Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacker


  • Please log in to reply
5 replies to this topic

#1 rhobbs

rhobbs

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 28 August 2012 - 07:09 AM

Please help, out of nowhere my browser has been hijacked by get-amazing-results.com I can't seem to remove it any suggestions?


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 28 August 2012 - 07:25 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:37 PM

Posted 28 August 2012 - 07:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Jack237

Jack237

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 30 August 2012 - 07:13 PM

Hello, i'm having the same (or similar) problem... Here is the log from TDSSKiller:

19:56:56.0337 0232 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:56:56.0712 0232 ============================================================
19:56:56.0712 0232 Current date / time: 2012/08/30 19:56:56.0712
19:56:56.0712 0232 SystemInfo:
19:56:56.0712 0232
19:56:56.0712 0232 OS Version: 5.1.2600 ServicePack: 3.0
19:56:56.0712 0232 Product type: Workstation
19:56:56.0712 0232 ComputerName: USER-CCD6CBBBF5
19:56:56.0712 0232 UserName: user
19:56:56.0712 0232 Windows directory: C:\WINDOWS
19:56:56.0712 0232 System windows directory: C:\WINDOWS
19:56:56.0712 0232 Processor architecture: Intel x86
19:56:56.0712 0232 Number of processors: 1
19:56:56.0712 0232 Page size: 0x1000
19:56:56.0712 0232 Boot type: Normal boot
19:56:56.0712 0232 ============================================================
19:56:59.0228 0232 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:56:59.0228 0232 ============================================================
19:56:59.0228 0232 \Device\Harddisk0\DR0:
19:56:59.0228 0232 MBR partitions:
19:56:59.0228 0232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:56:59.0228 0232 ============================================================
19:56:59.0259 0232 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:59.0259 0232 ============================================================
19:56:59.0259 0232 Initialize success
19:56:59.0259 0232 ============================================================
19:57:24.0415 3420 ============================================================
19:57:24.0415 3420 Scan started
19:57:24.0415 3420 Mode: Manual; TDLFS;
19:57:24.0415 3420 ============================================================
19:57:26.0056 3420 ================ Scan system memory ========================
19:57:26.0056 3420 System memory - ok
19:57:26.0071 3420 ================ Scan services =============================
19:57:26.0165 3420 Abiosdsk - ok
19:57:26.0165 3420 abp480n5 - ok
19:57:26.0212 3420 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:57:26.0212 3420 ACPI - ok
19:57:26.0259 3420 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:57:26.0259 3420 ACPIEC - ok
19:57:26.0275 3420 adpu160m - ok
19:57:26.0321 3420 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:57:26.0321 3420 aec - ok
19:57:26.0384 3420 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:57:26.0384 3420 AFD - ok
19:57:26.0384 3420 Aha154x - ok
19:57:26.0400 3420 aic78u2 - ok
19:57:26.0400 3420 aic78xx - ok
19:57:26.0446 3420 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:57:26.0446 3420 Alerter - ok
19:57:26.0478 3420 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:57:26.0478 3420 ALG - ok
19:57:26.0493 3420 AliIde - ok
19:57:26.0493 3420 amsint - ok
19:57:26.0540 3420 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:57:26.0556 3420 AppMgmt - ok
19:57:26.0556 3420 asc - ok
19:57:26.0556 3420 asc3350p - ok
19:57:26.0571 3420 asc3550 - ok
19:57:26.0665 3420 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:57:26.0665 3420 aspnet_state - ok
19:57:26.0681 3420 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:57:26.0681 3420 AsyncMac - ok
19:57:26.0696 3420 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:57:26.0696 3420 atapi - ok
19:57:26.0712 3420 Atdisk - ok
19:57:26.0728 3420 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:57:26.0728 3420 Atmarpc - ok
19:57:26.0790 3420 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:57:26.0790 3420 AudioSrv - ok
19:57:26.0806 3420 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:57:26.0806 3420 audstub - ok
19:57:26.0868 3420 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:57:26.0868 3420 b57w2k - ok
19:57:26.0946 3420 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:57:26.0962 3420 BCM43XX - ok
19:57:27.0025 3420 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:57:27.0025 3420 Beep - ok
19:57:27.0071 3420 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:57:27.0071 3420 Browser - ok
19:57:27.0118 3420 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:57:27.0118 3420 cbidf2k - ok
19:57:27.0134 3420 cd20xrnt - ok
19:57:27.0134 3420 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:57:27.0134 3420 Cdaudio - ok
19:57:27.0196 3420 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:57:27.0196 3420 Cdfs - ok
19:57:27.0228 3420 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:57:27.0228 3420 Cdrom - ok
19:57:27.0228 3420 cerc6 - ok
19:57:27.0243 3420 Changer - ok
19:57:27.0259 3420 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:57:27.0259 3420 CiSvc - ok
19:57:27.0275 3420 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:57:27.0290 3420 ClipSrv - ok
19:57:27.0384 3420 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:27.0384 3420 clr_optimization_v2.0.50727_32 - ok
19:57:27.0446 3420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:27.0446 3420 clr_optimization_v4.0.30319_32 - ok
19:57:27.0493 3420 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:57:27.0493 3420 CmBatt - ok
19:57:27.0509 3420 CmdIde - ok
19:57:27.0525 3420 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:57:27.0525 3420 Compbatt - ok
19:57:27.0540 3420 COMSysApp - ok
19:57:27.0556 3420 Cpqarray - ok
19:57:27.0587 3420 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:57:27.0603 3420 CryptSvc - ok
19:57:27.0603 3420 dac2w2k - ok
19:57:27.0618 3420 dac960nt - ok
19:57:27.0681 3420 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:57:27.0696 3420 DcomLaunch - ok
19:57:27.0728 3420 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:57:27.0728 3420 Dhcp - ok
19:57:27.0743 3420 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:57:27.0743 3420 Disk - ok
19:57:27.0759 3420 dmadmin - ok
19:57:27.0837 3420 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:57:27.0853 3420 dmboot - ok
19:57:27.0900 3420 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:57:27.0900 3420 dmio - ok
19:57:27.0931 3420 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:57:27.0931 3420 dmload - ok
19:57:27.0962 3420 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:57:27.0962 3420 dmserver - ok
19:57:28.0009 3420 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:57:28.0009 3420 DMusic - ok
19:57:28.0071 3420 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:57:28.0071 3420 Dnscache - ok
19:57:28.0118 3420 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:57:28.0118 3420 Dot3svc - ok
19:57:28.0134 3420 dpti2o - ok
19:57:28.0134 3420 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:57:28.0134 3420 drmkaud - ok
19:57:28.0150 3420 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:57:28.0165 3420 EapHost - ok
19:57:28.0181 3420 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:57:28.0196 3420 ERSvc - ok
19:57:28.0243 3420 esgiguard - ok
19:57:28.0290 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:57:28.0306 3420 Eventlog - ok
19:57:28.0337 3420 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:57:28.0353 3420 EventSystem - ok
19:57:28.0400 3420 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:57:28.0400 3420 Fastfat - ok
19:57:28.0462 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:57:28.0462 3420 FastUserSwitchingCompatibility - ok
19:57:28.0493 3420 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:57:28.0493 3420 Fdc - ok
19:57:28.0509 3420 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:57:28.0509 3420 Fips - ok
19:57:28.0525 3420 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:57:28.0525 3420 Flpydisk - ok
19:57:28.0603 3420 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:57:28.0618 3420 FltMgr - ok
19:57:28.0681 3420 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:28.0681 3420 FontCache3.0.0.0 - ok
19:57:28.0696 3420 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:57:28.0696 3420 Fs_Rec - ok
19:57:28.0712 3420 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:57:28.0712 3420 Ftdisk - ok
19:57:28.0743 3420 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:57:28.0743 3420 Gpc - ok
19:57:28.0806 3420 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
19:57:28.0821 3420 GTIPCI21 - ok
19:57:28.0884 3420 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:57:28.0884 3420 helpsvc - ok
19:57:28.0900 3420 HidServ - ok
19:57:28.0946 3420 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:57:28.0962 3420 HidUsb - ok
19:57:29.0009 3420 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:57:29.0009 3420 hkmsvc - ok
19:57:29.0025 3420 hpn - ok
19:57:29.0071 3420 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:57:29.0087 3420 HSFHWICH - ok
19:57:29.0150 3420 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
19:57:29.0181 3420 HSF_DPV - ok
19:57:29.0243 3420 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:57:29.0259 3420 HTTP - ok
19:57:29.0306 3420 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:57:29.0306 3420 HTTPFilter - ok
19:57:29.0321 3420 i2omgmt - ok
19:57:29.0337 3420 i2omp - ok
19:57:29.0353 3420 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:57:29.0353 3420 i8042prt - ok
19:57:29.0462 3420 [ 643162FBC619E35D3F1A90A095A5BB42 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:57:29.0493 3420 ialm - ok
19:57:29.0650 3420 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:29.0681 3420 idsvc - ok
19:57:29.0743 3420 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:57:29.0743 3420 Imapi - ok
19:57:29.0806 3420 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:57:29.0806 3420 ImapiService - ok
19:57:29.0821 3420 ini910u - ok
19:57:29.0884 3420 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:57:29.0884 3420 IntelIde - ok
19:57:29.0946 3420 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:57:29.0946 3420 intelppm - ok
19:57:29.0978 3420 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:57:29.0993 3420 Ip6Fw - ok
19:57:30.0025 3420 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:57:30.0025 3420 IpFilterDriver - ok
19:57:30.0040 3420 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:57:30.0040 3420 IpInIp - ok
19:57:30.0087 3420 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:57:30.0087 3420 IpNat - ok
19:57:30.0150 3420 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:57:30.0150 3420 IPSec - ok
19:57:30.0212 3420 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:57:30.0212 3420 IRENUM - ok
19:57:30.0228 3420 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:57:30.0228 3420 isapnp - ok
19:57:30.0259 3420 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:57:30.0259 3420 Kbdclass - ok
19:57:30.0321 3420 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:57:30.0321 3420 kmixer - ok
19:57:30.0353 3420 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:57:30.0368 3420 KSecDD - ok
19:57:30.0415 3420 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:57:30.0415 3420 LanmanServer - ok
19:57:30.0478 3420 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:57:30.0493 3420 lanmanworkstation - ok
19:57:30.0493 3420 lbrtfdc - ok
19:57:30.0571 3420 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:57:30.0571 3420 LmHosts - ok
19:57:30.0775 3420 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:57:30.0790 3420 MDM - ok
19:57:30.0821 3420 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:57:30.0821 3420 mdmxsdk - ok
19:57:30.0837 3420 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:57:30.0837 3420 Messenger - ok
19:57:30.0884 3420 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:57:30.0884 3420 mnmdd - ok
19:57:30.0931 3420 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:57:30.0931 3420 mnmsrvc - ok
19:57:30.0962 3420 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:57:30.0978 3420 Modem - ok
19:57:30.0978 3420 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:57:30.0978 3420 Mouclass - ok
19:57:31.0040 3420 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:57:31.0040 3420 mouhid - ok
19:57:31.0071 3420 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:57:31.0071 3420 MountMgr - ok
19:57:31.0087 3420 mraid35x - ok
19:57:31.0118 3420 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:57:31.0118 3420 MRxDAV - ok
19:57:31.0196 3420 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:57:31.0212 3420 MRxSmb - ok
19:57:31.0243 3420 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:57:31.0259 3420 MSDTC - ok
19:57:31.0275 3420 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:57:31.0275 3420 Msfs - ok
19:57:31.0275 3420 MSIServer - ok
19:57:31.0321 3420 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:57:31.0321 3420 MSKSSRV - ok
19:57:31.0337 3420 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:57:31.0337 3420 MSPCLOCK - ok
19:57:31.0353 3420 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:57:31.0353 3420 MSPQM - ok
19:57:31.0415 3420 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:57:31.0415 3420 mssmbios - ok
19:57:31.0462 3420 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:57:31.0462 3420 Mup - ok
19:57:31.0509 3420 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:57:31.0525 3420 napagent - ok
19:57:31.0525 3420 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:57:31.0540 3420 NDIS - ok
19:57:31.0587 3420 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:57:31.0587 3420 NdisTapi - ok
19:57:31.0650 3420 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:57:31.0650 3420 Ndisuio - ok
19:57:31.0696 3420 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:57:31.0696 3420 NdisWan - ok
19:57:31.0728 3420 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:57:31.0728 3420 NDProxy - ok
19:57:31.0728 3420 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:57:31.0743 3420 NetBIOS - ok
19:57:31.0775 3420 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:57:31.0790 3420 NetBT - ok
19:57:31.0821 3420 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:57:31.0837 3420 NetDDE - ok
19:57:31.0837 3420 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:57:31.0853 3420 NetDDEdsdm - ok
19:57:31.0884 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:57:31.0884 3420 Netlogon - ok
19:57:31.0915 3420 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:57:31.0931 3420 Netman - ok
19:57:31.0978 3420 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:57:31.0978 3420 NetTcpPortSharing - ok
19:57:32.0040 3420 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:57:32.0056 3420 Nla - ok
19:57:32.0071 3420 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:57:32.0087 3420 Npfs - ok
19:57:32.0118 3420 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:57:32.0134 3420 Ntfs - ok
19:57:32.0150 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:57:32.0150 3420 NtLmSsp - ok
19:57:32.0196 3420 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:57:32.0212 3420 NtmsSvc - ok
19:57:32.0243 3420 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:57:32.0243 3420 Null - ok
19:57:32.0290 3420 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:57:32.0290 3420 NwlnkFlt - ok
19:57:32.0306 3420 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:57:32.0306 3420 NwlnkFwd - ok
19:57:32.0431 3420 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:32.0446 3420 odserv - ok
19:57:32.0493 3420 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:32.0493 3420 ose - ok
19:57:32.0525 3420 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:57:32.0525 3420 Parport - ok
19:57:32.0540 3420 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:57:32.0540 3420 PartMgr - ok
19:57:32.0618 3420 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:57:32.0634 3420 ParVdm - ok
19:57:32.0634 3420 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:57:32.0634 3420 PCI - ok
19:57:32.0650 3420 PCIDump - ok
19:57:32.0665 3420 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:57:32.0665 3420 PCIIde - ok
19:57:32.0728 3420 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:57:32.0728 3420 Pcmcia - ok
19:57:32.0743 3420 PDCOMP - ok
19:57:32.0759 3420 PDFRAME - ok
19:57:32.0759 3420 PDRELI - ok
19:57:32.0775 3420 PDRFRAME - ok
19:57:32.0790 3420 perc2 - ok
19:57:32.0790 3420 perc2hib - ok
19:57:32.0837 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:57:32.0837 3420 PlugPlay - ok
19:57:32.0853 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:57:32.0853 3420 PolicyAgent - ok
19:57:32.0868 3420 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:57:32.0868 3420 PptpMiniport - ok
19:57:32.0884 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:57:32.0884 3420 ProtectedStorage - ok
19:57:32.0900 3420 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:57:32.0900 3420 PSched - ok
19:57:32.0915 3420 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:57:32.0915 3420 Ptilink - ok
19:57:32.0915 3420 ql1080 - ok
19:57:32.0915 3420 Ql10wnt - ok
19:57:32.0931 3420 ql12160 - ok
19:57:32.0931 3420 ql1240 - ok
19:57:32.0946 3420 ql1280 - ok
19:57:32.0946 3420 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:57:32.0946 3420 RasAcd - ok
19:57:32.0978 3420 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:57:32.0978 3420 RasAuto - ok
19:57:32.0978 3420 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:57:32.0993 3420 Rasl2tp - ok
19:57:33.0040 3420 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:57:33.0040 3420 RasMan - ok
19:57:33.0056 3420 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:57:33.0056 3420 RasPppoe - ok
19:57:33.0056 3420 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:57:33.0056 3420 Raspti - ok
19:57:33.0071 3420 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:57:33.0087 3420 Rdbss - ok
19:57:33.0103 3420 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:57:33.0103 3420 RDPCDD - ok
19:57:33.0134 3420 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:57:33.0134 3420 rdpdr - ok
19:57:33.0181 3420 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:57:33.0196 3420 RDPWD - ok
19:57:33.0228 3420 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:57:33.0228 3420 RDSessMgr - ok
19:57:33.0259 3420 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:57:33.0259 3420 redbook - ok
19:57:33.0306 3420 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:57:33.0306 3420 RemoteAccess - ok
19:57:33.0337 3420 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:57:33.0337 3420 RemoteRegistry - ok
19:57:33.0368 3420 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:57:33.0384 3420 RpcLocator - ok
19:57:33.0415 3420 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:57:33.0431 3420 RpcSs - ok
19:57:33.0478 3420 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:57:33.0478 3420 RSVP - ok
19:57:33.0493 3420 s24trans - ok
19:57:33.0525 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:57:33.0525 3420 SamSs - ok
19:57:33.0634 3420 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:57:33.0650 3420 SCardSvr - ok
19:57:33.0696 3420 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:57:33.0712 3420 Schedule - ok
19:57:33.0743 3420 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:57:33.0743 3420 Secdrv - ok
19:57:33.0759 3420 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:57:33.0759 3420 seclogon - ok
19:57:33.0759 3420 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:57:33.0775 3420 SENS - ok
19:57:33.0806 3420 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:57:33.0806 3420 serenum - ok
19:57:33.0806 3420 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:57:33.0821 3420 Serial - ok
19:57:33.0853 3420 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:57:33.0853 3420 Sfloppy - ok
19:57:33.0868 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:57:33.0884 3420 ShellHWDetection - ok
19:57:33.0884 3420 Simbad - ok
19:57:33.0915 3420 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:57:33.0915 3420 SkypeUpdate - ok
19:57:33.0931 3420 Sparrow - ok
19:57:33.0978 3420 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:57:33.0978 3420 splitter - ok
19:57:34.0040 3420 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:57:34.0040 3420 Spooler - ok
19:57:34.0071 3420 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:57:34.0071 3420 sr - ok
19:57:34.0103 3420 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:57:34.0103 3420 srservice - ok
19:57:34.0165 3420 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:57:34.0181 3420 Srv - ok
19:57:34.0243 3420 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:57:34.0243 3420 SSDPSRV - ok
19:57:34.0321 3420 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:57:34.0321 3420 STAC97 - ok
19:57:34.0400 3420 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:57:34.0400 3420 stisvc - ok
19:57:34.0431 3420 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:57:34.0431 3420 swenum - ok
19:57:34.0446 3420 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:57:34.0446 3420 swmidi - ok
19:57:34.0462 3420 SwPrv - ok
19:57:34.0462 3420 symc810 - ok
19:57:34.0478 3420 symc8xx - ok
19:57:34.0493 3420 sym_hi - ok
19:57:34.0493 3420 sym_u3 - ok
19:57:34.0525 3420 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:57:34.0525 3420 sysaudio - ok
19:57:34.0587 3420 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:57:34.0634 3420 SysmonLog - ok
19:57:34.0696 3420 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:57:34.0696 3420 TapiSrv - ok
19:57:34.0790 3420 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:57:34.0790 3420 Tcpip - ok
19:57:34.0837 3420 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:57:34.0837 3420 TDPIPE - ok
19:57:34.0868 3420 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:57:34.0868 3420 TDTCP - ok
19:57:34.0884 3420 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:57:34.0884 3420 TermDD - ok
19:57:34.0931 3420 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:57:34.0946 3420 TermService - ok
19:57:34.0978 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:57:34.0978 3420 Themes - ok
19:57:35.0009 3420 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:57:35.0025 3420 TlntSvr - ok
19:57:35.0025 3420 TosIde - ok
19:57:35.0040 3420 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:57:35.0056 3420 TrkWks - ok
19:57:35.0071 3420 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:57:35.0071 3420 Udfs - ok
19:57:35.0087 3420 UIUSys - ok
19:57:35.0103 3420 ultra - ok
19:57:35.0165 3420 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:57:35.0181 3420 Update - ok
19:57:35.0243 3420 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:57:35.0259 3420 upnphost - ok
19:57:35.0290 3420 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:57:35.0290 3420 UPS - ok
19:57:35.0337 3420 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:57:35.0353 3420 usbaudio - ok
19:57:35.0368 3420 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:57:35.0368 3420 usbccgp - ok
19:57:35.0400 3420 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:57:35.0415 3420 usbehci - ok
19:57:35.0415 3420 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:57:35.0415 3420 usbhub - ok
19:57:35.0478 3420 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:57:35.0493 3420 USBSTOR - ok
19:57:35.0540 3420 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:57:35.0540 3420 usbuhci - ok
19:57:35.0556 3420 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:57:35.0556 3420 VgaSave - ok
19:57:35.0556 3420 ViaIde - ok
19:57:35.0603 3420 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:57:35.0603 3420 VolSnap - ok
19:57:35.0696 3420 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:57:35.0712 3420 VSS - ok
19:57:35.0884 3420 [ D6006DE6A6ED423D8016A03BC50CBE6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:57:35.0931 3420 w29n51 - ok
19:57:36.0009 3420 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:57:36.0009 3420 W32Time - ok
19:57:36.0040 3420 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:57:36.0040 3420 Wanarp - ok
19:57:36.0056 3420 WDICA - ok
19:57:36.0071 3420 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:57:36.0087 3420 wdmaud - ok
19:57:36.0103 3420 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:57:36.0103 3420 WebClient - ok
19:57:36.0165 3420 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:57:36.0181 3420 winachsf - ok
19:57:36.0321 3420 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:57:36.0321 3420 winmgmt - ok
19:57:36.0415 3420 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:57:36.0446 3420 WinRM - ok
19:57:36.0509 3420 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:57:36.0509 3420 WmdmPmSN - ok
19:57:36.0634 3420 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:57:36.0650 3420 Wmi - ok
19:57:36.0806 3420 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:57:36.0821 3420 WmiApSrv - ok
19:57:36.0900 3420 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:57:36.0931 3420 WMPNetworkSvc - ok
19:57:37.0056 3420 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:57:37.0071 3420 WPFFontCache_v0400 - ok
19:57:37.0087 3420 WSearch - ok
19:57:37.0134 3420 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:57:37.0134 3420 WudfPf - ok
19:57:37.0165 3420 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:57:37.0165 3420 WudfRd - ok
19:57:37.0196 3420 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:57:37.0212 3420 WudfSvc - ok
19:57:37.0290 3420 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:57:37.0306 3420 WZCSVC - ok
19:57:37.0337 3420 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:57:37.0353 3420 xmlprov - ok
19:57:37.0368 3420 ================ Scan global ===============================
19:57:37.0400 3420 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:57:37.0462 3420 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:57:37.0493 3420 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:57:37.0525 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:57:37.0525 3420 [Global] - ok
19:57:37.0525 3420 ================ Scan MBR ==================================
19:57:37.0556 3420 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:57:37.0884 3420 \Device\Harddisk0\DR0 - ok
19:57:37.0884 3420 ================ Scan VBR ==================================
19:57:37.0884 3420 [ 02C3F466431B06111AD8EAF07936477C ] \Device\Harddisk0\DR0\Partition1
19:57:37.0900 3420 \Device\Harddisk0\DR0\Partition1 - ok
19:57:37.0900 3420 ============================================================
19:57:37.0900 3420 Scan finished
19:57:37.0900 3420 ============================================================
19:57:37.0915 3000 Detected object count: 0
19:57:37.0915 3000 Actual detected object count: 0


I'll go ahead and continue the rest of the steps you advised earlier in the thread...

Thanks!

#4 Jack237

Jack237

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 30 August 2012 - 07:22 PM

Here's aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 20:15:26
-----------------------------
20:15:26.993 OS Version: Windows 5.1.2600 Service Pack 3
20:15:26.993 Number of processors: 1 586 0xD08
20:15:26.993 ComputerName: USER-CCD6CBBBF5 UserName: user
20:15:28.743 Initialize success
20:19:26.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:19:26.603 Disk 0 Vendor: HTS541040G9AT00 MB2IA60A Size: 38154MB BusType: 3
20:19:26.634 Disk 0 MBR read successfully
20:19:26.634 Disk 0 MBR scan
20:19:26.634 Disk 0 Windows XP default MBR code
20:19:26.634 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
20:19:26.634 Disk 0 scanning sectors +78140160
20:19:26.837 Disk 0 scanning C:\WINDOWS\system32\drivers
20:19:32.400 Service scanning
20:19:43.915 Modules scanning
20:19:52.196 Disk 0 trace - called modules:
20:19:52.228 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:19:52.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d74ab8]
20:19:52.228 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89da7940]
20:19:52.728 Scan finished successfully
20:20:15.290 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
20:20:15.290 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"

#5 Jack237

Jack237

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 30 August 2012 - 08:29 PM

...and here is the ESET:

C:\Documents and Settings\user\Local Settings\Application Data\{243cc611-aecd-a978-9eb2-39c34caaca52}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\user\Local Settings\Temp\NOD17E9.tmp Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\ECI0KQU9\index2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\ECI0KQU9\main[1].htm JS/Kryptik.PH trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{243cc611-aecd-a978-9eb2-39c34caaca52}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Installer\{243cc611-aecd-a978-9eb2-39c34caaca52}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{243cc611-aecd-a978-9eb2-39c34caaca52}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{243cc611-aecd-a978-9eb2-39c34caaca52}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{243cc611-aecd-a978-9eb2-39c34caaca52}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.FD trojan



It says it was "cleaned by deleting"...?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:37 PM

Posted 30 August 2012 - 08:55 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users