Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic29.GJG / What do I do to remove it?


  • Please log in to reply
9 replies to this topic

#1 gman3183

gman3183

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 31 August 2012 - 11:20 PM

Hello,I'm having issues with Trojan Horse Generic29.GJG Computer is very slow. I ran AVG and the problem is C:\Windows\system32\svchost.exe (992):\memory_001a0000 Different times I conduct the scan the 992 changes to another number. Anyone had luck removing it? Any help would be appreciated. Thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 01 September 2012 - 02:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 gman3183

gman3183
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 September 2012 - 01:54 AM

Thank you. I have the Logs titled and listed before for each. With the TDSS Killer i rebooted the computer is that ok? With the ASWMBR I conducted the quick scan. Did I need to do the full scan?

1. TDSS Killer Log:

23:36:26.0281 1592 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:36:26.0625 1592 ============================================================
23:36:26.0625 1592 Current date / time: 2012/09/01 23:36:26.0625
23:36:26.0625 1592 SystemInfo:
23:36:26.0625 1592
23:36:26.0625 1592 OS Version: 5.1.2600 ServicePack: 3.0
23:36:26.0625 1592 Product type: Workstation
23:36:26.0625 1592 ComputerName: DELL1
23:36:26.0625 1592 UserName: Owner
23:36:26.0625 1592 Windows directory: C:\WINDOWS
23:36:26.0625 1592 System windows directory: C:\WINDOWS
23:36:26.0625 1592 Processor architecture: Intel x86
23:36:26.0625 1592 Number of processors: 1
23:36:26.0625 1592 Page size: 0x1000
23:36:26.0625 1592 Boot type: Safe boot with network
23:36:26.0625 1592 ============================================================
23:36:28.0078 1592 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:36:28.0078 1592 ============================================================
23:36:28.0078 1592 \Device\Harddisk0\DR0:
23:36:28.0078 1592 MBR partitions:
23:36:28.0078 1592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:36:28.0078 1592 ============================================================
23:36:28.0125 1592 C: <-> \Device\Harddisk0\DR0\Partition1
23:36:28.0125 1592 ============================================================
23:36:28.0140 1592 Initialize success
23:36:28.0140 1592 ============================================================
23:38:11.0312 0380 ============================================================
23:38:11.0312 0380 Scan started
23:38:11.0312 0380 Mode: Manual; TDLFS;
23:38:11.0312 0380 ============================================================
23:38:11.0687 0380 ================ Scan system memory ========================
23:38:11.0687 0380 System memory - ok
23:38:11.0703 0380 ================ Scan services =============================
23:38:11.0953 0380 Abiosdsk - ok
23:38:12.0000 0380 abp480n5 - ok
23:38:12.0109 0380 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
23:38:12.0109 0380 ac97intc - ok
23:38:12.0203 0380 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:38:12.0203 0380 ACPI - ok
23:38:12.0281 0380 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:38:12.0281 0380 ACPIEC - ok
23:38:12.0468 0380 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:38:12.0484 0380 AdobeFlashPlayerUpdateSvc - ok
23:38:12.0531 0380 adpu160m - ok
23:38:12.0625 0380 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:38:12.0625 0380 aec - ok
23:38:12.0718 0380 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:38:12.0718 0380 AFD - ok
23:38:12.0781 0380 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:38:12.0781 0380 agp440 - ok
23:38:12.0828 0380 Aha154x - ok
23:38:12.0859 0380 aic78u2 - ok
23:38:12.0906 0380 aic78xx - ok
23:38:12.0968 0380 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:38:12.0984 0380 Alerter - ok
23:38:13.0031 0380 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:38:13.0031 0380 ALG - ok
23:38:13.0062 0380 AliIde - ok
23:38:13.0109 0380 amsint - ok
23:38:13.0140 0380 AppMgmt - ok
23:38:13.0187 0380 asc - ok
23:38:13.0234 0380 asc3350p - ok
23:38:13.0281 0380 asc3550 - ok
23:38:13.0437 0380 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:38:13.0468 0380 aspnet_state - ok
23:38:13.0546 0380 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:38:13.0546 0380 AsyncMac - ok
23:38:13.0625 0380 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:38:13.0625 0380 atapi - ok
23:38:13.0687 0380 Atdisk - ok
23:38:13.0765 0380 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:38:13.0765 0380 Atmarpc - ok
23:38:13.0812 0380 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:38:13.0812 0380 AudioSrv - ok
23:38:13.0875 0380 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:38:13.0875 0380 audstub - ok
23:38:14.0234 0380 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
23:38:14.0468 0380 AVGIDSAgent - ok
23:38:14.0546 0380 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
23:38:14.0562 0380 AVGIDSDriver - ok
23:38:14.0640 0380 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
23:38:14.0640 0380 AVGIDSFilter - ok
23:38:14.0703 0380 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
23:38:14.0703 0380 AVGIDSHX - ok
23:38:14.0781 0380 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
23:38:14.0781 0380 AVGIDSShim - ok
23:38:14.0843 0380 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:38:14.0859 0380 Avgldx86 - ok
23:38:14.0906 0380 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:38:14.0906 0380 Avgmfx86 - ok
23:38:15.0000 0380 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:38:15.0000 0380 Avgrkx86 - ok
23:38:15.0093 0380 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:38:15.0109 0380 Avgtdix - ok
23:38:15.0187 0380 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:38:15.0187 0380 avgtp - ok
23:38:15.0281 0380 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:38:15.0296 0380 avgwd - ok
23:38:15.0375 0380 [ 9372CC48814A17E67C28945EB4ACC189 ] basic2 C:\WINDOWS\system32\DRIVERS\basic2.sys
23:38:15.0390 0380 basic2 - ok
23:38:15.0500 0380 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:38:15.0500 0380 Beep - ok
23:38:15.0750 0380 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120823.005\BHDrvx86.sys
23:38:15.0843 0380 BHDrvx86 - ok
23:38:15.0937 0380 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:38:16.0031 0380 BITS - ok
23:38:16.0125 0380 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
23:38:16.0125 0380 Browser - ok
23:38:16.0203 0380 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:38:16.0203 0380 cbidf2k - ok
23:38:16.0312 0380 ccSet_NAV - ok
23:38:16.0359 0380 cd20xrnt - ok
23:38:16.0437 0380 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:38:16.0453 0380 Cdaudio - ok
23:38:16.0531 0380 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:38:16.0546 0380 Cdfs - ok
23:38:16.0640 0380 [ 4AC2E023B8BBEE458816D30DB0BF149A ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
23:38:16.0656 0380 Cdr4_xp - ok
23:38:16.0687 0380 [ 7E56D7AB50E08B393B640C0BE898C752 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
23:38:16.0703 0380 Cdralw2k - ok
23:38:16.0750 0380 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:38:16.0765 0380 Cdrom - ok
23:38:16.0828 0380 Changer - ok
23:38:16.0890 0380 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
23:38:16.0890 0380 cisvc - ok
23:38:16.0937 0380 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:38:16.0937 0380 ClipSrv - ok
23:38:17.0015 0380 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:38:17.0125 0380 clr_optimization_v2.0.50727_32 - ok
23:38:17.0171 0380 CmdIde - ok
23:38:17.0218 0380 COMSysApp - ok
23:38:17.0312 0380 Cpqarray - ok
23:38:17.0484 0380 cpuz132 - ok
23:38:17.0546 0380 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:38:17.0562 0380 CryptSvc - ok
23:38:17.0609 0380 dac2w2k - ok
23:38:17.0656 0380 dac960nt - ok
23:38:17.0734 0380 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:38:17.0765 0380 DcomLaunch - ok
23:38:17.0843 0380 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:38:17.0859 0380 Dhcp - ok
23:38:17.0921 0380 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:38:17.0921 0380 Disk - ok
23:38:17.0968 0380 dlcc_device - ok
23:38:18.0015 0380 dmadmin - ok
23:38:18.0109 0380 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:38:18.0140 0380 dmboot - ok
23:38:18.0218 0380 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:38:18.0234 0380 dmio - ok
23:38:18.0296 0380 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:38:18.0296 0380 dmload - ok
23:38:18.0390 0380 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:38:18.0390 0380 dmserver - ok
23:38:18.0500 0380 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:38:18.0515 0380 DMusic - ok
23:38:18.0562 0380 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:38:18.0578 0380 Dnscache - ok
23:38:18.0656 0380 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:38:18.0656 0380 Dot3svc - ok
23:38:18.0703 0380 dpti2o - ok
23:38:18.0781 0380 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:38:18.0796 0380 drmkaud - ok
23:38:18.0875 0380 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:38:18.0890 0380 EapHost - ok
23:38:19.0000 0380 [ FCE87BA643D5E9A8B6E0378508D1B22D ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:38:19.0015 0380 eeCtrl - ok
23:38:19.0109 0380 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:38:19.0109 0380 ERSvc - ok
23:38:19.0187 0380 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:38:19.0203 0380 Eventlog - ok
23:38:19.0296 0380 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
23:38:19.0312 0380 EventSystem - ok
23:38:19.0390 0380 [ 9EA76A7F28CD968F8ADC709E479F23B2 ] Fallback C:\WINDOWS\system32\DRIVERS\fallback.sys
23:38:19.0421 0380 Fallback - ok
23:38:19.0515 0380 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:38:19.0515 0380 Fastfat - ok
23:38:19.0609 0380 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:38:19.0609 0380 FastUserSwitchingCompatibility - ok
23:38:19.0687 0380 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:38:19.0703 0380 Fdc - ok
23:38:19.0781 0380 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:38:19.0781 0380 Fips - ok
23:38:19.0875 0380 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:38:19.0875 0380 Flpydisk - ok
23:38:19.0906 0380 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:38:19.0921 0380 FltMgr - ok
23:38:20.0015 0380 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:38:20.0031 0380 FontCache3.0.0.0 - ok
23:38:20.0078 0380 [ B7B262D0431374F3AFD1349E35B368D9 ] Fsks C:\WINDOWS\system32\DRIVERS\fsksnt.sys
23:38:20.0093 0380 Fsks - ok
23:38:20.0156 0380 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:38:20.0156 0380 Fs_Rec - ok
23:38:20.0234 0380 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:38:20.0234 0380 Ftdisk - ok
23:38:20.0296 0380 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:38:20.0296 0380 Gpc - ok
23:38:20.0453 0380 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:38:20.0468 0380 helpsvc - ok
23:38:20.0515 0380 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:38:20.0531 0380 HidServ - ok
23:38:20.0593 0380 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:38:20.0609 0380 HidUsb - ok
23:38:20.0671 0380 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:38:20.0671 0380 hkmsvc - ok
23:38:20.0703 0380 hpn - ok
23:38:20.0859 0380 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:38:20.0875 0380 hpqcxs08 - ok
23:38:20.0953 0380 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:38:20.0968 0380 hpqddsvc - ok
23:38:21.0015 0380 hpt3xx - ok
23:38:21.0093 0380 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:38:21.0093 0380 HPZid412 - ok
23:38:21.0156 0380 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:38:21.0156 0380 HPZipr12 - ok
23:38:21.0218 0380 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:38:21.0218 0380 HPZius12 - ok
23:38:21.0328 0380 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
23:38:21.0343 0380 HSFHWBS2 - ok
23:38:21.0453 0380 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
23:38:21.0531 0380 HSF_DP - ok
23:38:21.0609 0380 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
23:38:21.0640 0380 hsf_msft - ok
23:38:21.0734 0380 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:38:21.0765 0380 HTTP - ok
23:38:21.0890 0380 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:38:21.0890 0380 HTTPFilter - ok
23:38:21.0937 0380 i2omgmt - ok
23:38:21.0984 0380 i2omp - ok
23:38:22.0062 0380 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:38:22.0062 0380 i8042prt - ok
23:38:22.0171 0380 [ 4755DB407CECCD6B91F4B683C3197187 ] IdeBusDr C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
23:38:22.0171 0380 IdeBusDr - ok
23:38:22.0234 0380 [ B5E01B50B08B440018F437AEBED0BCCF ] IdeChnDr C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
23:38:22.0234 0380 IdeChnDr - ok
23:38:22.0375 0380 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:38:22.0421 0380 idsvc - ok
23:38:22.0562 0380 [ 46813C427BF1A937E6F7D1243399B608 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120828.001\IDSxpx86.sys
23:38:22.0578 0380 IDSxpx86 - ok
23:38:22.0656 0380 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:38:22.0656 0380 Imapi - ok
23:38:22.0734 0380 [ E3FCAEDB786EADB9D3983DE60AE57946 ] ImapiService C:\WINDOWS\System32\ImapiRox.exe
23:38:22.0750 0380 ImapiService - ok
23:38:22.0765 0380 ini910u - ok
23:38:22.0828 0380 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:38:22.0843 0380 IntelIde - ok
23:38:22.0875 0380 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:38:22.0875 0380 ip6fw - ok
23:38:22.0921 0380 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:38:22.0921 0380 IpFilterDriver - ok
23:38:22.0968 0380 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:38:22.0984 0380 IpInIp - ok
23:38:23.0015 0380 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:38:23.0015 0380 IpNat - ok
23:38:23.0093 0380 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:38:23.0109 0380 IPSec - ok
23:38:23.0187 0380 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:38:23.0187 0380 IRENUM - ok
23:38:23.0265 0380 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:38:23.0265 0380 isapnp - ok
23:38:23.0437 0380 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:38:23.0453 0380 JavaQuickStarterService - ok
23:38:23.0531 0380 [ A4E3277398C8ABA999483D4C658C9696 ] K56 C:\WINDOWS\system32\DRIVERS\k56nt.sys
23:38:23.0546 0380 K56 - ok
23:38:23.0609 0380 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:38:23.0609 0380 Kbdclass - ok
23:38:23.0687 0380 [ 24BB6CA00ED8C91DAE2FD13E5F6EEC39 ] KLSIENET C:\WINDOWS\system32\DRIVERS\usb101et.sys
23:38:23.0718 0380 KLSIENET - ok
23:38:23.0781 0380 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:38:23.0781 0380 kmixer - ok
23:38:23.0875 0380 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:38:23.0875 0380 KSecDD - ok
23:38:23.0968 0380 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:38:23.0968 0380 lanmanserver - ok
23:38:24.0062 0380 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:38:24.0062 0380 lanmanworkstation - ok
23:38:24.0109 0380 lbrtfdc - ok
23:38:24.0250 0380 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:38:24.0265 0380 LmHosts - ok
23:38:24.0328 0380 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:38:24.0343 0380 mdmxsdk - ok
23:38:24.0406 0380 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:38:24.0406 0380 Messenger - ok
23:38:24.0484 0380 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:38:24.0484 0380 mnmdd - ok
23:38:24.0578 0380 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:38:24.0578 0380 mnmsrvc - ok
23:38:24.0640 0380 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:38:24.0640 0380 Modem - ok
23:38:24.0687 0380 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:38:24.0687 0380 MODEMCSA - ok
23:38:24.0734 0380 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:38:24.0734 0380 Mouclass - ok
23:38:24.0781 0380 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:38:24.0781 0380 MountMgr - ok
23:38:24.0828 0380 mraid35x - ok
23:38:24.0906 0380 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:38:24.0906 0380 MRxDAV - ok
23:38:25.0000 0380 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:38:25.0015 0380 MRxSmb - ok
23:38:25.0093 0380 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:38:25.0109 0380 MSDTC - ok
23:38:25.0187 0380 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:38:25.0187 0380 Msfs - ok
23:38:25.0250 0380 MSIServer - ok
23:38:25.0296 0380 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:38:25.0312 0380 MSKSSRV - ok
23:38:25.0375 0380 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:38:25.0375 0380 MSPCLOCK - ok
23:38:25.0437 0380 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:38:25.0437 0380 MSPQM - ok
23:38:25.0500 0380 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:38:25.0500 0380 mssmbios - ok
23:38:25.0546 0380 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:38:25.0546 0380 Mup - ok
23:38:25.0625 0380 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:38:25.0640 0380 napagent - ok
23:38:25.0718 0380 NAV - ok
23:38:25.0843 0380 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120828.034\NAVENG.SYS
23:38:25.0843 0380 NAVENG - ok
23:38:26.0000 0380 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120828.034\NAVEX15.SYS
23:38:26.0062 0380 NAVEX15 - ok
23:38:26.0140 0380 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:38:26.0156 0380 NDIS - ok
23:38:26.0218 0380 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:38:26.0218 0380 NdisTapi - ok
23:38:26.0296 0380 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:38:26.0296 0380 Ndisuio - ok
23:38:26.0390 0380 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:38:26.0390 0380 NdisWan - ok
23:38:26.0468 0380 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:38:26.0468 0380 NDProxy - ok
23:38:26.0609 0380 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:38:26.0609 0380 Net Driver HPZ12 - ok
23:38:26.0656 0380 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:38:26.0656 0380 NetBIOS - ok
23:38:26.0734 0380 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:38:26.0750 0380 NetBT - ok
23:38:26.0812 0380 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:38:26.0812 0380 NetDDE - ok
23:38:26.0843 0380 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:38:26.0859 0380 NetDDEdsdm - ok
23:38:26.0921 0380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
23:38:26.0921 0380 Netlogon - ok
23:38:27.0000 0380 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:38:27.0015 0380 Netman - ok
23:38:27.0125 0380 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:38:27.0125 0380 NetTcpPortSharing - ok
23:38:27.0203 0380 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:38:27.0218 0380 Nla - ok
23:38:27.0281 0380 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:38:27.0281 0380 Npfs - ok
23:38:27.0359 0380 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:38:27.0390 0380 Ntfs - ok
23:38:27.0453 0380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:38:27.0468 0380 NtLmSsp - ok
23:38:27.0562 0380 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:38:27.0593 0380 NtmsSvc - ok
23:38:27.0656 0380 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:38:27.0656 0380 Null - ok
23:38:27.0796 0380 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:38:27.0875 0380 nv - ok
23:38:27.0984 0380 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
23:38:28.0031 0380 nv4 - ok
23:38:28.0078 0380 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:38:28.0093 0380 NVSvc - ok
23:38:28.0156 0380 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:38:28.0156 0380 NwlnkFlt - ok
23:38:28.0218 0380 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:38:28.0218 0380 NwlnkFwd - ok
23:38:28.0296 0380 [ E1E54131462B63EFEFAF14ACA8E4012B ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
23:38:28.0296 0380 OMCI - ok
23:38:28.0453 0380 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:38:28.0453 0380 ose - ok
23:38:28.0531 0380 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:38:28.0578 0380 Parport - ok
23:38:28.0625 0380 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:38:28.0625 0380 PartMgr - ok
23:38:28.0703 0380 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:38:28.0703 0380 ParVdm - ok
23:38:28.0781 0380 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:38:28.0781 0380 PCI - ok
23:38:28.0828 0380 PCIDump - ok
23:38:28.0875 0380 PCIIde - ok
23:38:28.0953 0380 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:38:28.0968 0380 Pcmcia - ok
23:38:29.0015 0380 PDCOMP - ok
23:38:29.0062 0380 PDFRAME - ok
23:38:29.0125 0380 PDRELI - ok
23:38:29.0171 0380 PDRFRAME - ok
23:38:29.0218 0380 perc2 - ok
23:38:29.0265 0380 perc2hib - ok
23:38:29.0421 0380 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:38:29.0421 0380 PlugPlay - ok
23:38:29.0484 0380 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:38:29.0484 0380 Pml Driver HPZ12 - ok
23:38:29.0515 0380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
23:38:29.0515 0380 PolicyAgent - ok
23:38:29.0593 0380 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:38:29.0593 0380 PptpMiniport - ok
23:38:29.0640 0380 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:38:29.0640 0380 Processor - ok
23:38:29.0671 0380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:38:29.0671 0380 ProtectedStorage - ok
23:38:29.0718 0380 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:38:29.0750 0380 PSched - ok
23:38:29.0812 0380 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:38:29.0812 0380 Ptilink - ok
23:38:29.0859 0380 ql1080 - ok
23:38:29.0890 0380 Ql10wnt - ok
23:38:29.0937 0380 ql12160 - ok
23:38:29.0984 0380 ql1240 - ok
23:38:30.0031 0380 ql1280 - ok
23:38:30.0078 0380 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:38:30.0078 0380 RasAcd - ok
23:38:30.0156 0380 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:38:30.0171 0380 RasAuto - ok
23:38:30.0218 0380 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:38:30.0218 0380 Rasl2tp - ok
23:38:30.0296 0380 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:38:30.0312 0380 RasMan - ok
23:38:30.0359 0380 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:38:30.0359 0380 RasPppoe - ok
23:38:30.0406 0380 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:38:30.0406 0380 Raspti - ok
23:38:30.0484 0380 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:38:30.0484 0380 Rdbss - ok
23:38:30.0546 0380 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:38:30.0546 0380 RDPCDD - ok
23:38:30.0703 0380 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:38:30.0703 0380 RDPWD - ok
23:38:30.0781 0380 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:38:30.0796 0380 RDSessMgr - ok
23:38:30.0875 0380 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:38:30.0875 0380 redbook - ok
23:38:30.0953 0380 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:38:30.0968 0380 RemoteAccess - ok
23:38:31.0015 0380 [ 4C35E57300A2DC5932A8E29EFA527C32 ] Rksample C:\WINDOWS\system32\DRIVERS\rksample.sys
23:38:31.0015 0380 Rksample - ok
23:38:31.0109 0380 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
23:38:31.0109 0380 RpcLocator - ok
23:38:31.0203 0380 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:38:31.0203 0380 RpcSs - ok
23:38:31.0312 0380 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:38:31.0328 0380 RSVP - ok
23:38:31.0375 0380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:38:31.0375 0380 SamSs - ok
23:38:31.0453 0380 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:38:31.0453 0380 SCardSvr - ok
23:38:31.0593 0380 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:38:31.0609 0380 Schedule - ok
23:38:31.0687 0380 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:38:31.0703 0380 Secdrv - ok
23:38:31.0796 0380 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:38:31.0796 0380 seclogon - ok
23:38:31.0890 0380 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:38:31.0890 0380 SENS - ok
23:38:31.0968 0380 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:38:31.0968 0380 serenum - ok
23:38:32.0062 0380 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:38:32.0078 0380 Serial - ok
23:38:32.0203 0380 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:38:32.0203 0380 Sfloppy - ok
23:38:32.0312 0380 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:38:32.0343 0380 SharedAccess - ok
23:38:32.0406 0380 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:38:32.0421 0380 ShellHWDetection - ok
23:38:32.0468 0380 Simbad - ok
23:38:32.0718 0380 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:38:32.0890 0380 Skype C2C Service - ok
23:38:33.0015 0380 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:38:33.0046 0380 SkypeUpdate - ok
23:38:33.0140 0380 [ BD3E236281547C681DFC7C947531B726 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
23:38:33.0156 0380 smwdm - ok
23:38:33.0234 0380 [ 413CFA795CAD19A010889DF0EC060408 ] SoftFax C:\WINDOWS\system32\DRIVERS\faxnt.sys
23:38:33.0250 0380 SoftFax - ok
23:38:33.0328 0380 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:38:33.0328 0380 SONYPVU1 - ok
23:38:33.0359 0380 Sparrow - ok
23:38:33.0406 0380 [ C11082C80723771C1979EACF7FDDE1C3 ] SpeakerPhone C:\WINDOWS\system32\DRIVERS\spkpnt.sys
23:38:33.0406 0380 SpeakerPhone - ok
23:38:33.0468 0380 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:38:33.0468 0380 splitter - ok
23:38:33.0546 0380 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:38:33.0546 0380 Spooler - ok
23:38:33.0625 0380 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:38:33.0640 0380 sr - ok
23:38:33.0734 0380 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
23:38:33.0750 0380 srservice - ok
23:38:33.0859 0380 SRTSP - ok
23:38:33.0906 0380 SRTSPX - ok
23:38:34.0000 0380 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:38:34.0015 0380 Srv - ok
23:38:34.0093 0380 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:38:34.0093 0380 SSDPSRV - ok
23:38:34.0187 0380 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:38:34.0203 0380 stisvc - ok
23:38:34.0281 0380 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:38:34.0281 0380 swenum - ok
23:38:34.0343 0380 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:38:34.0343 0380 swmidi - ok
23:38:34.0406 0380 SwPrv - ok
23:38:34.0468 0380 symc810 - ok
23:38:34.0531 0380 symc8xx - ok
23:38:34.0593 0380 SymDS - ok
23:38:34.0640 0380 SymEFA - ok
23:38:34.0734 0380 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:38:34.0765 0380 SymEvent - ok
23:38:34.0796 0380 SymIRON - ok
23:38:34.0859 0380 SYMTDI - ok
23:38:34.0906 0380 sym_hi - ok
23:38:34.0953 0380 sym_u3 - ok
23:38:35.0000 0380 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:38:35.0000 0380 sysaudio - ok
23:38:35.0062 0380 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:38:35.0062 0380 SysmonLog - ok
23:38:35.0140 0380 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:38:35.0156 0380 TapiSrv - ok
23:38:35.0250 0380 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:38:35.0281 0380 Tcpip - ok
23:38:35.0375 0380 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:38:35.0375 0380 TDPIPE - ok
23:38:35.0421 0380 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:38:35.0421 0380 TDTCP - ok
23:38:35.0468 0380 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:38:35.0468 0380 TermDD - ok
23:38:35.0546 0380 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:38:35.0562 0380 TermService - ok
23:38:35.0640 0380 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:38:35.0640 0380 Themes - ok
23:38:35.0687 0380 [ E0F10A379239B4FAB319C55A9CD6BC96 ] Tones C:\WINDOWS\system32\DRIVERS\tonesnt.sys
23:38:35.0703 0380 Tones - ok
23:38:35.0750 0380 TosIde - ok
23:38:35.0812 0380 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:38:35.0828 0380 TrkWks - ok
23:38:35.0921 0380 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:38:35.0921 0380 Udfs - ok
23:38:35.0968 0380 ultra - ok
23:38:36.0062 0380 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:38:36.0078 0380 Update - ok
23:38:36.0171 0380 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:38:36.0187 0380 upnphost - ok
23:38:36.0265 0380 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:38:36.0281 0380 UPS - ok
23:38:36.0406 0380 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:38:36.0406 0380 usbaudio - ok
23:38:36.0484 0380 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:38:36.0484 0380 usbccgp - ok
23:38:36.0531 0380 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:38:36.0531 0380 usbhub - ok
23:38:36.0609 0380 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:38:36.0609 0380 usbprint - ok
23:38:36.0687 0380 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:38:36.0687 0380 usbscan - ok
23:38:36.0765 0380 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:38:36.0781 0380 USBSTOR - ok
23:38:36.0859 0380 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:38:36.0875 0380 usbuhci - ok
23:38:36.0906 0380 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS_XP C:\WINDOWS\system32\DRIVERS\usb8023.sys
23:38:36.0937 0380 USB_RNDIS_XP - ok
23:38:37.0046 0380 [ 177B65899D418F8C8F037B20567A99D6 ] V124 C:\WINDOWS\system32\DRIVERS\v124nt.sys
23:38:37.0062 0380 V124 - ok
23:38:37.0140 0380 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:38:37.0156 0380 VgaSave - ok
23:38:37.0203 0380 ViaIde - ok
23:38:37.0250 0380 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:38:37.0250 0380 VolSnap - ok
23:38:37.0328 0380 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:38:37.0343 0380 VSS - ok
23:38:37.0515 0380 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
23:38:37.0546 0380 vToolbarUpdater12.2.0 - ok
23:38:37.0656 0380 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
23:38:37.0656 0380 W32Time - ok
23:38:37.0750 0380 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:38:37.0750 0380 Wanarp - ok
23:38:37.0812 0380 WDICA - ok
23:38:37.0875 0380 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:38:37.0875 0380 wdmaud - ok
23:38:37.0937 0380 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:38:37.0937 0380 WebClient - ok
23:38:38.0015 0380 [ A941AA38E3951058E584C4BBDDD56ED9 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:38:38.0031 0380 winachsf - ok
23:38:38.0187 0380 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:38:38.0203 0380 winmgmt - ok
23:38:38.0343 0380 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:38:38.0343 0380 WmdmPmSN - ok
23:38:38.0437 0380 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:38:38.0453 0380 WmiApSrv - ok
23:38:38.0593 0380 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:38:38.0625 0380 WMPNetworkSvc - ok
23:38:38.0703 0380 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:38:38.0718 0380 WS2IFSL - ok
23:38:38.0796 0380 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:38:38.0796 0380 wscsvc - ok
23:38:38.0859 0380 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:38:38.0890 0380 wuauserv - ok
23:38:38.0984 0380 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:38:39.0000 0380 WudfPf - ok
23:38:39.0062 0380 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:38:39.0078 0380 WudfSvc - ok
23:38:39.0171 0380 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:38:39.0218 0380 WZCSVC - ok
23:38:39.0281 0380 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:38:39.0296 0380 xmlprov - ok
23:38:39.0421 0380 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:38:39.0500 0380 YahooAUService - ok
23:38:39.0578 0380 ================ Scan global ===============================
23:38:39.0640 0380 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:38:39.0718 0380 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:38:39.0781 0380 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:38:39.0828 0380 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:38:39.0828 0380 [Global] - ok
23:38:39.0859 0380 ================ Scan MBR ==================================
23:38:39.0875 0380 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:38:39.0875 0380 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:38:39.0890 0380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:38:39.0890 0380 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:38:39.0921 0380 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:38:39.0921 0380 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:38:39.0968 0380 ================ Scan VBR ==================================
23:38:39.0984 0380 [ AA838D167AFED9F901C0A3EB7B8168EF ] \Device\Harddisk0\DR0\Partition1
23:38:39.0984 0380 \Device\Harddisk0\DR0\Partition1 - ok
23:38:40.0015 0380 ============================================================
23:38:40.0015 0380 Scan finished
23:38:40.0015 0380 ============================================================
23:38:40.0078 0344 Detected object count: 2
23:38:40.0078 0344 Actual detected object count: 2
23:45:11.0750 0344 \Device\Harddisk0\DR0\# - copied to quarantine
23:45:11.0750 0344 \Device\Harddisk0\DR0 - copied to quarantine
23:45:11.0765 0344 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:45:11.0796 0344 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:45:11.0812 0344 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:45:11.0812 0344 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:45:11.0828 0344 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:45:11.0828 0344 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:45:11.0843 0344 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:45:11.0843 0344 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:45:11.0875 0344 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:45:11.0906 0344 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:45:11.0953 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:45:11.0953 0344 \Device\Harddisk0\DR0 - ok
23:45:13.0015 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:45:13.0015 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:45:13.0015 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:48:45.0703 1332 Deinitialize success

2. aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 00:13:31
-----------------------------
00:13:31.078 OS Version: Windows 5.1.2600 Service Pack 3
00:13:31.078 Number of processors: 1 586 0x102
00:13:31.078 ComputerName: DELL1 UserName: Owner
00:13:31.453 Initialize success
00:17:27.953 AVAST engine defs: 12090101
00:17:54.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
00:17:54.687 Disk 0 Vendor: WDC_WD80 05.0 Size: 76319MB BusType: 3
00:17:54.718 Disk 0 MBR read successfully
00:17:54.734 Disk 0 MBR scan
00:17:54.828 Disk 0 Windows XP default MBR code
00:17:54.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
00:17:54.890 Disk 0 scanning sectors +156280320
00:17:54.984 Disk 0 scanning C:\WINDOWS\system32\drivers
00:18:14.703 Service scanning
00:18:42.031 Modules scanning
00:18:47.406 Disk 0 trace - called modules:
00:18:47.484 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IdeChnDr.sys
00:18:47.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f60030]
00:18:49.750 3 CLASSPNP.SYS[f86b6fd7] -> nt!IofCallDriver -> \Device\0000006c[0x82fccec0]
00:18:49.765 5 ACPI.sys[f862d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x82fcc030]
00:18:50.437 AVAST engine scan C:\WINDOWS
00:19:13.609 AVAST engine scan C:\WINDOWS\system32
00:23:23.218 AVAST engine scan C:\WINDOWS\system32\drivers
00:23:50.750 AVAST engine scan C:\Documents and Settings\Owner
00:32:05.359 AVAST engine scan C:\Documents and Settings\All Users
00:35:14.265 Scan finished successfully
00:36:21.625 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
00:36:21.656 The log file has been saved successfully to "C:\aswMBR.txt"

3. ESET Online Scanner:

C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_23.36.26\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache405916164104333610.tmp Java/Exploit.Agent.NDB trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 02 September 2012 - 07:58 AM

23:45:13.0015 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run TDSSkiller again and select DELETE

Post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 gman3183

gman3183
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 September 2012 - 01:21 PM

Thank You.

1. TDSKiller New Log:

10:49:57.0796 1892 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:49:58.0171 1892 ============================================================
10:49:58.0171 1892 Current date / time: 2012/09/02 10:49:58.0171
10:49:58.0171 1892 SystemInfo:
10:49:58.0171 1892
10:49:58.0171 1892 OS Version: 5.1.2600 ServicePack: 3.0
10:49:58.0171 1892 Product type: Workstation
10:49:58.0171 1892 ComputerName: DELL1
10:49:58.0171 1892 UserName: Owner
10:49:58.0171 1892 Windows directory: C:\WINDOWS
10:49:58.0171 1892 System windows directory: C:\WINDOWS
10:49:58.0171 1892 Processor architecture: Intel x86
10:49:58.0171 1892 Number of processors: 1
10:49:58.0171 1892 Page size: 0x1000
10:49:58.0171 1892 Boot type: Safe boot with network
10:49:58.0171 1892 ============================================================
10:49:58.0703 1892 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:49:58.0703 1892 ============================================================
10:49:58.0703 1892 \Device\Harddisk0\DR0:
10:49:58.0703 1892 MBR partitions:
10:49:58.0703 1892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
10:49:58.0703 1892 ============================================================
10:49:58.0750 1892 C: <-> \Device\Harddisk0\DR0\Partition1
10:49:58.0750 1892 ============================================================
10:49:58.0750 1892 Initialize success
10:49:58.0750 1892 ============================================================
10:50:13.0593 0264 ============================================================
10:50:13.0593 0264 Scan started
10:50:13.0593 0264 Mode: Manual; TDLFS;
10:50:13.0593 0264 ============================================================
10:50:13.0687 0264 ================ Scan system memory ========================
10:50:13.0687 0264 System memory - ok
10:50:13.0718 0264 ================ Scan services =============================
10:50:13.0906 0264 Abiosdsk - ok
10:50:13.0953 0264 abp480n5 - ok
10:50:14.0046 0264 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
10:50:14.0046 0264 ac97intc - ok
10:50:14.0109 0264 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:50:14.0125 0264 ACPI - ok
10:50:14.0187 0264 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:50:14.0187 0264 ACPIEC - ok
10:50:14.0312 0264 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:50:14.0312 0264 AdobeFlashPlayerUpdateSvc - ok
10:50:14.0375 0264 adpu160m - ok
10:50:14.0437 0264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:50:14.0453 0264 aec - ok
10:50:14.0531 0264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:50:14.0546 0264 AFD - ok
10:50:14.0609 0264 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:50:14.0609 0264 agp440 - ok
10:50:14.0656 0264 Aha154x - ok
10:50:14.0703 0264 aic78u2 - ok
10:50:14.0750 0264 aic78xx - ok
10:50:14.0812 0264 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:50:14.0812 0264 Alerter - ok
10:50:14.0875 0264 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:50:14.0875 0264 ALG - ok
10:50:14.0937 0264 AliIde - ok
10:50:15.0000 0264 amsint - ok
10:50:15.0046 0264 AppMgmt - ok
10:50:15.0093 0264 asc - ok
10:50:15.0140 0264 asc3350p - ok
10:50:15.0203 0264 asc3550 - ok
10:50:15.0375 0264 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:50:15.0375 0264 aspnet_state - ok
10:50:15.0453 0264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:50:15.0453 0264 AsyncMac - ok
10:50:15.0500 0264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:50:15.0500 0264 atapi - ok
10:50:15.0531 0264 Atdisk - ok
10:50:15.0593 0264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:50:15.0593 0264 Atmarpc - ok
10:50:15.0640 0264 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:50:15.0656 0264 AudioSrv - ok
10:50:15.0687 0264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:50:15.0687 0264 audstub - ok
10:50:16.0046 0264 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
10:50:16.0125 0264 AVGIDSAgent - ok
10:50:16.0218 0264 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:50:16.0218 0264 AVGIDSDriver - ok
10:50:16.0296 0264 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
10:50:16.0296 0264 AVGIDSFilter - ok
10:50:16.0343 0264 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:50:16.0359 0264 AVGIDSHX - ok
10:50:16.0437 0264 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:50:16.0437 0264 AVGIDSShim - ok
10:50:16.0500 0264 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:50:16.0515 0264 Avgldx86 - ok
10:50:16.0562 0264 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:50:16.0562 0264 Avgmfx86 - ok
10:50:16.0640 0264 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:50:16.0640 0264 Avgrkx86 - ok
10:50:16.0718 0264 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:50:16.0718 0264 Avgtdix - ok
10:50:16.0796 0264 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
10:50:16.0796 0264 avgtp - ok
10:50:16.0875 0264 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:50:16.0875 0264 avgwd - ok
10:50:16.0984 0264 [ 9372CC48814A17E67C28945EB4ACC189 ] basic2 C:\WINDOWS\system32\DRIVERS\basic2.sys
10:50:16.0984 0264 basic2 - ok
10:50:17.0078 0264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:50:17.0078 0264 Beep - ok
10:50:17.0296 0264 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120823.005\BHDrvx86.sys
10:50:17.0312 0264 BHDrvx86 - ok
10:50:17.0421 0264 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:50:17.0421 0264 BITS - ok
10:50:17.0484 0264 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
10:50:17.0484 0264 Browser - ok
10:50:17.0562 0264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:50:17.0562 0264 cbidf2k - ok
10:50:17.0640 0264 ccSet_NAV - ok
10:50:17.0687 0264 cd20xrnt - ok
10:50:17.0765 0264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:50:17.0765 0264 Cdaudio - ok
10:50:17.0843 0264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:50:17.0843 0264 Cdfs - ok
10:50:17.0921 0264 [ 4AC2E023B8BBEE458816D30DB0BF149A ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
10:50:17.0921 0264 Cdr4_xp - ok
10:50:18.0000 0264 [ 7E56D7AB50E08B393B640C0BE898C752 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
10:50:18.0000 0264 Cdralw2k - ok
10:50:18.0062 0264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:50:18.0062 0264 Cdrom - ok
10:50:18.0125 0264 Changer - ok
10:50:18.0187 0264 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
10:50:18.0187 0264 cisvc - ok
10:50:18.0281 0264 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:50:18.0281 0264 ClipSrv - ok
10:50:18.0359 0264 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:50:18.0468 0264 clr_optimization_v2.0.50727_32 - ok
10:50:18.0531 0264 CmdIde - ok
10:50:18.0593 0264 COMSysApp - ok
10:50:18.0671 0264 Cpqarray - ok
10:50:18.0859 0264 cpuz132 - ok
10:50:18.0937 0264 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:50:18.0953 0264 CryptSvc - ok
10:50:18.0968 0264 dac2w2k - ok
10:50:19.0000 0264 dac960nt - ok
10:50:19.0078 0264 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:50:19.0093 0264 DcomLaunch - ok
10:50:19.0187 0264 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:50:19.0187 0264 Dhcp - ok
10:50:19.0265 0264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:50:19.0281 0264 Disk - ok
10:50:19.0343 0264 dlcc_device - ok
10:50:19.0390 0264 dmadmin - ok
10:50:19.0515 0264 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:50:19.0562 0264 dmboot - ok
10:50:19.0640 0264 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:50:19.0656 0264 dmio - ok
10:50:19.0718 0264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:50:19.0718 0264 dmload - ok
10:50:19.0796 0264 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:50:19.0796 0264 dmserver - ok
10:50:19.0890 0264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:50:19.0890 0264 DMusic - ok
10:50:19.0968 0264 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:50:19.0968 0264 Dnscache - ok
10:50:20.0062 0264 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:50:20.0078 0264 Dot3svc - ok
10:50:20.0125 0264 dpti2o - ok
10:50:20.0203 0264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:50:20.0203 0264 drmkaud - ok
10:50:20.0281 0264 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:50:20.0281 0264 EapHost - ok
10:50:20.0468 0264 [ FCE87BA643D5E9A8B6E0378508D1B22D ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:50:20.0500 0264 eeCtrl - ok
10:50:20.0578 0264 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:50:20.0578 0264 ERSvc - ok
10:50:20.0671 0264 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:50:20.0687 0264 Eventlog - ok
10:50:20.0750 0264 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
10:50:20.0765 0264 EventSystem - ok
10:50:20.0875 0264 [ 9EA76A7F28CD968F8ADC709E479F23B2 ] Fallback C:\WINDOWS\system32\DRIVERS\fallback.sys
10:50:20.0890 0264 Fallback - ok
10:50:20.0968 0264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:50:20.0984 0264 Fastfat - ok
10:50:21.0078 0264 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:50:21.0078 0264 FastUserSwitchingCompatibility - ok
10:50:21.0156 0264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:50:21.0171 0264 Fdc - ok
10:50:21.0250 0264 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:50:21.0250 0264 Fips - ok
10:50:21.0343 0264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:50:21.0343 0264 Flpydisk - ok
10:50:21.0421 0264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:50:21.0421 0264 FltMgr - ok
10:50:21.0531 0264 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:50:21.0531 0264 FontCache3.0.0.0 - ok
10:50:21.0890 0264 [ B7B262D0431374F3AFD1349E35B368D9 ] Fsks C:\WINDOWS\system32\DRIVERS\fsksnt.sys
10:50:21.0890 0264 Fsks - ok
10:50:21.0937 0264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:50:21.0937 0264 Fs_Rec - ok
10:50:21.0953 0264 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:50:21.0953 0264 Ftdisk - ok
10:50:22.0000 0264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:50:22.0000 0264 Gpc - ok
10:50:22.0109 0264 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:50:22.0109 0264 helpsvc - ok
10:50:22.0140 0264 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:50:22.0156 0264 HidServ - ok
10:50:22.0187 0264 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:50:22.0187 0264 HidUsb - ok
10:50:22.0265 0264 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:50:22.0265 0264 hkmsvc - ok
10:50:22.0281 0264 hpn - ok
10:50:22.0406 0264 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:50:22.0421 0264 hpqcxs08 - ok
10:50:22.0468 0264 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:50:22.0468 0264 hpqddsvc - ok
10:50:22.0468 0264 hpt3xx - ok
10:50:22.0515 0264 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:50:22.0515 0264 HPZid412 - ok
10:50:22.0531 0264 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:50:22.0531 0264 HPZipr12 - ok
10:50:22.0562 0264 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:50:22.0562 0264 HPZius12 - ok
10:50:22.0593 0264 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
10:50:22.0609 0264 HSFHWBS2 - ok
10:50:22.0687 0264 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
10:50:22.0734 0264 HSF_DP - ok
10:50:22.0781 0264 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
10:50:22.0812 0264 hsf_msft - ok
10:50:22.0890 0264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:50:22.0921 0264 HTTP - ok
10:50:22.0984 0264 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:50:22.0984 0264 HTTPFilter - ok
10:50:23.0000 0264 i2omgmt - ok
10:50:23.0000 0264 i2omp - ok
10:50:23.0031 0264 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:50:23.0031 0264 i8042prt - ok
10:50:23.0078 0264 [ 4755DB407CECCD6B91F4B683C3197187 ] IdeBusDr C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
10:50:23.0078 0264 IdeBusDr - ok
10:50:23.0109 0264 [ B5E01B50B08B440018F437AEBED0BCCF ] IdeChnDr C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
10:50:23.0109 0264 IdeChnDr - ok
10:50:23.0203 0264 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:50:23.0250 0264 idsvc - ok
10:50:23.0343 0264 [ 46813C427BF1A937E6F7D1243399B608 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120828.001\IDSxpx86.sys
10:50:23.0375 0264 IDSxpx86 - ok
10:50:23.0390 0264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:50:23.0406 0264 Imapi - ok
10:50:23.0453 0264 [ E3FCAEDB786EADB9D3983DE60AE57946 ] ImapiService C:\WINDOWS\System32\ImapiRox.exe
10:50:23.0468 0264 ImapiService - ok
10:50:23.0468 0264 ini910u - ok
10:50:23.0515 0264 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:50:23.0515 0264 IntelIde - ok
10:50:23.0546 0264 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:50:23.0546 0264 ip6fw - ok
10:50:23.0578 0264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:50:23.0578 0264 IpFilterDriver - ok
10:50:23.0609 0264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:50:23.0609 0264 IpInIp - ok
10:50:23.0640 0264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:50:23.0656 0264 IpNat - ok
10:50:23.0687 0264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:50:23.0703 0264 IPSec - ok
10:50:23.0718 0264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:50:23.0718 0264 IRENUM - ok
10:50:23.0734 0264 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:50:23.0734 0264 isapnp - ok
10:50:23.0843 0264 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:50:23.0859 0264 JavaQuickStarterService - ok
10:50:23.0906 0264 [ A4E3277398C8ABA999483D4C658C9696 ] K56 C:\WINDOWS\system32\DRIVERS\k56nt.sys
10:50:23.0921 0264 K56 - ok
10:50:23.0937 0264 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:50:23.0937 0264 Kbdclass - ok
10:50:23.0984 0264 [ 24BB6CA00ED8C91DAE2FD13E5F6EEC39 ] KLSIENET C:\WINDOWS\system32\DRIVERS\usb101et.sys
10:50:24.0000 0264 KLSIENET - ok
10:50:24.0031 0264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:50:24.0031 0264 kmixer - ok
10:50:24.0078 0264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:50:24.0078 0264 KSecDD - ok
10:50:24.0125 0264 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:50:24.0140 0264 lanmanserver - ok
10:50:24.0187 0264 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:50:24.0187 0264 lanmanworkstation - ok
10:50:24.0203 0264 lbrtfdc - ok
10:50:24.0250 0264 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:50:24.0250 0264 LmHosts - ok
10:50:24.0281 0264 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:50:24.0296 0264 mdmxsdk - ok
10:50:24.0328 0264 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:50:24.0328 0264 Messenger - ok
10:50:24.0359 0264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:50:24.0359 0264 mnmdd - ok
10:50:24.0406 0264 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
10:50:24.0406 0264 mnmsrvc - ok
10:50:24.0437 0264 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:50:24.0437 0264 Modem - ok
10:50:24.0453 0264 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:50:24.0453 0264 MODEMCSA - ok
10:50:24.0453 0264 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:50:24.0453 0264 Mouclass - ok
10:50:24.0468 0264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:24.0468 0264 MountMgr - ok
10:50:24.0468 0264 mraid35x - ok
10:50:24.0515 0264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:24.0531 0264 MRxDAV - ok
10:50:24.0578 0264 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:24.0609 0264 MRxSmb - ok
10:50:24.0640 0264 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
10:50:24.0640 0264 MSDTC - ok
10:50:24.0656 0264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:50:24.0671 0264 Msfs - ok
10:50:24.0671 0264 MSIServer - ok
10:50:24.0703 0264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:24.0703 0264 MSKSSRV - ok
10:50:24.0734 0264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:24.0750 0264 MSPCLOCK - ok
10:50:24.0765 0264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:24.0765 0264 MSPQM - ok
10:50:24.0796 0264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:24.0796 0264 mssmbios - ok
10:50:24.0875 0264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:50:24.0921 0264 Mup - ok
10:50:24.0984 0264 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:50:25.0000 0264 napagent - ok
10:50:25.0078 0264 NAV - ok
10:50:25.0140 0264 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120828.034\NAVENG.SYS
10:50:25.0156 0264 NAVENG - ok
10:50:25.0265 0264 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120828.034\NAVEX15.SYS
10:50:25.0328 0264 NAVEX15 - ok
10:50:25.0359 0264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:50:25.0375 0264 NDIS - ok
10:50:25.0406 0264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:25.0406 0264 NdisTapi - ok
10:50:25.0453 0264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:25.0453 0264 Ndisuio - ok
10:50:25.0484 0264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:25.0500 0264 NdisWan - ok
10:50:25.0515 0264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:25.0531 0264 NDProxy - ok
10:50:25.0578 0264 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:50:25.0593 0264 Net Driver HPZ12 - ok
10:50:25.0593 0264 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:25.0593 0264 NetBIOS - ok
10:50:25.0656 0264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:25.0656 0264 NetBT - ok
10:50:25.0703 0264 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:50:25.0718 0264 NetDDE - ok
10:50:25.0718 0264 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:50:25.0734 0264 NetDDEdsdm - ok
10:50:25.0750 0264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
10:50:25.0750 0264 Netlogon - ok
10:50:25.0812 0264 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:50:25.0828 0264 Netman - ok
10:50:25.0875 0264 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:50:25.0875 0264 NetTcpPortSharing - ok
10:50:25.0921 0264 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:50:25.0937 0264 Nla - ok
10:50:25.0984 0264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:50:25.0984 0264 Npfs - ok
10:50:26.0015 0264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:26.0031 0264 Ntfs - ok
10:50:26.0046 0264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
10:50:26.0046 0264 NtLmSsp - ok
10:50:26.0109 0264 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:50:26.0140 0264 NtmsSvc - ok
10:50:26.0156 0264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:50:26.0156 0264 Null - ok
10:50:26.0250 0264 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:50:26.0328 0264 nv - ok
10:50:26.0406 0264 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
10:50:26.0453 0264 nv4 - ok
10:50:26.0500 0264 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:50:26.0515 0264 NVSvc - ok
10:50:26.0546 0264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:26.0546 0264 NwlnkFlt - ok
10:50:26.0562 0264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:26.0562 0264 NwlnkFwd - ok
10:50:26.0593 0264 [ E1E54131462B63EFEFAF14ACA8E4012B ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
10:50:26.0593 0264 OMCI - ok
10:50:26.0687 0264 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:50:26.0687 0264 ose - ok
10:50:26.0734 0264 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:26.0734 0264 Parport - ok
10:50:26.0750 0264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:26.0750 0264 PartMgr - ok
10:50:26.0796 0264 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:26.0796 0264 ParVdm - ok
10:50:26.0812 0264 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:26.0828 0264 PCI - ok
10:50:26.0828 0264 PCIDump - ok
10:50:26.0843 0264 PCIIde - ok
10:50:26.0859 0264 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:26.0875 0264 Pcmcia - ok
10:50:26.0875 0264 PDCOMP - ok
10:50:26.0890 0264 PDFRAME - ok
10:50:26.0890 0264 PDRELI - ok
10:50:26.0890 0264 PDRFRAME - ok
10:50:26.0906 0264 perc2 - ok
10:50:26.0906 0264 perc2hib - ok
10:50:26.0953 0264 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:50:26.0953 0264 PlugPlay - ok
10:50:27.0015 0264 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:50:27.0015 0264 Pml Driver HPZ12 - ok
10:50:27.0015 0264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
10:50:27.0031 0264 PolicyAgent - ok
10:50:27.0062 0264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:27.0062 0264 PptpMiniport - ok
10:50:27.0078 0264 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:50:27.0078 0264 Processor - ok
10:50:27.0093 0264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:50:27.0093 0264 ProtectedStorage - ok
10:50:27.0109 0264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:27.0140 0264 PSched - ok
10:50:27.0156 0264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:27.0156 0264 Ptilink - ok
10:50:27.0171 0264 ql1080 - ok
10:50:27.0171 0264 Ql10wnt - ok
10:50:27.0203 0264 ql12160 - ok
10:50:27.0203 0264 ql1240 - ok
10:50:27.0218 0264 ql1280 - ok
10:50:27.0218 0264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:27.0218 0264 RasAcd - ok
10:50:27.0265 0264 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:50:27.0265 0264 RasAuto - ok
10:50:27.0296 0264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:27.0296 0264 Rasl2tp - ok
10:50:27.0343 0264 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:50:27.0359 0264 RasMan - ok
10:50:27.0359 0264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:27.0375 0264 RasPppoe - ok
10:50:27.0375 0264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:27.0375 0264 Raspti - ok
10:50:27.0421 0264 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:27.0421 0264 Rdbss - ok
10:50:27.0437 0264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:27.0437 0264 RDPCDD - ok
10:50:27.0484 0264 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:27.0484 0264 RDPWD - ok
10:50:27.0515 0264 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:50:27.0531 0264 RDSessMgr - ok
10:50:27.0578 0264 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:27.0578 0264 redbook - ok
10:50:27.0609 0264 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:50:27.0609 0264 RemoteAccess - ok
10:50:27.0656 0264 [ 4C35E57300A2DC5932A8E29EFA527C32 ] Rksample C:\WINDOWS\system32\DRIVERS\rksample.sys
10:50:27.0656 0264 Rksample - ok
10:50:27.0703 0264 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
10:50:27.0703 0264 RpcLocator - ok
10:50:27.0750 0264 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:50:27.0750 0264 RpcSs - ok
10:50:27.0796 0264 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
10:50:27.0812 0264 RSVP - ok
10:50:27.0828 0264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:50:27.0828 0264 SamSs - ok
10:50:27.0859 0264 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:50:27.0859 0264 SCardSvr - ok
10:50:27.0906 0264 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:50:27.0921 0264 Schedule - ok
10:50:27.0968 0264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:27.0968 0264 Secdrv - ok
10:50:28.0000 0264 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:50:28.0015 0264 seclogon - ok
10:50:28.0046 0264 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:50:28.0062 0264 SENS - ok
10:50:28.0093 0264 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:28.0093 0264 serenum - ok
10:50:28.0156 0264 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:28.0156 0264 Serial - ok
10:50:28.0187 0264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:28.0187 0264 Sfloppy - ok
10:50:28.0234 0264 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:50:28.0281 0264 SharedAccess - ok
10:50:28.0296 0264 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:50:28.0296 0264 ShellHWDetection - ok
10:50:28.0312 0264 Simbad - ok
10:50:28.0484 0264 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:50:28.0656 0264 Skype C2C Service - ok
10:50:28.0765 0264 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:50:28.0781 0264 SkypeUpdate - ok
10:50:28.0843 0264 [ BD3E236281547C681DFC7C947531B726 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
10:50:28.0890 0264 smwdm - ok
10:50:28.0921 0264 [ 413CFA795CAD19A010889DF0EC060408 ] SoftFax C:\WINDOWS\system32\DRIVERS\faxnt.sys
10:50:28.0937 0264 SoftFax - ok
10:50:28.0968 0264 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:50:28.0968 0264 SONYPVU1 - ok
10:50:28.0968 0264 Sparrow - ok
10:50:28.0984 0264 [ C11082C80723771C1979EACF7FDDE1C3 ] SpeakerPhone C:\WINDOWS\system32\DRIVERS\spkpnt.sys
10:50:28.0984 0264 SpeakerPhone - ok
10:50:29.0015 0264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:50:29.0015 0264 splitter - ok
10:50:29.0062 0264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:50:29.0062 0264 Spooler - ok
10:50:29.0109 0264 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:29.0125 0264 sr - ok
10:50:29.0171 0264 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
10:50:29.0187 0264 srservice - ok
10:50:29.0250 0264 SRTSP - ok
10:50:29.0250 0264 SRTSPX - ok
10:50:29.0296 0264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:29.0312 0264 Srv - ok
10:50:29.0359 0264 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:50:29.0359 0264 SSDPSRV - ok
10:50:29.0406 0264 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:50:29.0421 0264 stisvc - ok
10:50:29.0453 0264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:29.0453 0264 swenum - ok
10:50:29.0484 0264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:50:29.0484 0264 swmidi - ok
10:50:29.0500 0264 SwPrv - ok
10:50:29.0515 0264 symc810 - ok
10:50:29.0515 0264 symc8xx - ok
10:50:29.0515 0264 SymDS - ok
10:50:29.0546 0264 SymEFA - ok
10:50:29.0593 0264 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:50:29.0609 0264 SymEvent - ok
10:50:29.0609 0264 SymIRON - ok
10:50:29.0625 0264 SYMTDI - ok
10:50:29.0625 0264 sym_hi - ok
10:50:29.0625 0264 sym_u3 - ok
10:50:29.0671 0264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:29.0671 0264 sysaudio - ok
10:50:29.0703 0264 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:50:29.0718 0264 SysmonLog - ok
10:50:29.0765 0264 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:50:29.0796 0264 TapiSrv - ok
10:50:29.0843 0264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:29.0890 0264 Tcpip - ok
10:50:29.0937 0264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:29.0937 0264 TDPIPE - ok
10:50:29.0968 0264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:29.0968 0264 TDTCP - ok
10:50:29.0984 0264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:30.0000 0264 TermDD - ok
10:50:30.0046 0264 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:50:30.0062 0264 TermService - ok
10:50:30.0078 0264 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:50:30.0093 0264 Themes - ok
10:50:30.0093 0264 [ E0F10A379239B4FAB319C55A9CD6BC96 ] Tones C:\WINDOWS\system32\DRIVERS\tonesnt.sys
10:50:30.0093 0264 Tones - ok
10:50:30.0109 0264 TosIde - ok
10:50:30.0156 0264 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:50:30.0156 0264 TrkWks - ok
10:50:30.0203 0264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:50:30.0203 0264 Udfs - ok
10:50:30.0203 0264 ultra - ok
10:50:30.0265 0264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:50:30.0281 0264 Update - ok
10:50:30.0343 0264 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:50:30.0359 0264 upnphost - ok
10:50:30.0375 0264 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:50:30.0375 0264 UPS - ok
10:50:30.0406 0264 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:50:30.0421 0264 usbaudio - ok
10:50:30.0484 0264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:30.0484 0264 usbccgp - ok
10:50:30.0500 0264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:30.0500 0264 usbhub - ok
10:50:30.0546 0264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:50:30.0546 0264 usbprint - ok
10:50:30.0546 0264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:50:30.0562 0264 usbscan - ok
10:50:30.0562 0264 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:30.0562 0264 USBSTOR - ok
10:50:30.0593 0264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:30.0593 0264 usbuhci - ok
10:50:30.0625 0264 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS_XP C:\WINDOWS\system32\DRIVERS\usb8023.sys
10:50:30.0625 0264 USB_RNDIS_XP - ok
10:50:30.0687 0264 [ 177B65899D418F8C8F037B20567A99D6 ] V124 C:\WINDOWS\system32\DRIVERS\v124nt.sys
10:50:30.0718 0264 V124 - ok
10:50:30.0718 0264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:50:30.0734 0264 VgaSave - ok
10:50:30.0734 0264 ViaIde - ok
10:50:30.0750 0264 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:30.0750 0264 VolSnap - ok
10:50:30.0781 0264 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:50:30.0796 0264 VSS - ok
10:50:30.0937 0264 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
10:50:30.0984 0264 vToolbarUpdater12.2.0 - ok
10:50:31.0093 0264 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
10:50:31.0125 0264 W32Time - ok
10:50:31.0125 0264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:31.0125 0264 Wanarp - ok
10:50:31.0140 0264 WDICA - ok
10:50:31.0171 0264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:31.0171 0264 wdmaud - ok
10:50:31.0203 0264 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:50:31.0203 0264 WebClient - ok
10:50:31.0250 0264 [ A941AA38E3951058E584C4BBDDD56ED9 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:50:31.0281 0264 winachsf - ok
10:50:31.0390 0264 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:50:31.0390 0264 winmgmt - ok
10:50:31.0437 0264 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:50:31.0437 0264 WmdmPmSN - ok
10:50:31.0750 0264 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:50:31.0750 0264 WmiApSrv - ok
10:50:31.0890 0264 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:50:31.0921 0264 WMPNetworkSvc - ok
10:50:32.0015 0264 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:50:32.0015 0264 WS2IFSL - ok
10:50:32.0093 0264 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:50:32.0109 0264 wscsvc - ok
10:50:32.0171 0264 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:50:32.0203 0264 wuauserv - ok
10:50:32.0296 0264 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:50:32.0312 0264 WudfPf - ok
10:50:32.0375 0264 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:50:32.0390 0264 WudfSvc - ok
10:50:32.0468 0264 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:50:32.0484 0264 WZCSVC - ok
10:50:32.0578 0264 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:50:32.0593 0264 xmlprov - ok
10:50:32.0734 0264 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:50:32.0750 0264 YahooAUService - ok
10:50:32.0843 0264 ================ Scan global ===============================
10:50:32.0890 0264 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:50:32.0968 0264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:50:33.0015 0264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:50:33.0093 0264 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:50:33.0093 0264 [Global] - ok
10:50:33.0109 0264 ================ Scan MBR ==================================
10:50:33.0156 0264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:50:33.0421 0264 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:50:33.0421 0264 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:50:33.0437 0264 ================ Scan VBR ==================================
10:50:33.0468 0264 [ AA838D167AFED9F901C0A3EB7B8168EF ] \Device\Harddisk0\DR0\Partition1
10:50:33.0468 0264 \Device\Harddisk0\DR0\Partition1 - ok
10:50:33.0484 0264 ============================================================
10:50:33.0484 0264 Scan finished
10:50:33.0484 0264 ============================================================
10:50:33.0562 1448 Detected object count: 1
10:50:33.0562 1448 Actual detected object count: 1
10:51:46.0968 1448 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:51:47.0015 1448 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:51:47.0031 1448 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:51:47.0031 1448 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:51:47.0031 1448 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:51:47.0046 1448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:51:47.0046 1448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:51:47.0046 1448 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:51:47.0062 1448 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:51:47.0062 1448 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:51:47.0062 1448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:51:47.0062 1448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:51:47.0093 1448 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:51:47.0093 1448 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:51:47.0109 1448 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:51:47.0109 1448 \Device\Harddisk0\DR0\TDLFS - deleted
10:51:47.0109 1448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
10:55:35.0953 1468 Deinitialize success

2. Downloaded Malwarebytes. Conducted the Full System Scan and on the first try,came up with no infected items.

3. Minitool Box Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 02-09-2012 at 12:37:42
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Westell WireSpeed Dual Connect Modem = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : launchmodem.com



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : launchmodem.com

Description . . . . . . . . . . . : Westell WireSpeed Dual Connect Modem

Physical Address. . . . . . . . . : 00-18-3A-41-08-87

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.97

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

192.168.1.254

Lease Obtained. . . . . . . . . . : Sunday, September 02, 2012 12:16:44 PM

Lease Expires . . . . . . . . . . : Monday, September 03, 2012 12:16:44 PM

Server: launchmodem
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.137.101, 74.125.137.102, 74.125.137.113, 74.125.137.138
74.125.137.139, 74.125.137.100



Pinging google.com [74.125.137.101] with 32 bytes of data:



Reply from 74.125.137.101: bytes=32 time=31ms TTL=41

Reply from 74.125.137.101: bytes=32 time=32ms TTL=41



Ping statistics for 74.125.137.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 32ms, Average = 31ms

Server: launchmodem
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=132ms TTL=42

Reply from 98.138.253.109: bytes=32 time=181ms TTL=41



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 132ms, Maximum = 181ms, Average = 156ms

Server: launchmodem
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 3a 41 08 87 ...... Westell WireSpeed Dual Connect Modem - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.97 192.168.1.97 30
192.168.1.97 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.97 192.168.1.97 30
224.0.0.0 240.0.0.0 192.168.1.97 192.168.1.97 30
255.255.255.255 255.255.255.255 192.168.1.97 192.168.1.97 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2012 10:49:39 AM) (Source: Application Error) (User: )
Description: Faulting application tdsskiller[1].exe, version 2.8.8.0, faulting module tdsskiller[1].exe, version 2.8.8.0, fault address 0x000bf447.
Processing media-specific event for [tdsskiller[1].exe!ws!]

Error: (09/02/2012 10:32:09 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (09/01/2012 04:28:34 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80004004.

Error: (09/01/2012 03:09:38 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 15376, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/01/2012 03:09:33 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (09/01/2012 03:09:33 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 15376, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/01/2012 03:08:31 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (09/01/2012 03:08:31 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 15376, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/01/2012 01:31:25 AM) (Source: Application Hang) (User: )
Description: Fault bucket 736169863.

Error: (09/01/2012 01:31:09 AM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/02/2012 00:18:54 PM) (Source: DCOM) (User: DELL1)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2012 00:18:43 PM) (Source: DCOM) (User: DELL1)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2012 00:18:36 PM) (Source: DCOM) (User: DELL1)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2012 00:18:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
BHDrvx86
ccSet_NAV
eeCtrl
Fips
OMCI
Processor
SRTSP
SRTSPX
SymDS
SymEFA
SymIRON
SYMTDI

Error: (09/02/2012 00:17:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/02/2012 11:56:19 AM) (Source: Service Control Manager) (User: )
Description: The dlcc_device service failed to start due to the following error:
%%1053

Error: (09/02/2012 11:56:19 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the dlcc_device service to connect.

Error: (09/02/2012 11:56:18 AM) (Source: DCOM) (User: DELL1)
Description: DCOM got error "%%1053" attempting to start the service dlcc_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441069}

Error: (09/02/2012 11:55:39 AM) (Source: DCOM) (User: DELL1)
Description: DCOM got error "%%1053" attempting to start the service dlcc_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441069}

Error: (09/02/2012 11:55:37 AM) (Source: Service Control Manager) (User: )
Description: The dlcc_device service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (09/02/2012 10:49:39 AM) (Source: Application Error)(User: )
Description: tdsskiller[1].exe2.8.8.0tdsskiller[1].exe2.8.8.0000bf447

Error: (09/02/2012 10:32:09 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (09/01/2012 04:28:34 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80004004.

Error: (09/01/2012 03:09:38 PM) (Source: LoadPerf)(User: )
Description: 15376

Error: (09/01/2012 03:09:33 PM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (09/01/2012 03:09:33 PM) (Source: LoadPerf)(User: )
Description: 15376

Error: (09/01/2012 03:08:31 PM) (Source: LoadPerf)(User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727

Error: (09/01/2012 03:08:31 PM) (Source: LoadPerf)(User: )
Description: 15376

Error: (09/01/2012 01:31:25 AM) (Source: Application Hang)(User: )
Description: 736169863

Error: (09/01/2012 01:31:09 AM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 9.5.2 (Version: 9.5.2)
AT&T Toolbar
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Backup Dell-Installed Programs (Version: 2.01.0000)
BellSouth Application Management
BellSouth FastAccess DSL WEB Controls
BellSouth Internet Security - Alert Manager 1.5.11 (Version: 1.5.11)
BufferChm (Version: 140.0.212.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Copy (Version: 140.0.212.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CP_Package_Variety1 (Version: 61.0.163.000)
CP_Package_Variety2 (Version: 61.0.163.000)
CP_Package_Variety3 (Version: 61.0.163.000)
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
Dell ResourceCD
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000)
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
ESET Online Scanner v3
F4400 (Version: 140.0.696.000)
GPBaseService2 (Version: 140.0.211.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
Intel Application Accelerator
Jasc Paint Shop Photo Album 5 (Version: 5.21)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.00.0000)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002 (Version: 10.0.50)
Microsoft Money 2002 System Pack (Version: 10.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.8305.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton AntiVirus (Version: 19.7.1.5)
NVIDIA Windows 2000/XP Display Drivers
QFolder (Version: 1.00.0000)
Rights Management Add-on for Internet Explorer (Version: 1.0.1.0000)
Scan (Version: 140.0.80.000)
Segoe UI (Version: 14.0.4327.805)
Shop for HP Supplies (Version: 14.0)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.8 (Version: 5.8.158)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 140.0.212.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 140.0.212.017)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Rights Management Client (Version: 5.2.7)
Windows Rights Management Client Backwards Compatibility (Version: 5.2.7)
Windows XP Service Pack 3 (Version: 20080414.031525)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 511.3 MB
Available physical RAM: 232.99 MB
Total Pagefile: 1248.8 MB
Available Pagefile: 1086.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.29 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:51.09 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL1

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


**** End of log ****

4. FSS Log: Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 02-09-2012 at 12:40:38
Running from "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XECDSTUJ"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\System32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(10) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

5. Adware Cleaner: # AdwCleaner v2.000 - Logfile created 09/02/2012 at 12:45:24
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DELL1
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T4BNGQ9M\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={D3A4A622-877E-4774-97F0-66D16DB5C1C1}&mid=c771ef3c240247d09f91d1517ca5e174-4a395ca11533b4d0cec790c0fc6f1c469f5d057b&lang=en&ds=AVG&pr=fr&d=2012-08-30 18:21:30&v=12.2.0.5&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[S2].txt - [4908 octets] - [02/09/2012 12:45:24]

########## EOF - C:\AdwCleaner[S2].txt - [4968 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 02 September 2012 - 09:54 PM

The start type of wscsvc service is set to Disabled. The default start type is Auto.


Press Windows+R key and type

services.msc and click ok

Right click on security center-properties

Change the startup type to automatic and start it

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 gman3183

gman3183
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 September 2012 - 10:59 PM

Thank you. I changed the wscsvc service default start type to Auto. I couldn't conduct the change in safe mode so I started the computer in regular mode and done it.

RKill Log:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 10:50:10 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* ImapiService => C:\WINDOWS\System32\ImapiRox.exe [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/02/2012 10:51:41 PM
Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 02 September 2012 - 11:22 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 gman3183

gman3183
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 03 September 2012 - 01:16 AM

Thank you for your assistance!! That did the trick! :thumbup2:

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 03 September 2012 - 04:23 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users