Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect


  • Please log in to reply
14 replies to this topic

#1 kephyr

kephyr

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 10:41 AM

I have a Dell computer running Windows XP Pro (SP3) that is getting redirected when we do any search engine searches (Bing, Google, Yahoo). Currently it's re-directing us to Scour Search, but it has done others. This has been happening for a few weeks now. It occurs in both Internet Explorer and Firefox. I also run Safe Central, which is a controlled browser environment, and the re-direct does not occur there.

A few weeks ago, this computer was infected with the FBI Warning virus. I booted into safe mode, downloaded the Emsisoft package and ran that. It seemd to have taken care of it. I turned off system restore, rebooted and then turned system restore back on.

I run Command Anti-virus and it found a lot of damaged files but no infections. I ran Malware-Bytes and it found no infections. I ran TDSSKiller again (in Safe Mode) and it reported nothing. I tried to run system restore but it wouldn't change the dates or find any other restore points. I figured it was corrupted and turned it off to clear it.

Needless to say, there is something in there but I'm at a loss as to how to exorcise this demon.

Edited by kephyr, 29 August 2012 - 10:55 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 29 August 2012 - 10:42 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 01:49 PM

Here are the results;

TDSSKiller:

12:23:40.0140 1316 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:23:40.0406 1316 ============================================================
12:23:40.0406 1316 Current date / time: 2012/08/29 12:23:40.0406
12:23:40.0406 1316 SystemInfo:
12:23:40.0406 1316
12:23:40.0406 1316 OS Version: 5.1.2600 ServicePack: 3.0
12:23:40.0406 1316 Product type: Workstation
12:23:40.0406 1316 ComputerName: DAVID-DESKTOP
12:23:40.0406 1316 UserName: David
12:23:40.0406 1316 Windows directory: C:\WINDOWS
12:23:40.0406 1316 System windows directory: C:\WINDOWS
12:23:40.0406 1316 Processor architecture: Intel x86
12:23:40.0406 1316 Number of processors: 2
12:23:40.0406 1316 Page size: 0x1000
12:23:40.0406 1316 Boot type: Normal boot
12:23:40.0406 1316 ============================================================
12:23:41.0031 1316 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:23:41.0031 1316 ============================================================
12:23:41.0031 1316 \Device\Harddisk0\DR0:
12:23:41.0031 1316 MBR partitions:
12:23:41.0031 1316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
12:23:41.0031 1316 ============================================================
12:23:41.0062 1316 C: <-> \Device\Harddisk0\DR0\Partition1
12:23:41.0062 1316 ============================================================
12:23:41.0062 1316 Initialize success
12:23:41.0062 1316 ============================================================
12:24:11.0500 3188 ============================================================
12:24:11.0500 3188 Scan started
12:24:11.0500 3188 Mode: Manual; TDLFS;
12:24:11.0500 3188 ============================================================
12:24:11.0687 3188 ================ Scan system memory ========================
12:24:11.0687 3188 System memory - ok
12:24:11.0687 3188 ================ Scan services =============================
12:24:11.0812 3188 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\NHCS DOWNLOADS\EMSISOFT\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys
12:24:11.0828 3188 A2DDA - ok
12:24:11.0890 3188 Abiosdsk - ok
12:24:11.0906 3188 abp480n5 - ok
12:24:11.0953 3188 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:24:11.0953 3188 ACPI - ok
12:24:12.0000 3188 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:24:12.0000 3188 ACPIEC - ok
12:24:12.0109 3188 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:24:12.0140 3188 AdobeFlashPlayerUpdateSvc - ok
12:24:12.0140 3188 adpu160m - ok
12:24:12.0187 3188 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:24:12.0203 3188 aec - ok
12:24:12.0250 3188 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:24:12.0265 3188 AFD - ok
12:24:12.0328 3188 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:24:12.0328 3188 AFS2K - ok
12:24:12.0343 3188 Aha154x - ok
12:24:12.0343 3188 aic78u2 - ok
12:24:12.0343 3188 aic78xx - ok
12:24:12.0359 3188 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:24:12.0375 3188 Alerter - ok
12:24:12.0390 3188 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:24:12.0390 3188 ALG - ok
12:24:12.0406 3188 AliIde - ok
12:24:12.0453 3188 [ 0AD0F3CC5C1EC3D27F9DE8D46BC72F47 ] AMP C:\WINDOWS\system32\DRIVERS\amp.sys
12:24:12.0468 3188 AMP - ok
12:24:12.0500 3188 [ C0A8D31E0AC2A91225835A99B094E739 ] AMPSE C:\WINDOWS\system32\DRIVERS\ampse.sys
12:24:12.0531 3188 AMPSE - ok
12:24:12.0531 3188 amsint - ok
12:24:12.0578 3188 [ E83F8DAEB216B325D86A71B42A1229B0 ] Apix C:\WINDOWS\system32\drivers\apix.sys
12:24:12.0578 3188 Apix - ok
12:24:12.0625 3188 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:24:12.0625 3188 AppMgmt - ok
12:24:12.0640 3188 asc - ok
12:24:12.0640 3188 asc3350p - ok
12:24:12.0640 3188 asc3550 - ok
12:24:12.0750 3188 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:24:12.0765 3188 aspnet_state - ok
12:24:12.0812 3188 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:24:12.0812 3188 AsyncMac - ok
12:24:12.0859 3188 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
12:24:12.0875 3188 atapi - ok
12:24:12.0875 3188 Atdisk - ok
12:24:12.0906 3188 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:24:12.0921 3188 Atmarpc - ok
12:24:12.0953 3188 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:24:12.0953 3188 AudioSrv - ok
12:24:13.0015 3188 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:24:13.0015 3188 audstub - ok
12:24:13.0203 3188 [ 11CE7B30793FCDBCC9BF60DD7D3998DA ] AuthPluginServer C:\Program Files\SafeCentral\Server\AuthPluginServer.exe
12:24:13.0671 3188 AuthPluginServer - ok
12:24:13.0718 3188 [ 0502B618B45F993B13F6B963399D3821 ] AuthUpdaterService C:\Program Files\SafeCentral\Updater\AuthUpdaterService.exe
12:24:14.0359 3188 AuthUpdaterService - ok
12:24:14.0406 3188 [ 5C24BD27BEB2E509C40618D18E0AF034 ] avrpts C:\Program Files\Authentium\CSAM5\avrpts.exe
12:24:14.0765 3188 avrpts - ok
12:24:14.0828 3188 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:24:14.0843 3188 Beep - ok
12:24:14.0875 3188 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:24:14.0890 3188 Browser - ok
12:24:14.0921 3188 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:24:14.0921 3188 cbidf2k - ok
12:24:14.0953 3188 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:24:14.0953 3188 CCDECODE - ok
12:24:14.0953 3188 cd20xrnt - ok
12:24:14.0968 3188 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:24:14.0968 3188 Cdaudio - ok
12:24:15.0015 3188 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:24:15.0015 3188 Cdfs - ok
12:24:15.0078 3188 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:24:15.0093 3188 Cdrom - ok
12:24:15.0093 3188 cerc6 - ok
12:24:15.0093 3188 Changer - ok
12:24:15.0125 3188 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:24:15.0125 3188 CiSvc - ok
12:24:15.0140 3188 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:24:15.0140 3188 ClipSrv - ok
12:24:15.0156 3188 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:15.0187 3188 clr_optimization_v2.0.50727_32 - ok
12:24:15.0187 3188 CmdIde - ok
12:24:15.0203 3188 COMSysApp - ok
12:24:15.0203 3188 Cpqarray - ok
12:24:15.0250 3188 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:24:15.0250 3188 CryptSvc - ok
12:24:15.0250 3188 dac2w2k - ok
12:24:15.0265 3188 dac960nt - ok
12:24:15.0343 3188 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:24:15.0343 3188 DcomLaunch - ok
12:24:15.0359 3188 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:24:15.0359 3188 Dhcp - ok
12:24:15.0375 3188 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:24:15.0375 3188 Disk - ok
12:24:15.0406 3188 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
12:24:15.0406 3188 DLABMFSM - ok
12:24:15.0421 3188 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
12:24:15.0421 3188 DLABOIOM - ok
12:24:15.0421 3188 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:24:15.0437 3188 DLACDBHM - ok
12:24:15.0437 3188 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
12:24:15.0437 3188 DLADResM - ok
12:24:15.0437 3188 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
12:24:15.0437 3188 DLAIFS_M - ok
12:24:15.0437 3188 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
12:24:15.0453 3188 DLAOPIOM - ok
12:24:15.0453 3188 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
12:24:15.0453 3188 DLAPoolM - ok
12:24:15.0453 3188 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
12:24:15.0453 3188 DLARTL_M - ok
12:24:15.0453 3188 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
12:24:15.0468 3188 DLAUDFAM - ok
12:24:15.0500 3188 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
12:24:15.0500 3188 DLAUDF_M - ok
12:24:15.0500 3188 dmadmin - ok
12:24:15.0578 3188 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:24:15.0609 3188 dmboot - ok
12:24:15.0625 3188 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:24:15.0625 3188 dmio - ok
12:24:15.0640 3188 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:24:15.0640 3188 dmload - ok
12:24:15.0671 3188 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:24:15.0671 3188 dmserver - ok
12:24:15.0750 3188 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:24:15.0750 3188 DMusic - ok
12:24:15.0828 3188 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:24:15.0843 3188 Dnscache - ok
12:24:15.0890 3188 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:24:15.0890 3188 Dot3svc - ok
12:24:15.0906 3188 dpti2o - ok
12:24:15.0937 3188 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:24:15.0937 3188 drmkaud - ok
12:24:15.0953 3188 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:24:15.0953 3188 DRVMCDB - ok
12:24:16.0015 3188 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:24:16.0015 3188 DRVNDDM - ok
12:24:16.0078 3188 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:24:16.0078 3188 EapHost - ok
12:24:16.0109 3188 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:24:16.0109 3188 ERSvc - ok
12:24:16.0171 3188 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:24:16.0203 3188 Eventlog - ok
12:24:16.0234 3188 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:24:16.0234 3188 EventSystem - ok
12:24:16.0265 3188 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:24:16.0281 3188 Fastfat - ok
12:24:16.0328 3188 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:24:16.0328 3188 FastUserSwitchingCompatibility - ok
12:24:16.0343 3188 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:24:16.0343 3188 Fdc - ok
12:24:16.0359 3188 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:24:16.0375 3188 Fips - ok
12:24:16.0375 3188 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:24:16.0390 3188 Flpydisk - ok
12:24:16.0468 3188 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:24:16.0468 3188 FltMgr - ok
12:24:16.0546 3188 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:24:16.0562 3188 FontCache3.0.0.0 - ok
12:24:16.0562 3188 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:24:16.0562 3188 Fs_Rec - ok
12:24:16.0578 3188 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:24:16.0578 3188 Ftdisk - ok
12:24:16.0609 3188 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:24:16.0625 3188 Gpc - ok
12:24:16.0687 3188 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:24:16.0703 3188 HDAudBus - ok
12:24:16.0812 3188 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:24:16.0828 3188 helpsvc - ok
12:24:16.0828 3188 HidServ - ok
12:24:16.0890 3188 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:24:16.0890 3188 hidusb - ok
12:24:16.0937 3188 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:24:16.0937 3188 hkmsvc - ok
12:24:16.0937 3188 hpn - ok
12:24:17.0046 3188 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:24:17.0062 3188 hpqcxs08 - ok
12:24:17.0109 3188 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:24:17.0125 3188 hpqddsvc - ok
12:24:17.0390 3188 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:24:17.0406 3188 HPSLPSVC - ok
12:24:17.0468 3188 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:24:17.0484 3188 HPZid412 - ok
12:24:17.0500 3188 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:24:17.0500 3188 HPZipr12 - ok
12:24:17.0500 3188 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:24:17.0546 3188 HPZius12 - ok
12:24:17.0718 3188 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:24:17.0718 3188 HTTP - ok
12:24:17.0765 3188 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:24:17.0765 3188 HTTPFilter - ok
12:24:17.0765 3188 i2omgmt - ok
12:24:17.0781 3188 i2omp - ok
12:24:17.0796 3188 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:24:17.0812 3188 i8042prt - ok
12:24:18.0000 3188 [ 2DA364EE62D4949620B6FAE4FFEA16A7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:24:18.0281 3188 ialm - ok
12:24:18.0343 3188 [ 707C1692214B1C290271067197F075F6 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
12:24:18.0359 3188 iastor - ok
12:24:18.0421 3188 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:24:18.0453 3188 idsvc - ok
12:24:18.0500 3188 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:24:18.0500 3188 Imapi - ok
12:24:18.0562 3188 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:24:18.0562 3188 ImapiService - ok
12:24:18.0562 3188 ini910u - ok
12:24:18.0640 3188 [ 5C8F36CDCB489111B24003AF4DFE1FDC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:24:18.0671 3188 IntcAzAudAddService - ok
12:24:18.0718 3188 [ C9EF68BEE3B1A62F34125A9FBBAAC10C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
12:24:18.0718 3188 IntcHdmiAddService - ok
12:24:18.0718 3188 IntelIde - ok
12:24:18.0781 3188 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:24:18.0781 3188 intelppm - ok
12:24:18.0828 3188 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:24:18.0843 3188 Ip6Fw - ok
12:24:18.0890 3188 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:24:18.0890 3188 IpFilterDriver - ok
12:24:18.0890 3188 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:24:18.0906 3188 IpInIp - ok
12:24:18.0921 3188 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:24:18.0937 3188 IpNat - ok
12:24:19.0000 3188 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:24:19.0000 3188 IPSec - ok
12:24:19.0031 3188 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:24:19.0031 3188 IRENUM - ok
12:24:19.0078 3188 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:24:19.0078 3188 isapnp - ok
12:24:19.0140 3188 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:24:19.0156 3188 JavaQuickStarterService - ok
12:24:19.0203 3188 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:24:19.0218 3188 Kbdclass - ok
12:24:19.0218 3188 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:24:19.0234 3188 kbdhid - ok
12:24:19.0250 3188 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:24:19.0250 3188 kmixer - ok
12:24:19.0312 3188 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:24:19.0312 3188 KSecDD - ok
12:24:19.0375 3188 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:24:19.0375 3188 LanmanServer - ok
12:24:19.0437 3188 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:24:19.0453 3188 lanmanworkstation - ok
12:24:19.0453 3188 lbrtfdc - ok
12:24:19.0500 3188 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:24:19.0500 3188 LmHosts - ok
12:24:19.0578 3188 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:24:19.0578 3188 MBAMProtector - ok
12:24:19.0703 3188 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:24:19.0734 3188 MBAMService - ok
12:24:19.0750 3188 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:24:19.0750 3188 Messenger - ok
12:24:19.0796 3188 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:24:19.0796 3188 mnmdd - ok
12:24:19.0859 3188 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:24:19.0875 3188 mnmsrvc - ok
12:24:19.0890 3188 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:24:19.0890 3188 Modem - ok
12:24:19.0921 3188 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:24:19.0921 3188 Mouclass - ok
12:24:19.0984 3188 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:24:19.0984 3188 mouhid - ok
12:24:20.0046 3188 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:24:20.0046 3188 MountMgr - ok
12:24:20.0093 3188 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:24:20.0109 3188 MozillaMaintenance - ok
12:24:20.0109 3188 mraid35x - ok
12:24:20.0109 3188 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:24:20.0109 3188 MRxDAV - ok
12:24:20.0171 3188 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:24:20.0171 3188 MRxSmb - ok
12:24:20.0203 3188 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:24:20.0203 3188 MSDTC - ok
12:24:20.0218 3188 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:24:20.0218 3188 Msfs - ok
12:24:20.0218 3188 MSIServer - ok
12:24:20.0250 3188 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:24:20.0250 3188 MSKSSRV - ok
12:24:20.0265 3188 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:24:20.0265 3188 MSPCLOCK - ok
12:24:20.0265 3188 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:24:20.0281 3188 MSPQM - ok
12:24:20.0328 3188 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:24:20.0328 3188 mssmbios - ok
12:24:20.0359 3188 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:24:20.0375 3188 MSTEE - ok
12:24:20.0406 3188 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:24:20.0406 3188 Mup - ok
12:24:20.0453 3188 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:24:20.0453 3188 NABTSFEC - ok
12:24:20.0484 3188 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:24:20.0484 3188 napagent - ok
12:24:20.0515 3188 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:24:20.0515 3188 NDIS - ok
12:24:20.0546 3188 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:24:20.0546 3188 NdisIP - ok
12:24:20.0593 3188 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:24:20.0593 3188 NdisTapi - ok
12:24:20.0640 3188 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:24:20.0640 3188 Ndisuio - ok
12:24:20.0656 3188 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:24:20.0656 3188 NdisWan - ok
12:24:20.0718 3188 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:24:20.0718 3188 NDProxy - ok
12:24:20.0781 3188 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:24:20.0781 3188 Net Driver HPZ12 - ok
12:24:20.0843 3188 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:24:20.0843 3188 NetBIOS - ok
12:24:20.0859 3188 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:24:20.0875 3188 NetBT - ok
12:24:20.0906 3188 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:24:20.0906 3188 NetDDE - ok
12:24:20.0906 3188 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:24:20.0906 3188 NetDDEdsdm - ok
12:24:20.0937 3188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:24:20.0937 3188 Netlogon - ok
12:24:20.0953 3188 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:24:20.0953 3188 Netman - ok
12:24:20.0984 3188 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:21.0000 3188 NetTcpPortSharing - ok
12:24:21.0031 3188 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:24:21.0062 3188 Nla - ok
12:24:21.0062 3188 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:24:21.0062 3188 Npfs - ok
12:24:21.0125 3188 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:24:21.0140 3188 Ntfs - ok
12:24:21.0140 3188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:24:21.0140 3188 NtLmSsp - ok
12:24:21.0187 3188 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:24:21.0187 3188 NtmsSvc - ok
12:24:21.0218 3188 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:24:21.0234 3188 Null - ok
12:24:21.0265 3188 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:24:21.0265 3188 NwlnkFlt - ok
12:24:21.0265 3188 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:24:21.0281 3188 NwlnkFwd - ok
12:24:21.0421 3188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:24:21.0453 3188 odserv - ok
12:24:21.0500 3188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:21.0765 3188 ose - ok
12:24:21.0781 3188 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:24:21.0781 3188 Parport - ok
12:24:21.0781 3188 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:24:21.0796 3188 PartMgr - ok
12:24:21.0843 3188 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:24:21.0843 3188 ParVdm - ok
12:24:21.0859 3188 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:24:21.0859 3188 PCI - ok
12:24:21.0859 3188 PCIDump - ok
12:24:21.0859 3188 PCIIde - ok
12:24:21.0875 3188 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:24:21.0906 3188 Pcmcia - ok
12:24:21.0906 3188 PDCOMP - ok
12:24:21.0906 3188 PDFRAME - ok
12:24:21.0906 3188 PDRELI - ok
12:24:21.0906 3188 PDRFRAME - ok
12:24:21.0906 3188 perc2 - ok
12:24:21.0906 3188 perc2hib - ok
12:24:21.0937 3188 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:24:21.0953 3188 PlugPlay - ok
12:24:21.0953 3188 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:24:21.0968 3188 Pml Driver HPZ12 - ok
12:24:21.0968 3188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:24:21.0968 3188 PolicyAgent - ok
12:24:21.0984 3188 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:24:21.0984 3188 PptpMiniport - ok
12:24:21.0984 3188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:24:21.0984 3188 ProtectedStorage - ok
12:24:22.0000 3188 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:24:22.0000 3188 PSched - ok
12:24:22.0000 3188 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:24:22.0031 3188 Ptilink - ok
12:24:22.0078 3188 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:24:22.0078 3188 PxHelp20 - ok
12:24:22.0078 3188 ql1080 - ok
12:24:22.0093 3188 Ql10wnt - ok
12:24:22.0093 3188 ql12160 - ok
12:24:22.0093 3188 ql1240 - ok
12:24:22.0093 3188 ql1280 - ok
12:24:22.0140 3188 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:24:22.0156 3188 RasAcd - ok
12:24:22.0187 3188 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:24:22.0203 3188 RasAuto - ok
12:24:22.0218 3188 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:24:22.0234 3188 Rasl2tp - ok
12:24:22.0250 3188 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:24:22.0250 3188 RasMan - ok
12:24:22.0265 3188 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:24:22.0265 3188 RasPppoe - ok
12:24:22.0265 3188 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:24:22.0281 3188 Raspti - ok
12:24:22.0296 3188 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:24:22.0296 3188 Rdbss - ok
12:24:22.0312 3188 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:24:22.0312 3188 RDPCDD - ok
12:24:22.0359 3188 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:24:22.0375 3188 rdpdr - ok
12:24:22.0421 3188 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:24:22.0437 3188 RDPWD - ok
12:24:22.0453 3188 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:24:22.0453 3188 RDSessMgr - ok
12:24:22.0484 3188 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:24:22.0484 3188 redbook - ok
12:24:22.0546 3188 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:24:22.0562 3188 RemoteAccess - ok
12:24:22.0593 3188 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:24:22.0593 3188 RemoteRegistry - ok
12:24:22.0625 3188 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:24:22.0640 3188 RpcLocator - ok
12:24:22.0671 3188 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:24:22.0671 3188 RpcSs - ok
12:24:22.0703 3188 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:24:22.0703 3188 RSVP - ok
12:24:22.0750 3188 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:24:22.0765 3188 RTLE8023xp - ok
12:24:22.0781 3188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:24:22.0781 3188 SamSs - ok
12:24:22.0828 3188 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:24:22.0828 3188 SCardSvr - ok
12:24:22.0875 3188 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:24:22.0875 3188 Schedule - ok
12:24:22.0906 3188 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:24:22.0921 3188 Secdrv - ok
12:24:22.0968 3188 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:24:22.0968 3188 seclogon - ok
12:24:23.0046 3188 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:24:23.0046 3188 SENS - ok
12:24:23.0109 3188 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:24:23.0109 3188 serenum - ok
12:24:23.0109 3188 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:24:23.0156 3188 Serial - ok
12:24:23.0234 3188 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:24:23.0250 3188 Sfloppy - ok
12:24:23.0296 3188 [ 8C462BB87C58AE4C89473ED651843A90 ] SHDrv C:\WINDOWS\system32\drivers\shdrv.sys
12:24:23.0343 3188 SHDrv - ok
12:24:23.0406 3188 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:24:23.0406 3188 ShellHWDetection - ok
12:24:23.0718 3188 [ EDDBE4F2D062BD6ABD234B24A68D924E ] SHSrv C:\WINDOWS\system32\SHSrv.exe
12:24:23.0984 3188 SHSrv - ok
12:24:23.0984 3188 Simbad - ok
12:24:24.0046 3188 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:24:26.0046 3188 SkypeUpdate - ok
12:24:26.0078 3188 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:24:26.0078 3188 SLIP - ok
12:24:26.0078 3188 Sparrow - ok
12:24:26.0109 3188 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:24:26.0109 3188 splitter - ok
12:24:26.0171 3188 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:24:26.0187 3188 Spooler - ok
12:24:26.0218 3188 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:24:26.0218 3188 sr - ok
12:24:26.0250 3188 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:24:26.0250 3188 srservice - ok
12:24:26.0312 3188 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:24:26.0312 3188 Srv - ok
12:24:26.0359 3188 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:24:26.0359 3188 SSDPSRV - ok
12:24:26.0375 3188 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:24:26.0375 3188 stisvc - ok
12:24:26.0437 3188 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:24:26.0453 3188 stllssvr - ok
12:24:26.0453 3188 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:24:26.0468 3188 streamip - ok
12:24:26.0484 3188 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:24:26.0500 3188 swenum - ok
12:24:26.0546 3188 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:24:26.0625 3188 swmidi - ok
12:24:26.0625 3188 SwPrv - ok
12:24:26.0625 3188 symc810 - ok
12:24:26.0625 3188 symc8xx - ok
12:24:26.0640 3188 sym_hi - ok
12:24:26.0640 3188 sym_u3 - ok
12:24:26.0671 3188 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:24:26.0671 3188 sysaudio - ok
12:24:26.0718 3188 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:24:26.0734 3188 SysmonLog - ok
12:24:26.0765 3188 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:24:26.0765 3188 TapiSrv - ok
12:24:26.0781 3188 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:24:26.0796 3188 Tcpip - ok
12:24:26.0828 3188 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:24:26.0843 3188 TDPIPE - ok
12:24:26.0843 3188 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:24:26.0859 3188 TDTCP - ok
12:24:26.0875 3188 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:24:26.0890 3188 TermDD - ok
12:24:26.0890 3188 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:24:26.0906 3188 TermService - ok
12:24:26.0906 3188 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:24:26.0906 3188 Themes - ok
12:24:26.0953 3188 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:24:26.0953 3188 TlntSvr - ok
12:24:26.0953 3188 TosIde - ok
12:24:26.0968 3188 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:24:26.0968 3188 TrkWks - ok
12:24:26.0984 3188 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:24:27.0000 3188 Udfs - ok
12:24:27.0000 3188 ultra - ok
12:24:27.0031 3188 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:24:27.0046 3188 Update - ok
12:24:27.0078 3188 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:24:27.0078 3188 upnphost - ok
12:24:27.0078 3188 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:24:27.0093 3188 UPS - ok
12:24:27.0109 3188 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:24:27.0125 3188 usbaudio - ok
12:24:27.0171 3188 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:24:27.0171 3188 usbccgp - ok
12:24:27.0234 3188 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:24:27.0250 3188 usbehci - ok
12:24:27.0250 3188 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:24:27.0250 3188 usbhub - ok
12:24:27.0265 3188 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:24:27.0265 3188 usbprint - ok
12:24:27.0296 3188 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:24:27.0296 3188 usbscan - ok
12:24:27.0296 3188 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:24:27.0312 3188 USBSTOR - ok
12:24:27.0328 3188 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:24:27.0343 3188 usbuhci - ok
12:24:27.0359 3188 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:24:27.0359 3188 VgaSave - ok
12:24:27.0375 3188 ViaIde - ok
12:24:27.0375 3188 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:24:27.0375 3188 VolSnap - ok
12:24:27.0500 3188 [ 60A886A6CF87D57AE74E7E8BEB948550 ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
12:24:27.0750 3188 vseamps - ok
12:24:27.0781 3188 [ BE3017030D08BB8C6599712F16D4C136 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
12:24:28.0031 3188 vsedsps - ok
12:24:28.0031 3188 [ AFB63012CCBC1CA047E1E212E33305EC ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
12:24:28.0296 3188 vseqrts - ok
12:24:28.0328 3188 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:24:28.0343 3188 VSS - ok
12:24:28.0640 3188 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
12:24:28.0687 3188 VX3000 - ok
12:24:28.0750 3188 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:24:28.0750 3188 W32Time - ok
12:24:28.0765 3188 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:24:28.0765 3188 Wanarp - ok
12:24:28.0765 3188 WDICA - ok
12:24:28.0781 3188 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:24:28.0796 3188 wdmaud - ok
12:24:28.0906 3188 [ F838C8F16BCE73BCE70D5D6928400125 ] WebAdvisor C:\Program Files\SafeCentral\WebAdvisor\WebAdvisor.exe
12:24:29.0500 3188 WebAdvisor - ok
12:24:29.0515 3188 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:24:29.0515 3188 WebClient - ok
12:24:29.0625 3188 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:24:29.0640 3188 winmgmt - ok
12:24:29.0718 3188 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:24:29.0765 3188 WinRM - ok
12:24:29.0812 3188 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:24:29.0812 3188 WmdmPmSN - ok
12:24:29.0843 3188 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:24:29.0843 3188 Wmi - ok
12:24:29.0875 3188 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:24:29.0906 3188 WmiApSrv - ok
12:24:29.0984 3188 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:24:30.0046 3188 WMPNetworkSvc - ok
12:24:30.0046 3188 WSearch - ok
12:24:30.0109 3188 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:24:30.0125 3188 WSTCODEC - ok
12:24:30.0140 3188 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:24:30.0156 3188 WudfPf - ok
12:24:30.0171 3188 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:24:30.0187 3188 WudfRd - ok
12:24:30.0203 3188 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:24:30.0203 3188 WudfSvc - ok
12:24:30.0265 3188 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:24:30.0265 3188 WZCSVC - ok
12:24:30.0281 3188 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:24:30.0296 3188 xmlprov - ok
12:24:30.0390 3188 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:24:30.0390 3188 YahooAUService - ok
12:24:30.0390 3188 ================ Scan global ===============================
12:24:30.0453 3188 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:24:30.0515 3188 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:24:30.0546 3188 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:24:30.0562 3188 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:24:30.0562 3188 [Global] - ok
12:24:30.0562 3188 ================ Scan MBR ==================================
12:24:30.0593 3188 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:24:30.0875 3188 \Device\Harddisk0\DR0 - ok
12:24:30.0875 3188 ================ Scan VBR ==================================
12:24:30.0875 3188 [ C5A95936C506EA64F8E3FCD53AABE6E8 ] \Device\Harddisk0\DR0\Partition1
12:24:30.0875 3188 \Device\Harddisk0\DR0\Partition1 - ok
12:24:30.0875 3188 ============================================================
12:24:30.0875 3188 Scan finished
12:24:30.0875 3188 ============================================================
12:24:30.0875 4560 Detected object count: 0
12:24:30.0875 4560 Actual detected object count: 0
12:24:47.0359 3556 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 12:25:58
-----------------------------
12:25:58.234 OS Version: Windows 5.1.2600 Service Pack 3
12:25:58.234 Number of processors: 2 586 0x170A
12:25:58.234 ComputerName: DAVID-DESKTOP UserName: David
12:25:59.921 Initialize success
12:40:56.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:40:56.671 Disk 0 Vendor: ST325031 CC44 Size: 238418MB BusType: 3
12:40:56.703 Disk 0 MBR read successfully
12:40:56.703 Disk 0 MBR scan
12:40:56.703 Disk 0 Windows XP default MBR code
12:40:56.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
12:40:56.890 Disk 0 scanning sectors +488263545
12:40:57.046 Disk 0 scanning C:\WINDOWS\system32\drivers
12:41:09.750 Service scanning
12:41:27.531 Modules scanning
12:41:36.906 Disk 0 trace - called modules:
12:41:36.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:41:36.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4a3030]
12:41:36.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89ee3028]
12:41:37.062 Scan finished successfully
13:24:26.328 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:24:26.343 The log file has been saved successfully to "E:\aswMBR.txt"


ESET:

C:\WINDOWS\Installer\{3df268c5-3e21-3a61-4ca1-9a0cee1327c0}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{3df268c5-3e21-3a61-4ca1-9a0cee1327c0}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{3df268c5-3e21-3a61-4ca1-9a0cee1327c0}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3df268c5-3e21-3a61-4ca1-9a0cee1327c0}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 29 August 2012 - 02:17 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 06:44 PM

Malware-Bytes came up clean

Here are the scans:

MiniToolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 29-08-2012 at 19:34:46
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : david-desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-24-E8-0C-99-3B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.10.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.10.1

DHCP Server . . . . . . . . . . . : 10.1.10.1

DNS Servers . . . . . . . . . . . : 10.1.10.1

Lease Obtained. . . . . . . . . . : Wednesday, August 29, 2012 6:02:24 PM

Lease Expires . . . . . . . . . . : Wednesday, September 05, 2012 6:02:24 PM

Server: UnKnown
Address: 10.1.10.1

Name: google.com
Addresses: 173.194.43.36, 173.194.43.46, 173.194.43.39, 173.194.43.32
173.194.43.34, 173.194.43.35, 173.194.43.33, 173.194.43.40, 173.194.43.41
173.194.43.38, 173.194.43.37



Pinging google.com [173.194.43.37] with 32 bytes of data:



Reply from 173.194.43.37: bytes=32 time=20ms TTL=54

Reply from 173.194.43.37: bytes=32 time=19ms TTL=54



Ping statistics for 173.194.43.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Server: UnKnown
Address: 10.1.10.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=58ms TTL=49

Reply from 98.138.253.109: bytes=32 time=59ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 59ms, Average = 58ms

Server: UnKnown
Address: 10.1.10.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 e8 0c 99 3b ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.13 20
10.1.10.0 255.255.255.0 10.1.10.13 10.1.10.13 20
10.1.10.13 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.10.13 10.1.10.13 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.10.13 10.1.10.13 20
255.255.255.255 255.255.255.255 10.1.10.13 10.1.10.13 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/29/2012 06:04:52 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006afc.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (08/29/2012 04:12:29 PM) (Source: Application Error) (User: )
Description: Faulting application hpwucli.exe, version 5.0.9.0, faulting module hpwucli.exe, version 5.0.9.0, fault address 0x00009b66.
Processing media-specific event for [hpwucli.exe!ws!]

Error: (08/29/2012 11:42:53 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006afc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/29/2012 11:07:06 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/28/2012 09:21:52 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/27/2012 07:56:37 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/26/2012 03:18:02 PM) (Source: Application Error) (User: )
Description: Fault bucket -1847693897.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/26/2012 03:17:33 PM) (Source: Application Error) (User: )
Description: Faulting application WebAdvisor.exe, version 0.0.0.0, faulting module WebAdvisor.exe, version 0.0.0.0, fault address 0x001811b0.
Processing media-specific event for [WebAdvisor.exe!ws!]

Error: (08/26/2012 03:17:22 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (08/29/2012 06:06:29 PM) (Source: DCOM) (User: DAVID-DESKTOP)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/29/2012 06:04:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/29/2012 11:08:46 AM) (Source: DCOM) (User: DAVID-DESKTOP)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2012 09:25:26 AM) (Source: DCOM) (User: DAVID-DESKTOP)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/25/2012 10:49:36 PM) (Source: Service Control Manager) (User: )
Description: The vseamps service failed to start due to the following error:
%%1053

Error: (08/25/2012 10:49:36 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the vseamps service to connect.

Error: (08/25/2012 10:49:36 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/25/2012 03:19:49 PM) (Source: DCOM) (User: DAVID-DESKTOP)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/25/2012 03:18:49 PM) (Source: Service Control Manager) (User: )
Description: The vseamps service failed to start due to the following error:
%%1053

Error: (08/25/2012 03:18:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the vseamps service to connect.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AiO_Scan (Version: 40.0.105.000)
AIOMinimal (Version: 40.0.105.000)
AiOSoftware (Version: 40.0.105.000)
Authentium Secure Desktop Plugins (Version: 1.0.0.1307)
Authentium Updater (Version: 5.1.0)
AVSDK5 (Version: 5.3.14)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
CCleaner (Version: 3.21)
Command Anti-Malware (Version: 5.1.16)
Copy (Version: 5.35.0.065)
Coupon Printer for Windows (Version: 5.0.0.0)
CreativeProjects (Version: 5.35.0.059)
Dell Resource CD (Version: 1.00.0000)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DocProc (Version: 3.5.0.0)
ESET Online Scanner v3
Fax (Version: 40.0.105.000)
GPBaseService2 (Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Image Zone 3.5 (Version: 3.5)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP PSC & OfficeJet 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
hpmdtab (Version: 2.0.479.1607)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 3.5.0.21)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 140.0.212.000)
Memories Disc Creator 2.0 (Version: 2.0.479.1607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
Overland (Version: 2.1.4)
PhotoGallery (Version: 5.35.0.059)
PowerDVD DX (Version: 8.2.5024)
PrintScreen (Version: 5.35.0.035)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 5.35.0.047)
QuickTransfer (Version: 140.0.98.000)
Readme (Version: 40.0.105.000)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0001)
Realtek High Definition Audio Driver (Version: 5.10.0.5678)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
SafeCentral
SafeCentral Browser (Version: 3.60.170.001)
SafeCentral Secure Desktop (Version: 3.0.0.2711)
SafeCentral Updater (Version: 1.0.0.2710)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
SkinsHP1 (Version: 5.35.0.043)
SkinsHP2 (Version: 5.35.0.043)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Status (Version: 140.0.212.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
TSX Core (Version: 2.0.0.177)
Unload (Version: 3.5.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3036.91 MB
Available physical RAM: 2007.39 MB
Total Pagefile: 4922.3 MB
Available Pagefile: 4079.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.82 GB) (Free:216.26 GB) NTFS
3 Drive e: (TRAVELDRIVE) (Removable) (Total:0.23 GB) (Free:0.2 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-DESKTOP

Administrator ASPNET David
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 29-08-2012 at 19:36:21
Running from "C:\NHCS Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2008-04-13 19:00] - [2008-04-13 19:00] - 0039424 ____A (Microsoft Corporation) 82E4B2260CBE150912EE619C98EF8252

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****



adwcleaner:

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 19:36:57
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - DAVID-DESKTOP
# Boot Mode : Normal
# Running from : C:\NHCS Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\31cqujs6.default\prefs.js

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\31cqujs6.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [861 octets] - [29/08/2012 19:36:57]

########## EOF - C:\AdwCleaner[S1].txt - [988 octets] ##########


Thanks

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 29 August 2012 - 06:48 PM

Download

wscsvc
Sharedaccess
BITS
wuauserv

Launch them,click YES

Restart the PC,post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 07:42 PM

Here's the latest scans

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 29-08-2012 at 20:30:35
Running from "C:\NHCS Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2008-04-13 19:00] - [2008-04-13 19:00] - 0039424 ____A (Microsoft Corporation) 82E4B2260CBE150912EE619C98EF8252

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


rkill:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2012 08:31:54 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

* atapi [Missing ImagePath]

* sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\svchost.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\svchost.exe : 39,424 : 04/13/2008 07:00 PM : 82e4b2260cbe150912ee619c98ef8252 [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 544,768 : 04/13/2008 07:00 PM : 0b1df5bfbbe448171c15bebe81464ee4 [Pos Repl]

* C:\WINDOWS\explorer.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,058,304 : 04/13/2008 07:00 PM : 89e6793404cbbac0a564505880e3332f [Pos Repl]

Program finished at: 08/29/2012 08:33:34 PM
Execution time: 0 hours(s), 1 minute(s), and 39 seconds(s)


Thanks for your help

#8 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 07:47 PM

Malwarebytes Anti-Malware is now popping up a message that it successfully blocked access to a potentially malicious website: 206.161.121.3 Type: Outgoing.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 29 August 2012 - 08:36 PM

C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe

Copy all these files to desktop

Go to

https://www.virustotal.com/

Click on CHOOSE FILE

Browse to desktop and upload these files one by one

Post the generated report link here

#10 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 August 2012 - 08:58 PM

I'm hoping this is what you wanted:

https://www.virustotal.com/file/27ed23684efdeb3ac342e2ab7a3320fb21b6721519239edfa9e764b3778fc934/analysis/1346291201/

https://www.virustotal.com/file/4be8748d6c9a526f3a265dcb92432f4427252af7e131d4b602118706b030277f/analysis/1346291639/

https://www.virustotal.com/file/f47e59017da57d67d5c82bb597cb2c94736b327df97105613d89e4baf54cce59/analysis/1346291696/

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 29 August 2012 - 09:12 PM

Run RKILL after reboot and post the new log

Edited by narenxp, 30 August 2012 - 09:26 AM.


#12 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 30 August 2012 - 09:13 AM

New rkill log:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 10:08:17 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\system32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\System32\svchost.exe
* C:\WINDOWS\system32\svchost.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

* atapi [Missing ImagePath]

* sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\svchost.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\svchost.exe : 39,424 : 04/13/2008 07:00 PM : 82e4b2260cbe150912ee619c98ef8252 [Pos Repl]

* C:\WINDOWS\System32\winlogon.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\winlogon.exe : 544,768 : 04/13/2008 07:00 PM : 0b1df5bfbbe448171c15bebe81464ee4 [Pos Repl]

* C:\WINDOWS\explorer.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,058,304 : 04/13/2008 07:00 PM : 89e6793404cbbac0a564505880e3332f [Pos Repl]

Program finished at: 08/30/2012 10:09:36 AM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)


Malwarebytes is now reported blocking an outgoing connection to 112.175.243.21. That was before I ran rkill.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 30 August 2012 - 09:27 AM

That failed to replace the files

svchost.exe,winlogon.exe,explorer.exe all the three files are infected

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#14 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 30 August 2012 - 09:34 AM

it's also reporting it now after I ran rkill

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:34 AM

Posted 30 August 2012 - 09:36 AM

Check my previous instructions :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users