240 NetBIOS - ok
15:51:26.0109 1240 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:26.0140 1240 NetBT - ok
15:51:26.0187 1240 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:51:26.0218 1240 NetDDE - ok
15:51:26.0218 1240 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:51:26.0218 1240 NetDDEdsdm - ok
15:51:26.0265 1240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:51:26.0265 1240 Netlogon - ok
15:51:26.0296 1240 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:51:26.0328 1240 Netman - ok
15:51:26.0390 1240 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:26.0406 1240 NetTcpPortSharing - ok
15:51:26.0437 1240 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:51:26.0453 1240 NIC1394 - ok
15:51:26.0531 1240 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:51:26.0546 1240 Nla - ok
15:51:26.0578 1240 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:51:26.0640 1240 nm - ok
15:51:26.0718 1240 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:51:26.0828 1240 Npfs - ok
15:51:26.0953 1240 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:27.0031 1240 Ntfs - ok
15:51:27.0156 1240 [ 8055859B87AC3E504ECE0C1E9353CC4E ] NTIDrvr C:\WINDOWS\system32\drivers\NTIDrvr.sys
15:51:27.0203 1240 NTIDrvr - ok
15:51:27.0234 1240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:51:27.0234 1240 NtLmSsp - ok
15:51:27.0296 1240 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:51:27.0328 1240 NtmsSvc - ok
15:51:27.0390 1240 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:51:27.0390 1240 Null - ok
15:51:27.0593 1240 [ 0AEA8F9DBE202FCFEFFB181E1C5CF6D2 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:51:27.0656 1240 nv - ok
15:51:27.0687 1240 [ E8CAE0E789D1B2B9EF205F595525E3B5 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
15:51:27.0718 1240 NVSvc - ok
15:51:27.0765 1240 [ 01621905AE34BC24AAA2FDDB93977299 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:51:27.0796 1240 nv_agp - ok
15:51:27.0843 1240 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:27.0859 1240 NwlnkFlt - ok
15:51:27.0875 1240 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:27.0875 1240 NwlnkFwd - ok
15:51:27.0937 1240 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:51:27.0937 1240 ohci1394 - ok
15:51:28.0031 1240 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:51:28.0140 1240 Parport - ok
15:51:28.0203 1240 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:28.0234 1240 PartMgr - ok
15:51:28.0296 1240 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:28.0312 1240 ParVdm - ok
15:51:28.0328 1240 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:28.0343 1240 PCI - ok
15:51:28.0359 1240 PCIDump - ok
15:51:28.0375 1240 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:28.0375 1240 PCIIde - ok
15:51:28.0406 1240 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:51:28.0468 1240 Pcmcia - ok
15:51:28.0468 1240 PDCOMP - ok
15:51:28.0484 1240 PDFRAME - ok
15:51:28.0500 1240 PDRELI - ok
15:51:28.0515 1240 PDRFRAME - ok
15:51:28.0515 1240 perc2 - ok
15:51:28.0531 1240 perc2hib - ok
15:51:28.0593 1240 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:51:28.0593 1240 PlugPlay - ok
15:51:28.0656 1240 [ 364E30F27BE1E6DED83E81C4DE93E808 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
15:51:28.0687 1240 Pml Driver HPZ12 - ok
15:51:28.0703 1240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:51:28.0703 1240 PolicyAgent - ok
15:51:28.0734 1240 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:28.0750 1240 PptpMiniport - ok
15:51:28.0781 1240 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:51:28.0812 1240 Processor - ok
15:51:28.0828 1240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:51:28.0828 1240 ProtectedStorage - ok
15:51:28.0859 1240 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:51:28.0890 1240 PSched - ok
15:51:28.0921 1240 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:28.0921 1240 Ptilink - ok
15:51:28.0937 1240 ql1080 - ok
15:51:28.0937 1240 Ql10wnt - ok
15:51:28.0953 1240 ql12160 - ok
15:51:28.0968 1240 ql1240 - ok
15:51:28.0968 1240 ql1280 - ok
15:51:28.0984 1240 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:28.0984 1240 RasAcd - ok
15:51:29.0062 1240 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:51:29.0140 1240 RasAuto - ok
15:51:29.0187 1240 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:29.0250 1240 Rasl2tp - ok
15:51:29.0312 1240 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:51:29.0343 1240 RasMan - ok
15:51:29.0375 1240 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:29.0390 1240 RasPppoe - ok
15:51:29.0390 1240 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:29.0406 1240 Raspti - ok
15:51:29.0468 1240 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:29.0484 1240 Rdbss - ok
15:51:29.0484 1240 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:29.0531 1240 RDPCDD - ok
15:51:29.0625 1240 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:29.0640 1240 RDPWD - ok
15:51:29.0703 1240 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:51:29.0812 1240 RDSessMgr - ok
15:51:29.0843 1240 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:29.0859 1240 redbook - ok
15:51:29.0906 1240 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:51:29.0937 1240 RemoteAccess - ok
15:51:29.0953 1240 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
15:51:29.0968 1240 RpcLocator - ok
15:51:30.0015 1240 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:51:30.0015 1240 RpcSs - ok
15:51:30.0046 1240 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:51:30.0125 1240 RSVP - ok
15:51:30.0203 1240 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
15:51:30.0234 1240 RTL8023xp - ok
15:51:30.0296 1240 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:51:30.0296 1240 rtl8139 - ok
15:51:30.0328 1240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:51:30.0328 1240 SamSs - ok
15:51:30.0375 1240 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:51:30.0468 1240 SASDIFSV - ok
15:51:30.0562 1240 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:51:30.0609 1240 SASENUM - ok
15:51:30.0640 1240 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:51:30.0687 1240 SASKUTIL - ok
15:51:30.0750 1240 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:51:30.0781 1240 SCardSvr - ok
15:51:30.0859 1240 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:51:30.0890 1240 Schedule - ok
15:51:30.0968 1240 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:31.0015 1240 Secdrv - ok
15:51:31.0046 1240 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:51:31.0046 1240 seclogon - ok
15:51:31.0109 1240 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:51:31.0109 1240 SENS - ok
15:51:31.0171 1240 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:51:31.0203 1240 Serial - ok
15:51:31.0250 1240 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:51:31.0250 1240 Sfloppy - ok
15:51:31.0343 1240 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:51:31.0343 1240 SharedAccess - ok
15:51:31.0375 1240 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:51:31.0375 1240 ShellHWDetection - ok
15:51:31.0390 1240 Simbad - ok
15:51:31.0546 1240 [ F41896D591106713649B7EBA668324E6 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:51:31.0609 1240 smwdm - ok
15:51:31.0625 1240 Sparrow - ok
15:51:31.0656 1240 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:51:31.0671 1240 splitter - ok
15:51:31.0734 1240 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:51:31.0734 1240 Spooler - ok
15:51:31.0765 1240 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:51:31.0781 1240 sr - ok
15:51:31.0828 1240 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:51:31.0843 1240 srservice - ok
15:51:31.0921 1240 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:51:31.0921 1240 Srv - ok
15:51:32.0000 1240 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:51:32.0000 1240 SSDPSRV - ok
15:51:32.0125 1240 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:51:32.0281 1240 ssmdrv - ok
15:51:32.0328 1240 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:51:32.0343 1240 stisvc - ok
15:51:32.0406 1240 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:51:32.0421 1240 swenum - ok
15:51:32.0500 1240 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:51:32.0546 1240 swmidi - ok
15:51:32.0562 1240 SwPrv - ok
15:51:32.0578 1240 symc810 - ok
15:51:32.0578 1240 symc8xx - ok
15:51:32.0593 1240 sym_hi - ok
15:51:32.0609 1240 sym_u3 - ok
15:51:32.0671 1240 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:51:32.0687 1240 sysaudio - ok
15:51:32.0718 1240 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:51:32.0750 1240 SysmonLog - ok
15:51:32.0781 1240 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:51:32.0812 1240 TapiSrv - ok
15:51:32.0906 1240 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:51:32.0906 1240 Tcpip - ok
15:51:32.0953 1240 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:51:33.0000 1240 TDPIPE - ok
15:51:33.0031 1240 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:51:33.0062 1240 TDTCP - ok
15:51:33.0078 1240 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:51:33.0140 1240 TermDD - ok
15:51:33.0218 1240 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:51:33.0250 1240 TermService - ok
15:51:33.0312 1240 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:51:33.0312 1240 Themes - ok
15:51:33.0375 1240 [ 65E8E81C2F40ABCE9DB98FD232F86BF8 ] tiumfwl C:\WINDOWS\system32\drivers\tiumfwl.sys
15:51:33.0390 1240 tiumfwl - ok
15:51:33.0406 1240 TosIde - ok
15:51:33.0593 1240 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:51:33.0625 1240 TrkWks - ok
15:51:33.0687 1240 [ 9E39DC3022E6D84BF974678011A1EA4C ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
15:51:33.0718 1240 UBHelper - ok
15:51:33.0765 1240 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:51:33.0765 1240 Udfs - ok
15:51:33.0781 1240 ultra - ok
15:51:33.0843 1240 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:51:33.0890 1240 Update - ok
15:51:33.0953 1240 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:51:34.0000 1240 upnphost - ok
15:51:34.0031 1240 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:51:34.0046 1240 UPS - ok
15:51:34.0062 1240 USBAAPL - ok
15:51:34.0156 1240 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:51:34.0187 1240 usbaudio - ok
15:51:34.0234 1240 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:51:34.0250 1240 usbccgp - ok
15:51:34.0281 1240 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:51:34.0359 1240 usbehci - ok
15:51:34.0390 1240 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:51:34.0406 1240 usbhub - ok
15:51:34.0546 1240 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:51:34.0546 1240 usbohci - ok
15:51:34.0609 1240 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:51:34.0609 1240 usbprint - ok
15:51:34.0656 1240 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:51:34.0687 1240 usbscan - ok
15:51:34.0718 1240 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:51:34.0750 1240 USBSTOR - ok
15:51:34.0750 1240 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:51:34.0765 1240 VgaSave - ok
15:51:34.0765 1240 ViaIde - ok
15:51:34.0796 1240 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:51:34.0828 1240 VolSnap - ok
15:51:34.0875 1240 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:51:34.0921 1240 VSS - ok
15:51:35.0000 1240 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:51:35.0015 1240 W32Time - ok
15:51:35.0093 1240 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:51:35.0125 1240 Wanarp - ok
15:51:35.0125 1240 wanatw - ok
15:51:35.0140 1240 WDICA - ok
15:51:35.0171 1240 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:51:35.0171 1240 wdmaud - ok
15:51:35.0203 1240 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:51:35.0234 1240 WebClient - ok
15:51:35.0343 1240 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
15:51:35.0375 1240 WinDefend - ok
15:51:35.0531 1240 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:51:35.0625 1240 winmgmt - ok
15:51:35.0781 1240 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:51:35.0843 1240 WinRM - ok
15:51:35.0906 1240 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:51:35.0953 1240 WmdmPmSN - ok
15:51:35.0984 1240 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:51:35.0984 1240 WmiAcpi - ok
15:51:36.0062 1240 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:51:36.0078 1240 WmiApSrv - ok
15:51:36.0265 1240 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:51:36.0406 1240 WMPNetworkSvc - ok
15:51:36.0500 1240 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:51:36.0593 1240 WS2IFSL - ok
15:51:36.0734 1240 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:51:36.0765 1240 wscsvc - ok
15:51:36.0796 1240 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:51:36.0796 1240 wuauserv - ok
15:51:36.0843 1240 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:51:36.0875 1240 WudfPf - ok
15:51:36.0906 1240 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:51:36.0937 1240 WudfRd - ok
15:51:36.0984 1240 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:51:37.0031 1240 WudfSvc - ok
15:51:37.0203 1240 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:51:37.0250 1240 WZCSVC - ok
15:51:37.0281 1240 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:51:37.0328 1240 xmlprov - ok
15:51:37.0343 1240 ================ Scan global ===============================
15:51:37.0406 1240 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:51:37.0531 1240 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:51:37.0546 1240 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:51:37.0593 1240 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:51:37.0593 1240 [Global] - ok
15:51:37.0593 1240 ================ Scan MBR ==================================
15:51:37.0640 1240 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:51:37.0640 1240 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:51:37.0687 1240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:51:37.0687 1240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:51:37.0781 1240 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:51:37.0781 1240 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:51:37.0781 1240 ================ Scan VBR ==================================
15:51:37.0796 1240 [ 6DAF43F0AA5DA9ED0F7BF624336AA20F ] \Device\Harddisk0\DR0\Partition1
15:51:37.0796 1240 \Device\Harddisk0\DR0\Partition1 - ok
15:51:37.0796 1240 ============================================================
15:51:37.0796 1240 Scan finished
15:51:37.0796 1240 ============================================================
15:51:37.0812 0864 Detected object count: 2
15:51:37.0812 0864 Actual detected object count: 2
15:52:00.0171 0864 \Device\Harddisk0\DR0\# - copied to quarantine
15:52:00.0187 0864 \Device\Harddisk0\DR0 - copied to quarantine
15:52:00.0281 0864 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:52:00.0281 0864 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:52:00.0296 0864 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:52:00.0296 0864 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:52:00.0328 0864 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:52:00.0328 0864 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:52:00.0328 0864 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:52:00.0343 0864 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:52:00.0343 0864 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:52:00.0390 0864 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:52:00.0390 0864 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:52:00.0406 0864 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:52:00.0406 0864 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:52:00.0406 0864 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:52:00.0453 0864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:52:00.0453 0864 \Device\Harddisk0\DR0 - ok
15:52:00.0531 0864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:52:00.0531 0864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:52:00.0546 0864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:52:19.0125 3484 Deinitialize success



15:54:56.0531 1872 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:54:56.0984 1872 ============================================================
15:54:56.0984 1872 Current date / time: 2012/08/26 15:54:56.0984
15:54:56.0984 1872 SystemInfo:
15:54:56.0984 1872
15:54:56.0984 1872 OS Version: 5.1.2600 ServicePack: 3.0
15:54:56.0984 1872 Product type: Workstation
15:54:56.0984 1872 ComputerName: COMPAQ
15:54:56.0984 1872 UserName: Computer
15:54:56.0984 1872 Windows directory: C:\WINDOWS
15:54:56.0984 1872 System windows directory: C:\WINDOWS
15:54:56.0984 1872 Processor architecture: Intel x86
15:54:56.0984 1872 Number of processors: 1
15:54:56.0984 1872 Page size: 0x1000
15:54:56.0984 1872 Boot type: Normal boot
15:54:56.0984 1872 ============================================================
15:55:28.0390 1872 BG loaded
15:55:29.0375 1872 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:55:29.0437 1872 ============================================================
15:55:29.0437 1872 \Device\Harddisk0\DR0:
15:55:29.0500 1872 MBR partitions:
15:55:29.0500 1872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
15:55:29.0500 1872 ============================================================
15:55:29.0546 1872 C: <-> \Device\Harddisk0\DR0\Partition1
15:55:29.0546 1872 ============================================================
15:55:29.0546 1872 Initialize success
15:55:29.0546 1872 ============================================================
15:58:14.0375 1500 Deinitialize success

#4 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 26 August 2012 - 03:25 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 16:02:46
-----------------------------
16:02:46.781 OS Version: Windows 5.1.2600 Service Pack 3
16:02:46.781 Number of processors: 1 586 0x40A
16:02:46.781 ComputerName: COMPAQ UserName:
16:02:48.546 Initialize success
16:04:00.593 AVAST engine defs: 12082601
16:04:18.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:04:18.687 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD5A Size: 57231MB BusType: 3
16:04:18.734 Disk 0 MBR read successfully
16:04:18.734 Disk 0 MBR scan
16:04:18.921 Disk 0 Windows XP default MBR code
16:04:18.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
16:04:19.000 Disk 0 scanning sectors +117194175
16:04:19.265 Disk 0 scanning C:\WINDOWS\system32\drivers
16:04:54.171 Service scanning
16:05:20.968 Modules scanning
16:05:49.359 Disk 0 trace - called modules:
16:05:49.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:05:49.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f611f0]
16:05:49.953 3 CLASSPNP.SYS[f8605fd7] -> nt!IofCallDriver -> \Device\0000007a[0x82f409e8]
16:05:49.953 5 ACPI.sys[f844e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f60940]
16:05:52.250 AVAST engine scan C:\WINDOWS
16:06:38.578 AVAST engine scan C:\WINDOWS\system32
16:12:41.968 AVAST engine scan C:\WINDOWS\system32\drivers
16:13:02.546 AVAST engine scan C:\Documents and Settings\Computer
16:20:39.125 AVAST engine scan C:\Documents and Settings\All Users
16:22:32.781 Scan finished successfully
16:24:52.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Computer\Desktop\MBR.dat"
16:24:52.093 The log file has been saved successfully to "C:\Documents and Settings\Computer\Desktop\aswMBR.txt"

#5 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 26 August 2012 - 04:32 PM

I accidently closed ESET but I found the log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=887b163098ef6b45819cee659fdd295b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-26 09:27:51
# local_time=2012-08-26 05:27:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 25979542 25979542 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60615
# found=24
# cleaned=24
# scan_time=3475
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\37822-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\37822-15[4].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\37822-15[6].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\37822-15[8].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\imp[3] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\ttj[2] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16ZBA2SO\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\99RLOXC2\37822-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\99RLOXC2\37822-15[2].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\99RLOXC2\37938-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\99RLOXC2\ttj[5] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\99RLOXC2\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L1U2IM49\37938-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\37824-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\37824-15[2].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\37938-15[1].js HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttjCAFEH55M HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttjCAZRH8B7 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttj[11] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttj[1] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttj[2] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PZ92SUXF\ttj[9] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.08.2012_15.50.43\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.08.2012_15.50.43\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 AM

Posted 26 August 2012 - 08:38 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 26 August 2012 - 08:39 PM.


#7 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 01:52 PM

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Computer :: COMPAQ [administrator]

Protection: Enabled

8/27/2012 1:09:42 PM
mbam-log-2012-08-27 (13-09-42).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285015
Time elapsed: 1 hour(s), 41 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 01:55 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Computer (administrator) on 27-08-2012 at 14:54:38
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Disconnected)
Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : compaq

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-90-4B-5F-53-D6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, August 27, 2012 12:50:42 PM

Lease Expires . . . . . . . . . . : Tuesday, August 28, 2012 12:50:42 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.229, 74.125.226.227, 74.125.226.225, 74.125.226.232
74.125.226.233, 74.125.226.230, 74.125.226.226, 74.125.226.231, 74.125.226.238
74.125.226.224, 74.125.226.228



Pinging google.com [173.194.43.0] with 32 bytes of data:



Reply from 173.194.43.0: bytes=32 time=17ms TTL=251

Reply from 173.194.43.0: bytes=32 time=17ms TTL=252



Ping statistics for 173.194.43.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 17ms, Average = 17ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=187ms TTL=49

Reply from 98.139.183.24: bytes=32 time=107ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 107ms, Maximum = 187ms, Average = 147ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=48

Reply from 127.0.0.1: bytes=32 time<1ms TTL=48



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 90 4b 5f 53 d6 ...... Broadcom 54g MaxPerformance 802.11g - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 25
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 25
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 25
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2012 05:32:27 PM) (Source: MBAMService) (User: )
Description: MBAMService2012/08/24 17:32:27 -0400 COMPAQ ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (08/03/2012 06:52:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2012 06:52:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2012 06:33:33 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll . Error code = 0x80131047

Error: (08/03/2012 06:33:32 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll . Error code = 0x80131047

Error: (08/03/2012 06:33:32 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll . Error code = 0x80131047

Error: (08/03/2012 06:33:31 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll . Error code = 0x80131047

Error: (08/03/2012 06:33:31 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll . Error code = 0x80131047

Error: (08/03/2012 04:59:30 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Error: (08/03/2012 03:08:22 AM) (Source: Avira Antivirus) (User: NT AUTHORITY)NT AUTHORITY
Description: The virus definition file ANTIVIR.VDF could not be found!
Returned error code: 0x3


System errors:
=============
Error: (08/27/2012 00:51:16 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/27/2012 00:41:16 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/26/2012 03:55:54 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/26/2012 03:40:30 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/25/2012 00:17:59 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (08/25/2012 00:17:58 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (08/25/2012 00:15:57 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/25/2012 00:07:31 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (08/25/2012 00:07:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (08/25/2012 00:05:41 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 9.3.2 (Version: 9.3.2)
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Athlon 64 Processor Driver (Version: 1.1.0.14)
Avira Free Antivirus (Version: 12.0.0.1167)
Broadcom 802.11 Driver
Critical Update for Windows Media Player 11 (KB959772)
DirectX Media Runtime 5.1
ESET Online Scanner v3
Family Feud (remove only)
Haunted Hotel
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 (Version: 4.20.9818.0)
Netflix Movie Viewer (Version: 1.2.211)
NOES_screensaver
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
PCI 1620 Cardbus Controller and Software (Version: 1.00.0002)
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
RealUpgrade 1.0 (Version: 1.0.0)
SUPERAntiSpyware Free Edition (Version: 4.29.0.1002)
swMSM (Version: 12.0.0.1)
TI1620/1520 (Version: 1.00.0002)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
WebFldrs XP (Version: 9.50.6513)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 510.98 MB
Available physical RAM: 184 MB
Total Pagefile: 1375.1 MB
Available Pagefile: 909.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:42.84 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPAQ

Administrator ASPNET Computer
Guest HelpAssistant SUPPORT_0cbdf702
SUPPORT_388945a0


**** End of log ****

#9 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 01:56 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Computer (administrator) on 27-08-2012 at 14:56:16
Running from "C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\Content.IE5\OSX8ACXO"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x110000000500000001000000020000000300000004000000100000000F0000000E0000000D0000000C0000000B0000000A0000000900000008000000560000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 AM

Posted 27 August 2012 - 02:00 PM

Adware cleaner log?

15:52:00.0546 0864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Run TDSSkiller again and delete this


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#11 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 02:06 PM

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 14:57:16
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Computer - COMPAQ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\Content.IE5\OSX8ACXO\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Computer\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Viewpoint
File Deleted : C:\DOCUME~1\Computer\LOCALS~1\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Viewpoint
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Computer\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3558 octets] - [27/08/2012 14:57:16]

########## EOF - C:\AdwCleaner[S1].txt - [3686 octets] ##########

#12 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 02:16 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/27/2012 03:14:23 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/27/2012 03:14:55 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 AM

Posted 27 August 2012 - 02:18 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 jojoe0326

jojoe0326
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 27 August 2012 - 02:40 PM

Thank you so much for all of your help!!! Before I let you go could you suggest to me a good free Antivirus because I have been using Avira and I am not to happy with it, doesn't seem to be doing it's job. Thanks again so much!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:52 AM

Posted 27 August 2012 - 02:44 PM

Try microsoft security essentials

http://windows.microsoft.com/en-US/windows/products/security-essentials

How to prevent malwares

http://www.bleepingcomputer.com/forums/topic407147.html

safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users