Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Error. Hard Disk Failure Detected


  • Please log in to reply
12 replies to this topic

#1 atlanticpt

atlanticpt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 01 September 2012 - 05:12 PM

the desktop background is now black, a get a dozen pop ups that states:

System Message - Write Fault Error
A write command during the test has failed. This may be due to media or read/write error. The system gemeratesan exception error when using a reference to an invalid system memory address.

Then I get a pop up that states:

System Error. Hard Disk Failure Detected
It's highly recomended to run a complete HDD scan to prevent loss of personal files
Run Scan or Close and Restart


The desktop has been wipe clean except for the the recycle bin, internet explorer(which doesn't work) & windows explore. All my other files & programs are gone. There is also nothing in the start up menue except for windows word. Not even the control panel is showing.
Starting in Safe Mode, the desktop & start menue are the same, except i dont get the pop ups.

i wanted to try and run rkill from my flash drive, but i cant even get to the driver to start it.

Any help would be great

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 01 September 2012 - 05:45 PM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 02 September 2012 - 10:03 AM

22:08:00.0359 1624 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:08:00.0656 1624 ============================================================
22:08:00.0656 1624 Current date / time: 2012/09/01 22:08:00.0656
22:08:00.0656 1624 SystemInfo:
22:08:00.0656 1624
22:08:00.0656 1624 OS Version: 5.1.2600 ServicePack: 3.0
22:08:00.0656 1624 Product type: Workstation
22:08:00.0656 1624 ComputerName: YOUR-F78BF48CE2
22:08:00.0656 1624 UserName: HP_Owner
22:08:00.0656 1624 Windows directory: C:\WINDOWS
22:08:00.0656 1624 System windows directory: C:\WINDOWS
22:08:00.0656 1624 Processor architecture: Intel x86
22:08:00.0656 1624 Number of processors: 1
22:08:00.0656 1624 Page size: 0x1000
22:08:00.0656 1624 Boot type: Safe boot with network
22:08:00.0656 1624 ============================================================
22:08:01.0046 1624 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:08:01.0046 1624 Drive \Device\Harddisk1\DR1 - Size: 0x40DBF2000 (16.21 Gb), SectorSize: 0x200, Cylinders: 0x844, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:08:01.0046 1624 Drive \Device\Harddisk2\DR6 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:08:01.0203 1624 ============================================================
22:08:01.0203 1624 \Device\Harddisk0\DR0:
22:08:01.0234 1624 MBR partitions:
22:08:01.0234 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF1931
22:08:01.0234 1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDF1970, BlocksNum 0xAC5B610
22:08:01.0234 1624 \Device\Harddisk1\DR1:
22:08:01.0234 1624 MBR partitions:
22:08:01.0234 1624 \Device\Harddisk2\DR6:
22:08:01.0234 1624 MBR partitions:
22:08:01.0234 1624 \Device\Harddisk2\DR6\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7797E0
22:08:01.0234 1624 ============================================================
22:08:01.0265 1624 C: <-> \Device\Harddisk0\DR0\Partition2
22:08:01.0265 1624 D: <-> \Device\Harddisk0\DR0\Partition1
22:08:01.0265 1624 ============================================================
22:08:01.0265 1624 Initialize success
22:08:01.0265 1624 ============================================================
22:08:14.0703 1668 ============================================================
22:08:14.0703 1668 Scan started
22:08:14.0703 1668 Mode: Manual; TDLFS;
22:08:14.0703 1668 ============================================================
22:08:18.0562 1668 ================ Scan system memory ========================
22:08:18.0562 1668 System memory - ok
22:08:18.0578 1668 ================ Scan services =============================
22:08:19.0203 1668 [ 2A8681AEA24003040CA7D677BE9F1702 ] 45947910 C:\WINDOWS\system32\drivers\13406946.sys
22:08:19.0250 1668 Abiosdsk - ok
22:08:19.0281 1668 abp480n5 - ok
22:08:19.0390 1668 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:08:19.0390 1668 ACPI - ok
22:08:19.0437 1668 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:08:19.0437 1668 ACPIEC - ok
22:08:19.0484 1668 adfs - ok
22:08:19.0531 1668 adpu160m - ok
22:08:19.0625 1668 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:08:19.0640 1668 aec - ok
22:08:19.0750 1668 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:08:19.0750 1668 AFD - ok
22:08:20.0062 1668 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
22:08:20.0062 1668 AffinegyService - ok
22:08:20.0093 1668 AFGMp50 - ok
22:08:20.0140 1668 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
22:08:20.0156 1668 AFGSp50 - ok
22:08:20.0625 1668 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:08:20.0640 1668 AgereSoftModem - ok
22:08:20.0656 1668 Aha154x - ok
22:08:20.0703 1668 aic78u2 - ok
22:08:20.0750 1668 aic78xx - ok
22:08:21.0640 1668 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:08:21.0656 1668 ALCXWDM - ok
22:08:21.0718 1668 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:08:21.0718 1668 Alerter - ok
22:08:21.0859 1668 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:08:21.0859 1668 ALG - ok
22:08:21.0890 1668 AliIde - ok
22:08:21.0921 1668 amsint - ok
22:08:22.0140 1668 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
22:08:22.0140 1668 AOL ACS - ok
22:08:22.0296 1668 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
22:08:22.0296 1668 AOL TopSpeedMonitor - ok
22:08:22.0375 1668 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:08:22.0375 1668 Arp1394 - ok
22:08:22.0421 1668 asc - ok
22:08:22.0453 1668 asc3350p - ok
22:08:22.0484 1668 asc3550 - ok
22:08:22.0781 1668 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:08:22.0781 1668 aspnet_state - ok
22:08:22.0875 1668 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:08:22.0875 1668 AsyncMac - ok
22:08:22.0906 1668 atalk - ok
22:08:22.0984 1668 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:08:22.0984 1668 atapi - ok
22:08:23.0015 1668 Atdisk - ok
22:08:23.0093 1668 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:08:23.0093 1668 Atmarpc - ok
22:08:23.0203 1668 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:08:23.0203 1668 AudioSrv - ok
22:08:23.0312 1668 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:08:23.0312 1668 audstub - ok
22:08:23.0375 1668 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:08:23.0375 1668 Beep - ok
22:08:23.0453 1668 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
22:08:23.0453 1668 Browser - ok
22:08:23.0484 1668 bthpan - ok
22:08:23.0687 1668 catchme - ok
22:08:23.0781 1668 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:08:23.0781 1668 cbidf2k - ok
22:08:23.0812 1668 cd20xrnt - ok
22:08:23.0875 1668 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:08:23.0875 1668 Cdaudio - ok
22:08:23.0968 1668 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:08:23.0968 1668 Cdfs - ok
22:08:24.0031 1668 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\drivers\tsk6.tmp
22:08:24.0031 1668 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk6.tmp. md5: 1F4260CC5B42272D71F79E570A27A4FE
22:08:24.0078 1668 Changer - ok
22:08:24.0156 1668 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:08:24.0156 1668 CiSvc - ok
22:08:24.0203 1668 citrixxteserver - ok
22:08:24.0265 1668 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:08:24.0265 1668 ClipSrv - ok
22:08:24.0359 1668 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:24.0359 1668 clr_optimization_v2.0.50727_32 - ok
22:08:24.0375 1668 CmdIde - ok
22:08:24.0406 1668 COMSysApp - ok
22:08:24.0468 1668 Cpqarray - ok
22:08:24.0562 1668 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:08:24.0562 1668 CryptSvc - ok
22:08:24.0593 1668 dac2w2k - ok
22:08:24.0625 1668 dac960nt - ok
22:08:24.0828 1668 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:08:24.0843 1668 DcomLaunch - ok
22:08:24.0875 1668 dcpflics - ok
22:08:24.0921 1668 dcstor32 - ok
22:08:25.0015 1668 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:08:25.0031 1668 Dhcp - ok
22:08:25.0078 1668 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:08:25.0078 1668 Disk - ok
22:08:25.0125 1668 dmadmin - ok
22:08:25.0265 1668 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:08:25.0265 1668 dmboot - ok
22:08:25.0359 1668 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:08:25.0359 1668 dmio - ok
22:08:25.0406 1668 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:08:25.0406 1668 dmload - ok
22:08:25.0484 1668 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:08:25.0484 1668 dmserver - ok
22:08:25.0546 1668 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:08:25.0546 1668 DMusic - ok
22:08:25.0625 1668 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:08:25.0625 1668 Dnscache - ok
22:08:25.0718 1668 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:08:25.0718 1668 Dot3svc - ok
22:08:25.0750 1668 dpti2o - ok
22:08:25.0812 1668 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:08:25.0812 1668 drmkaud - ok
22:08:25.0859 1668 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:08:25.0859 1668 EapHost - ok
22:08:25.0906 1668 emu10k - ok
22:08:25.0968 1668 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:08:25.0984 1668 ERSvc - ok
22:08:26.0015 1668 ET5Drv - ok
22:08:26.0109 1668 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:08:26.0109 1668 Eventlog - ok
22:08:26.0234 1668 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:08:26.0250 1668 EventSystem - ok
22:08:26.0359 1668 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:08:26.0359 1668 Fastfat - ok
22:08:26.0437 1668 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:08:26.0437 1668 fasttx2k - ok
22:08:26.0546 1668 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:08:26.0562 1668 FastUserSwitchingCompatibility - ok
22:08:26.0687 1668 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:08:26.0703 1668 Fax - ok
22:08:26.0781 1668 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:08:26.0781 1668 Fdc - ok
22:08:26.0828 1668 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:08:26.0828 1668 Fips - ok
22:08:26.0906 1668 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:08:26.0906 1668 Flpydisk - ok
22:08:26.0984 1668 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:08:26.0984 1668 FltMgr - ok
22:08:27.0062 1668 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:08:27.0062 1668 FontCache3.0.0.0 - ok
22:08:27.0156 1668 FsFilter - ok
22:08:27.0218 1668 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:08:27.0218 1668 Fs_Rec - ok
22:08:27.0296 1668 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:08:27.0296 1668 Ftdisk - ok
22:08:27.0390 1668 [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:08:27.0390 1668 GEARAspiWDM - ok
22:08:27.0468 1668 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:08:27.0468 1668 Gpc - ok
22:08:27.0562 1668 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:08:27.0562 1668 helpsvc - ok
22:08:27.0640 1668 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:08:27.0640 1668 HidUsb - ok
22:08:27.0703 1668 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:08:27.0703 1668 hkmsvc - ok
22:08:27.0765 1668 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
22:08:27.0765 1668 HPFXBULK - ok
22:08:27.0812 1668 [ F728DB73A87231E27B6BA34D71CE2EDB ] HPFXFAX C:\WINDOWS\system32\drivers\hpfxfax.sys
22:08:27.0812 1668 HPFXFAX - ok
22:08:27.0859 1668 hpgate - ok
22:08:27.0875 1668 hpn - ok
22:08:28.0078 1668 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:08:28.0078 1668 hpqcxs08 - ok
22:08:28.0171 1668 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:08:28.0171 1668 hpqddsvc - ok
22:08:28.0218 1668 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:08:28.0218 1668 HPZid412 - ok
22:08:28.0250 1668 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:08:28.0250 1668 HPZipr12 - ok
22:08:28.0281 1668 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:08:28.0281 1668 HPZius12 - ok
22:08:28.0437 1668 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:08:28.0437 1668 HTTP - ok
22:08:28.0500 1668 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:08:28.0500 1668 HTTPFilter - ok
22:08:28.0531 1668 i2omgmt - ok
22:08:28.0562 1668 i2omp - ok
22:08:28.0625 1668 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:08:28.0625 1668 i8042prt - ok
22:08:28.0968 1668 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:08:28.0984 1668 ialm - ok
22:08:29.0000 1668 iastor - ok
22:08:29.0125 1668 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:08:29.0125 1668 IDriverT - ok
22:08:29.0390 1668 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:08:29.0390 1668 idsvc - ok
22:08:29.0437 1668 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:08:29.0437 1668 Imapi - ok
22:08:29.0531 1668 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:08:29.0546 1668 ImapiService - ok
22:08:29.0593 1668 ini910u - ok
22:08:29.0640 1668 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:08:29.0640 1668 IntelIde - ok
22:08:29.0703 1668 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:08:29.0703 1668 intelppm - ok
22:08:29.0750 1668 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:08:29.0750 1668 Ip6Fw - ok
22:08:29.0796 1668 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:08:29.0796 1668 IpFilterDriver - ok
22:08:29.0843 1668 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:08:29.0843 1668 IpInIp - ok
22:08:29.0921 1668 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:08:29.0921 1668 IpNat - ok
22:08:30.0046 1668 [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
22:08:30.0046 1668 iPodService - ok
22:08:30.0109 1668 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:08:30.0109 1668 IPSec - ok
22:08:30.0171 1668 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:08:30.0171 1668 IRENUM - ok
22:08:30.0234 1668 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:08:30.0234 1668 isapnp - ok
22:08:30.0375 1668 [ 511AB23A292497F2C527EEE5775B0BFE ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:08:30.0390 1668 JavaQuickStarterService - ok
22:08:30.0421 1668 k750mdfl - ok
22:08:30.0484 1668 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:08:30.0484 1668 Kbdclass - ok
22:08:30.0593 1668 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:08:30.0593 1668 kmixer - ok
22:08:30.0671 1668 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:08:30.0671 1668 KSecDD - ok
22:08:30.0796 1668 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:08:30.0796 1668 lanmanserver - ok
22:08:30.0890 1668 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:08:30.0906 1668 lanmanworkstation - ok
22:08:30.0953 1668 lbrtfdc - ok
22:08:31.0031 1668 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:08:31.0031 1668 LmHosts - ok
22:08:31.0062 1668 ltmodem5 - ok
22:08:31.0109 1668 lxcg_device - ok
22:08:31.0140 1668 lxdm_device - ok
22:08:31.0171 1668 mafwboot - ok
22:08:31.0453 1668 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:08:31.0453 1668 MDM - ok
22:08:31.0500 1668 merakpop3 - ok
22:08:31.0562 1668 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:08:31.0562 1668 Messenger - ok
22:08:31.0609 1668 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:08:31.0609 1668 mnmdd - ok
22:08:31.0703 1668 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:08:31.0703 1668 mnmsrvc - ok
22:08:31.0765 1668 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:08:31.0765 1668 Modem - ok
22:08:31.0828 1668 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:08:31.0828 1668 Mouclass - ok
22:08:31.0890 1668 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:08:31.0890 1668 MountMgr - ok
22:08:31.0937 1668 mraid35x - ok
22:08:31.0984 1668 MREMP50a64 - ok
22:08:32.0125 1668 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
22:08:32.0125 1668 MREMPR5 - ok
22:08:32.0203 1668 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
22:08:32.0203 1668 MRENDIS5 - ok
22:08:32.0250 1668 MRV6X32P - ok
22:08:32.0359 1668 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:08:32.0375 1668 MRxDAV - ok
22:08:32.0578 1668 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:08:32.0578 1668 MRxSmb - ok
22:08:32.0625 1668 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:08:32.0625 1668 MSDTC - ok
22:08:32.0703 1668 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:08:32.0703 1668 Msfs - ok
22:08:32.0734 1668 MSIServer - ok
22:08:32.0796 1668 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:08:32.0796 1668 MSKSSRV - ok
22:08:32.0843 1668 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:08:32.0843 1668 MSPCLOCK - ok
22:08:32.0875 1668 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:08:32.0875 1668 MSPQM - ok
22:08:32.0921 1668 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:08:32.0921 1668 mssmbios - ok
22:08:32.0953 1668 MSSQL$AUTODESKVAULT - ok
22:08:33.0031 1668 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:08:33.0031 1668 Mup - ok
22:08:33.0156 1668 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:08:33.0156 1668 napagent - ok
22:08:33.0187 1668 nbservice - ok
22:08:33.0281 1668 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:08:33.0281 1668 NDIS - ok
22:08:33.0343 1668 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:08:33.0343 1668 NdisTapi - ok
22:08:33.0406 1668 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:08:33.0406 1668 Ndisuio - ok
22:08:33.0484 1668 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:08:33.0484 1668 NdisWan - ok
22:08:33.0546 1668 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:08:33.0546 1668 NDProxy - ok
22:08:33.0625 1668 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
22:08:33.0625 1668 Net Driver HPZ12 - ok
22:08:33.0687 1668 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:08:33.0687 1668 NetBIOS - ok
22:08:33.0812 1668 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:08:33.0812 1668 NetBT - ok
22:08:33.0953 1668 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:08:33.0953 1668 NetDDE - ok
22:08:34.0015 1668 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:08:34.0015 1668 NetDDEdsdm - ok
22:08:34.0093 1668 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:08:34.0093 1668 Netlogon - ok
22:08:34.0218 1668 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:08:34.0234 1668 Netman - ok
22:08:34.0328 1668 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:08:34.0328 1668 NetTcpPortSharing - ok
22:08:34.0390 1668 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:08:34.0406 1668 NIC1394 - ok
22:08:34.0531 1668 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:08:34.0531 1668 Nla - ok
22:08:34.0625 1668 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
22:08:34.0625 1668 NPF - ok
22:08:34.0703 1668 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:08:34.0703 1668 Npfs - ok
22:08:34.0984 1668 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:08:35.0000 1668 Ntfs - ok
22:08:35.0062 1668 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:08:35.0062 1668 NtLmSsp - ok
22:08:35.0281 1668 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:08:35.0281 1668 NtmsSvc - ok
22:08:35.0375 1668 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:08:35.0375 1668 Null - ok
22:08:35.0406 1668 NWDHCP - ok
22:08:35.0453 1668 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:08:35.0453 1668 NwlnkFlt - ok
22:08:35.0500 1668 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:08:35.0500 1668 NwlnkFwd - ok
22:08:35.0531 1668 NxFsMon - ok
22:08:35.0609 1668 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:08:35.0609 1668 ohci1394 - ok
22:08:35.0687 1668 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:08:35.0687 1668 ose - ok
22:08:35.0781 1668 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:08:35.0781 1668 Parport - ok
22:08:35.0843 1668 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:08:35.0859 1668 PartMgr - ok
22:08:35.0937 1668 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:08:35.0937 1668 ParVdm - ok
22:08:36.0015 1668 [ 505CBA425DF3BB230F244E1C23221058 ] PcdrNdisuio C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
22:08:36.0015 1668 PcdrNdisuio - ok
22:08:36.0078 1668 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:08:36.0078 1668 PCI - ok
22:08:36.0140 1668 PCIDump - ok
22:08:36.0203 1668 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:08:36.0203 1668 PCIIde - ok
22:08:36.0281 1668 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:08:36.0296 1668 Pcmcia - ok
22:08:36.0328 1668 pcscnsrv - ok
22:08:36.0359 1668 PDCOMP - ok
22:08:36.0406 1668 PDFRAME - ok
22:08:36.0484 1668 pdlnepkt - ok
22:08:36.0515 1668 PDRELI - ok
22:08:36.0546 1668 PDRFRAME - ok
22:08:36.0578 1668 perc2 - ok
22:08:36.0609 1668 perc2hib - ok
22:08:36.0718 1668 pfc - ok
22:08:36.0859 1668 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:08:36.0859 1668 PlugPlay - ok
22:08:36.0937 1668 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
22:08:36.0937 1668 Pml Driver HPZ12 - ok
22:08:37.0000 1668 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:08:37.0000 1668 PolicyAgent - ok
22:08:37.0062 1668 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:08:37.0062 1668 PptpMiniport - ok
22:08:37.0093 1668 prevxdriver - ok
22:08:37.0140 1668 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:08:37.0140 1668 ProtectedStorage - ok
22:08:37.0187 1668 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
22:08:37.0187 1668 Ps2 - ok
22:08:37.0265 1668 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:08:37.0281 1668 PSched - ok
22:08:37.0328 1668 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:08:37.0328 1668 Ptilink - ok
22:08:37.0406 1668 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:08:37.0406 1668 PxHelp20 - ok
22:08:37.0453 1668 ql1080 - ok
22:08:37.0484 1668 Ql10wnt - ok
22:08:37.0515 1668 ql12160 - ok
22:08:37.0546 1668 ql1240 - ok
22:08:37.0578 1668 ql1280 - ok
22:08:37.0625 1668 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:08:37.0625 1668 RasAcd - ok
22:08:37.0734 1668 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:08:37.0734 1668 RasAuto - ok
22:08:37.0796 1668 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:08:37.0796 1668 Rasl2tp - ok
22:08:37.0921 1668 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:08:37.0921 1668 RasMan - ok
22:08:37.0937 1668 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:08:37.0937 1668 RasPppoe - ok
22:08:38.0015 1668 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:08:38.0015 1668 Raspti - ok
22:08:38.0109 1668 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:08:38.0109 1668 Rdbss - ok
22:08:38.0156 1668 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:08:38.0156 1668 RDPCDD - ok
22:08:38.0250 1668 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:08:38.0250 1668 RDPWD - ok
22:08:38.0343 1668 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:08:38.0343 1668 RDSessMgr - ok
22:08:38.0421 1668 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:08:38.0437 1668 redbook - ok
22:08:38.0500 1668 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:08:38.0500 1668 RemoteAccess - ok
22:08:38.0546 1668 remoteregistry - ok
22:08:38.0625 1668 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:08:38.0625 1668 RpcLocator - ok
22:08:38.0859 1668 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:08:38.0859 1668 RpcSs - ok
22:08:38.0968 1668 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:08:38.0968 1668 RSVP - ok
22:08:39.0250 1668 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
22:08:39.0265 1668 rt2870 - ok
22:08:39.0343 1668 [ 1A2A445E8968B2019E75E08F3A1344FC ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:08:39.0359 1668 RTL8023xp - ok
22:08:39.0406 1668 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:08:39.0406 1668 rtl8139 - ok
22:08:39.0468 1668 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:08:39.0468 1668 SamSs - ok
22:08:39.0562 1668 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:08:39.0578 1668 SCardSvr - ok
22:08:39.0703 1668 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:08:39.0718 1668 Schedule - ok
22:08:39.0781 1668 sdbus - ok
22:08:39.0875 1668 [ 11028C6A84A967070CB1286550F2058F ] se44bus C:\WINDOWS\system32\WGX.dll
22:08:39.0875 1668 se44bus ( Backdoor.Multi.ZAccess.gen ) - infected
22:08:39.0875 1668 se44bus - detected Backdoor.Multi.ZAccess.gen (0)
22:08:39.0968 1668 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:08:39.0968 1668 Secdrv - ok
22:08:40.0031 1668 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:08:40.0046 1668 seclogon - ok
22:08:40.0078 1668 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:08:40.0078 1668 SENS - ok
22:08:40.0156 1668 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:08:40.0156 1668 Serenum - ok
22:08:40.0203 1668 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:08:40.0203 1668 Serial - ok
22:08:40.0281 1668 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:08:40.0281 1668 Sfloppy - ok
22:08:40.0312 1668 sfvfs02 - ok
22:08:40.0468 1668 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:08:40.0484 1668 SharedAccess - ok
22:08:40.0562 1668 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:08:40.0562 1668 ShellHWDetection - ok
22:08:40.0609 1668 Simbad - ok
22:08:40.0640 1668 SMCB000 - ok
22:08:40.0687 1668 Sparrow - ok
22:08:40.0718 1668 spcstb - ok
22:08:40.0812 1668 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:08:40.0812 1668 splitter - ok
22:08:40.0906 1668 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:08:40.0906 1668 Spooler - ok
22:08:40.0968 1668 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:08:40.0968 1668 sr - ok
22:08:41.0109 1668 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:08:41.0109 1668 srservice - ok
22:08:41.0281 1668 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:08:41.0281 1668 Srv - ok
22:08:41.0359 1668 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:08:41.0359 1668 SSDPSRV - ok
22:08:41.0390 1668 statusagent - ok
22:08:41.0453 1668 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:08:41.0453 1668 StillCam - ok
22:08:41.0640 1668 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:08:41.0656 1668 stisvc - ok
22:08:41.0703 1668 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:08:41.0703 1668 swenum - ok
22:08:41.0796 1668 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:08:41.0796 1668 swmidi - ok
22:08:41.0828 1668 SwPrv - ok
22:08:41.0890 1668 symc810 - ok
22:08:41.0921 1668 symc8xx - ok
22:08:41.0953 1668 sym_hi - ok
22:08:42.0000 1668 sym_u3 - ok
22:08:42.0062 1668 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:08:42.0062 1668 sysaudio - ok
22:08:42.0140 1668 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:08:42.0140 1668 SysmonLog - ok
22:08:42.0296 1668 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:08:42.0296 1668 TapiSrv - ok
22:08:42.0484 1668 [ 456E0F5B9BEB184521B0EE8FA7CC92C7 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:08:42.0500 1668 Tcpip - ok
22:08:42.0546 1668 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:08:42.0562 1668 TDPIPE - ok
22:08:42.0578 1668 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:08:42.0578 1668 TDTCP - ok
22:08:42.0656 1668 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:08:42.0656 1668 TermDD - ok
22:08:42.0812 1668 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:08:42.0812 1668 TermService - ok
22:08:42.0890 1668 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:08:42.0890 1668 Themes - ok
22:08:42.0937 1668 tm_cfw - ok
22:08:43.0046 1668 [ E80CC0C9C45649A4CE23EA70A607F56E ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
22:08:43.0046 1668 TomTomHOMEService - ok
22:08:43.0109 1668 TosIde - ok
22:08:43.0187 1668 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:08:43.0187 1668 TrkWks - ok
22:08:43.0281 1668 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:08:43.0281 1668 Udfs - ok
22:08:43.0296 1668 ultra - ok
22:08:43.0375 1668 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:08:43.0390 1668 UMWdf - ok
22:08:43.0562 1668 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:08:43.0578 1668 Update - ok
22:08:43.0671 1668 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:08:43.0671 1668 upnphost - ok
22:08:43.0718 1668 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:08:43.0734 1668 UPS - ok
22:08:43.0781 1668 USB11LDR - ok
22:08:43.0859 1668 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:08:43.0859 1668 usbccgp - ok
22:08:43.0906 1668 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:08:43.0921 1668 usbehci - ok
22:08:44.0000 1668 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:08:44.0000 1668 usbhub - ok
22:08:44.0046 1668 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:08:44.0046 1668 usbprint - ok
22:08:44.0093 1668 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:08:44.0093 1668 usbscan - ok
22:08:44.0156 1668 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:08:44.0156 1668 USBSTOR - ok
22:08:44.0203 1668 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:08:44.0203 1668 usbuhci - ok
22:08:44.0234 1668 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:08:44.0234 1668 VgaSave - ok
22:08:44.0281 1668 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:08:44.0296 1668 ViaIde - ok
22:08:44.0328 1668 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:44.0343 1668 VolSnap - ok
22:08:44.0437 1668 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:08:44.0453 1668 VSS - ok
22:08:44.0468 1668 vthah - ok
22:08:44.0593 1668 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:08:44.0593 1668 W32Time - ok
22:08:44.0640 1668 W8335XP - ok
22:08:44.0718 1668 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:44.0734 1668 Wanarp - ok
22:08:44.0828 1668 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:08:44.0828 1668 wanatw - ok
22:08:44.0906 1668 [ 4DC56A5F4614BF123251D5AE54F914FD ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
22:08:44.0906 1668 WANMiniportService - ok
22:08:44.0953 1668 WDICA - ok
22:08:45.0031 1668 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:45.0031 1668 wdmaud - ok
22:08:45.0125 1668 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:08:45.0125 1668 WebClient - ok
22:08:45.0281 1668 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:08:45.0281 1668 winmgmt - ok
22:08:45.0390 1668 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:08:45.0390 1668 WmdmPmSN - ok
22:08:45.0500 1668 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:08:45.0500 1668 WmiApSrv - ok
22:08:45.0562 1668 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:08:45.0562 1668 WS2IFSL - ok
22:08:45.0593 1668 wtwservice - ok
22:08:45.0625 1668 wudfsvc - ok
22:08:45.0671 1668 WUSB54GPV4SRV - ok
22:08:45.0890 1668 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:08:45.0890 1668 WZCSVC - ok
22:08:45.0984 1668 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:08:45.0984 1668 xmlprov - ok
22:08:46.0062 1668 ================ Scan global ===============================
22:08:46.0125 1668 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:08:46.0281 1668 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:08:46.0421 1668 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:08:46.0484 1668 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:08:46.0484 1668 [Global] - ok
22:08:46.0500 1668 ================ Scan MBR ==================================
22:08:46.0531 1668 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:08:46.0812 1668 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:08:46.0812 1668 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:08:46.0843 1668 [ EC81DEC7E21EA5BF1DE5F9F520B31763 ] \Device\Harddisk1\DR1
22:08:49.0390 1668 \Device\Harddisk1\DR1 - ok
22:08:49.0421 1668 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR6
22:08:49.0609 1668 \Device\Harddisk2\DR6 - ok
22:08:49.0625 1668 ================ Scan VBR ==================================
22:08:49.0656 1668 [ 4E4AB2C5600FBEF0EFF594D1045E7BA7 ] \Device\Harddisk0\DR0\Partition1
22:08:49.0656 1668 \Device\Harddisk0\DR0\Partition1 - ok
22:08:49.0703 1668 [ B1DD7F4DF2FA78E00F8EBCF9F3EB6EDF ] \Device\Harddisk0\DR0\Partition2
22:08:49.0703 1668 \Device\Harddisk0\DR0\Partition2 - ok
22:08:49.0734 1668 [ CD41A9299595B67719B12D67D1F6E261 ] \Device\Harddisk2\DR6\Partition1
22:08:49.0734 1668 \Device\Harddisk2\DR6\Partition1 - ok
22:08:49.0750 1668 ============================================================
22:08:49.0750 1668 Scan finished
22:08:49.0750 1668 ============================================================
22:08:49.0812 1804 Detected object count: 2
22:08:49.0812 1804 Actual detected object count: 2
22:09:18.0984 1804 C:\WINDOWS\system32\WGX.dll - copied to quarantine
22:09:18.0984 1804 HKLM\SYSTEM\ControlSet001\services\se44bus - will be deleted on reboot
22:09:18.0984 1804 HKLM\SYSTEM\ControlSet002\services\se44bus - will be deleted on reboot
22:09:18.0984 1804 HKLM\SYSTEM\ControlSet003\services\se44bus - will be deleted on reboot
22:09:19.0000 1804 C:\WINDOWS\system32\WGX.dll - will be deleted on reboot
22:09:19.0000 1804 se44bus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
22:09:19.0015 1804 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:09:19.0015 1804 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 22:14:53
-----------------------------
22:14:53.453 OS Version: Windows 5.1.2600 Service Pack 3
22:14:53.453 Number of processors: 1 586 0x401
22:14:53.453 ComputerName: YOUR-F78BF48CE2 UserName: HP_Owner
22:14:57.281 Initialize success
22:16:44.718 AVAST engine defs: 12090101
22:18:13.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:18:13.765 Disk 0 Vendor: ST3100011A 3.02 Size: 95396MB BusType: 3
22:18:13.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
22:18:13.796 Disk 1 Vendor: Maxtor_91741U4 FA570480 Size: 16603MB BusType: 3
22:18:13.828 Disk 0 MBR read successfully
22:18:13.843 Disk 0 MBR scan
22:18:13.937 Disk 0 Windows XP default MBR code
22:18:13.968 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 7139 MB offset 63
22:18:14.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88246 MB offset 14621040
22:18:14.203 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 195350400
22:18:14.468 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
22:18:14.515 Disk 0 scanning sectors +195371552
22:18:17.015 Disk 0 scanning C:\WINDOWS\system32\drivers
22:18:29.906 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Sirefef-PL [Rtk]
22:18:56.218 Disk 0 trace - called modules:
22:18:56.500 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf7719fc0]<<
22:18:56.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f73958]
22:18:56.609 3 CLASSPNP.SYS[f76b6fd7] -> nt!IofCallDriver -> [0x86f876b0]
22:18:56.671 \Driver\00000278[0x86f77aa8] -> IRP_MJ_CREATE -> 0xf7719fc0
22:18:59.656 AVAST engine scan C:\WINDOWS
22:19:05.812 File: C:\WINDOWS\fcftp.dll **INFECTED** Win32:Kryptik-IVY [Trj]
22:19:32.718 AVAST engine scan C:\WINDOWS\system32
22:21:26.046 File: C:\WINDOWS\system32\fcftp.dll **INFECTED** Win32:Kryptik-IVY [Trj]
22:22:42.500 File: C:\WINDOWS\system32\KMWDFilter.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:24:15.921 File: C:\WINDOWS\system32\netmnt.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:25:09.484 File: C:\WINDOWS\system32\SaiNtSub.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:26:03.984 File: C:\WINDOWS\system32\WGX.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:30:15.359 AVAST engine scan C:\WINDOWS\system32\drivers
22:30:24.484 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Sirefef-PL [Rtk]
22:30:55.125 AVAST engine scan C:\Documents and Settings\HP_Owner
22:54:56.109 File: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ **INFECTED** Win32:Malware-gen
22:54:56.375 File: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
23:37:54.375 AVAST engine scan C:\Documents and Settings\All Users
23:42:25.890 File: C:\Documents and Settings\All Users\Application Data\sftROMikgcIJuCh.exe **INFECTED** Win32:FakeSysdef-OX [Trj]
23:42:58.328 Scan finished successfully
10:04:09.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
10:04:09.875 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBRlog.txt"


The ESET Online Scanner does not complete install
I get:
"Can Not Get Update. Is Proxy Configured?"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 02 September 2012 - 10:05 AM

Run TDSSkiller again and post the new log

Boot into safemode with networking and run ESET scanner

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Edited by narenxp, 02 September 2012 - 10:06 AM.


#5 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 02 September 2012 - 11:23 AM

11:46:24.0578 1668 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:46:24.0890 1668 ============================================================
11:46:24.0890 1668 Current date / time: 2012/09/02 11:46:24.0890
11:46:24.0890 1668 SystemInfo:
11:46:24.0890 1668
11:46:24.0890 1668 OS Version: 5.1.2600 ServicePack: 3.0
11:46:24.0890 1668 Product type: Workstation
11:46:24.0890 1668 ComputerName: YOUR-F78BF48CE2
11:46:24.0890 1668 UserName: HP_Owner
11:46:24.0890 1668 Windows directory: C:\WINDOWS
11:46:24.0890 1668 System windows directory: C:\WINDOWS
11:46:24.0890 1668 Processor architecture: Intel x86
11:46:24.0890 1668 Number of processors: 1
11:46:24.0890 1668 Page size: 0x1000
11:46:24.0890 1668 Boot type: Safe boot with network
11:46:24.0890 1668 ============================================================
11:46:28.0640 1668 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:46:28.0656 1668 Drive \Device\Harddisk1\DR1 - Size: 0x40DBF2000 (16.21 Gb), SectorSize: 0x200, Cylinders: 0x844, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:46:28.0828 1668 ============================================================
11:46:28.0828 1668 \Device\Harddisk0\DR0:
11:46:28.0828 1668 MBR partitions:
11:46:28.0828 1668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF1931
11:46:28.0828 1668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDF1970, BlocksNum 0xAC5B610
11:46:28.0828 1668 \Device\Harddisk1\DR1:
11:46:28.0828 1668 MBR partitions:
11:46:28.0828 1668 ============================================================
11:46:28.0890 1668 C: <-> \Device\Harddisk0\DR0\Partition2
11:46:28.0906 1668 D: <-> \Device\Harddisk0\DR0\Partition1
11:46:28.0984 1668 ============================================================
11:46:30.0234 1668 Initialize success
11:46:30.0234 1668 ============================================================
11:46:41.0921 0768 ============================================================
11:46:41.0921 0768 Scan started
11:46:41.0921 0768 Mode: Manual;
11:46:41.0921 0768 ============================================================
11:46:47.0250 0768 ================ Scan system memory ========================
11:46:47.0250 0768 System memory - ok
11:46:47.0265 0768 ================ Scan services =============================
11:46:47.0812 0768 45947910 - ok
11:46:47.0843 0768 71861783 - ok
11:46:47.0875 0768 Abiosdsk - ok
11:46:47.0921 0768 abp480n5 - ok
11:46:48.0078 0768 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:46:48.0140 0768 ACPI - ok
11:46:48.0203 0768 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:46:48.0218 0768 ACPIEC - ok
11:46:48.0250 0768 adfs - ok
11:46:48.0281 0768 adpu160m - ok
11:46:48.0390 0768 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:46:48.0437 0768 aec - ok
11:46:48.0546 0768 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:46:48.0609 0768 AFD - ok
11:46:48.0968 0768 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
11:46:49.0234 0768 AffinegyService - ok
11:46:49.0281 0768 AFGMp50 - ok
11:46:49.0375 0768 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
11:46:49.0390 0768 AFGSp50 - ok
11:46:49.0906 0768 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:46:50.0343 0768 AgereSoftModem - ok
11:46:50.0375 0768 Aha154x - ok
11:46:50.0406 0768 aic78u2 - ok
11:46:50.0453 0768 aic78xx - ok
11:46:51.0281 0768 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:46:52.0093 0768 ALCXWDM - ok
11:46:52.0140 0768 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:46:52.0156 0768 Alerter - ok
11:46:52.0218 0768 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:46:52.0234 0768 ALG - ok
11:46:52.0281 0768 AliIde - ok
11:46:52.0312 0768 amsint - ok
11:46:52.0484 0768 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
11:46:52.0593 0768 AOL ACS - ok
11:46:52.0718 0768 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
11:46:52.0750 0768 AOL TopSpeedMonitor - ok
11:46:52.0843 0768 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:46:52.0875 0768 Arp1394 - ok
11:46:52.0906 0768 asc - ok
11:46:52.0953 0768 asc3350p - ok
11:46:52.0984 0768 asc3550 - ok
11:46:53.0171 0768 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:46:53.0328 0768 aspnet_state - ok
11:46:53.0406 0768 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:46:53.0406 0768 AsyncMac - ok
11:46:53.0468 0768 atalk - ok
11:46:53.0546 0768 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:46:53.0546 0768 atapi - ok
11:46:53.0593 0768 Atdisk - ok
11:46:53.0671 0768 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:46:53.0703 0768 Atmarpc - ok
11:46:53.0765 0768 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:46:53.0781 0768 AudioSrv - ok
11:46:53.0828 0768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:46:53.0828 0768 audstub - ok
11:46:53.0875 0768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:46:53.0875 0768 Beep - ok
11:46:53.0984 0768 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
11:46:54.0000 0768 Browser - ok
11:46:54.0046 0768 bthpan - ok
11:46:54.0234 0768 catchme - ok
11:46:54.0312 0768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:46:54.0312 0768 cbidf2k - ok
11:46:54.0359 0768 cd20xrnt - ok
11:46:54.0406 0768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:46:54.0406 0768 Cdaudio - ok
11:46:54.0500 0768 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:46:54.0515 0768 Cdfs - ok
11:46:54.0546 0768 Cdrom - ok
11:46:54.0578 0768 Changer - ok
11:46:54.0656 0768 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:46:54.0656 0768 CiSvc - ok
11:46:54.0718 0768 citrixxteserver - ok
11:46:54.0843 0768 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:46:54.0843 0768 ClipSrv - ok
11:46:54.0937 0768 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:55.0156 0768 clr_optimization_v2.0.50727_32 - ok
11:46:55.0187 0768 CmdIde - ok
11:46:55.0250 0768 COMSysApp - ok
11:46:55.0312 0768 Cpqarray - ok
11:46:55.0421 0768 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:46:55.0437 0768 CryptSvc - ok
11:46:55.0468 0768 dac2w2k - ok
11:46:55.0500 0768 dac960nt - ok
11:46:55.0734 0768 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:46:55.0890 0768 DcomLaunch - ok
11:46:55.0921 0768 dcpflics - ok
11:46:55.0953 0768 dcstor32 - ok
11:46:56.0062 0768 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:46:56.0093 0768 Dhcp - ok
11:46:56.0156 0768 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:46:56.0171 0768 Disk - ok
11:46:56.0218 0768 dmadmin - ok
11:46:56.0343 0768 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:46:56.0421 0768 dmboot - ok
11:46:56.0500 0768 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:46:56.0531 0768 dmio - ok
11:46:56.0578 0768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:46:56.0578 0768 dmload - ok
11:46:56.0640 0768 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:46:56.0640 0768 dmserver - ok
11:46:56.0687 0768 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:46:56.0718 0768 DMusic - ok
11:46:56.0781 0768 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:46:56.0781 0768 Dnscache - ok
11:46:56.0875 0768 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:46:56.0906 0768 Dot3svc - ok
11:46:56.0937 0768 dpti2o - ok
11:46:56.0968 0768 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:46:56.0968 0768 drmkaud - ok
11:46:57.0046 0768 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:46:57.0046 0768 EapHost - ok
11:46:57.0093 0768 emu10k - ok
11:46:57.0187 0768 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:46:57.0203 0768 ERSvc - ok
11:46:57.0250 0768 ET5Drv - ok
11:46:57.0375 0768 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:46:57.0390 0768 Eventlog - ok
11:46:57.0531 0768 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:46:57.0625 0768 EventSystem - ok
11:46:57.0734 0768 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:46:57.0781 0768 Fastfat - ok
11:46:57.0875 0768 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
11:46:57.0906 0768 fasttx2k - ok
11:46:58.0015 0768 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:46:58.0062 0768 FastUserSwitchingCompatibility - ok
11:46:58.0218 0768 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:46:58.0281 0768 Fax - ok
11:46:58.0359 0768 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:46:58.0375 0768 Fdc - ok
11:46:58.0421 0768 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:46:58.0437 0768 Fips - ok
11:46:58.0484 0768 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:46:58.0484 0768 Flpydisk - ok
11:46:58.0546 0768 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:46:58.0593 0768 FltMgr - ok
11:46:58.0703 0768 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:46:58.0750 0768 FontCache3.0.0.0 - ok
11:46:58.0859 0768 FsFilter - ok
11:46:58.0937 0768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:46:58.0937 0768 Fs_Rec - ok
11:46:59.0015 0768 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:46:59.0062 0768 Ftdisk - ok
11:46:59.0140 0768 [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:46:59.0156 0768 GEARAspiWDM - ok
11:46:59.0218 0768 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:46:59.0234 0768 Gpc - ok
11:46:59.0343 0768 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:46:59.0343 0768 helpsvc - ok
11:46:59.0468 0768 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:46:59.0468 0768 HidUsb - ok
11:46:59.0546 0768 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:46:59.0562 0768 hkmsvc - ok
11:46:59.0625 0768 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
11:46:59.0625 0768 HPFXBULK - ok
11:46:59.0703 0768 [ F728DB73A87231E27B6BA34D71CE2EDB ] HPFXFAX C:\WINDOWS\system32\drivers\hpfxfax.sys
11:46:59.0703 0768 HPFXFAX - ok
11:46:59.0765 0768 hpgate - ok
11:46:59.0812 0768 hpn - ok
11:47:00.0000 0768 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:47:00.0140 0768 hpqcxs08 - ok
11:47:00.0234 0768 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:47:00.0328 0768 hpqddsvc - ok
11:47:00.0421 0768 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:47:00.0437 0768 HPZid412 - ok
11:47:00.0468 0768 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:47:00.0484 0768 HPZipr12 - ok
11:47:00.0531 0768 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:47:00.0531 0768 HPZius12 - ok
11:47:00.0671 0768 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:47:00.0765 0768 HTTP - ok
11:47:00.0828 0768 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:47:00.0828 0768 HTTPFilter - ok
11:47:00.0859 0768 i2omgmt - ok
11:47:00.0890 0768 i2omp - ok
11:47:00.0953 0768 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:47:00.0968 0768 i8042prt - ok
11:47:01.0296 0768 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:47:01.0593 0768 ialm - ok
11:47:01.0640 0768 iastor - ok
11:47:01.0750 0768 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:47:01.0828 0768 IDriverT - ok
11:47:02.0125 0768 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:47:02.0312 0768 idsvc - ok
11:47:02.0390 0768 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:47:02.0406 0768 Imapi - ok
11:47:02.0531 0768 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:47:02.0578 0768 ImapiService - ok
11:47:02.0640 0768 ini910u - ok
11:47:02.0703 0768 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:47:02.0703 0768 IntelIde - ok
11:47:02.0765 0768 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:47:02.0781 0768 intelppm - ok
11:47:02.0812 0768 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:47:02.0828 0768 Ip6Fw - ok
11:47:02.0875 0768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:47:02.0890 0768 IpFilterDriver - ok
11:47:02.0921 0768 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:47:02.0921 0768 IpInIp - ok
11:47:03.0031 0768 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:47:03.0078 0768 IpNat - ok
11:47:03.0187 0768 [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
11:47:03.0281 0768 iPodService - ok
11:47:03.0375 0768 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:47:03.0406 0768 IPSec - ok
11:47:03.0468 0768 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:47:03.0468 0768 IRENUM - ok
11:47:03.0562 0768 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:47:03.0578 0768 isapnp - ok
11:47:03.0734 0768 [ 511AB23A292497F2C527EEE5775B0BFE ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:47:03.0812 0768 JavaQuickStarterService - ok
11:47:03.0875 0768 k750mdfl - ok
11:47:03.0968 0768 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:47:03.0968 0768 Kbdclass - ok
11:47:04.0062 0768 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:47:04.0140 0768 kmixer - ok
11:47:04.0203 0768 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:47:04.0234 0768 KSecDD - ok
11:47:04.0328 0768 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:47:04.0343 0768 lanmanserver - ok
11:47:04.0468 0768 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:47:04.0500 0768 lanmanworkstation - ok
11:47:04.0531 0768 lbrtfdc - ok
11:47:04.0656 0768 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:47:04.0656 0768 LmHosts - ok
11:47:04.0687 0768 ltmodem5 - ok
11:47:04.0734 0768 lxcg_device - ok
11:47:04.0781 0768 lxdm_device - ok
11:47:04.0828 0768 mafwboot - ok
11:47:05.0000 0768 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:47:05.0125 0768 MDM - ok
11:47:05.0156 0768 merakpop3 - ok
11:47:05.0218 0768 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:47:05.0234 0768 Messenger - ok
11:47:05.0281 0768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:47:05.0281 0768 mnmdd - ok
11:47:05.0375 0768 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:47:05.0390 0768 mnmsrvc - ok
11:47:05.0468 0768 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:47:05.0484 0768 Modem - ok
11:47:05.0515 0768 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:05.0531 0768 Mouclass - ok
11:47:05.0578 0768 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:47:05.0593 0768 MountMgr - ok
11:47:05.0625 0768 mraid35x - ok
11:47:05.0656 0768 MREMP50a64 - ok
11:47:05.0718 0768 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
11:47:05.0765 0768 MREMPR5 - ok
11:47:05.0812 0768 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
11:47:05.0828 0768 MRENDIS5 - ok
11:47:05.0859 0768 MRV6X32P - ok
11:47:05.0968 0768 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:06.0046 0768 MRxDAV - ok
11:47:06.0250 0768 [ 5A52EC4C22A8E9065BF5080432899801 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:06.0265 0768 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 5A52EC4C22A8E9065BF5080432899801, Fake md5: 7D304A5EB4344EBEEAB53A2FE3FFB9F0
11:47:06.0265 0768 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
11:47:06.0265 0768 MRxSmb - detected Virus.Win32.ZAccess.c (0)
11:47:06.0343 0768 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:47:06.0359 0768 MSDTC - ok
11:47:06.0437 0768 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:47:06.0437 0768 Msfs - ok
11:47:06.0500 0768 MSIServer - ok
11:47:06.0562 0768 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:06.0562 0768 MSKSSRV - ok
11:47:06.0609 0768 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:06.0625 0768 MSPCLOCK - ok
11:47:06.0671 0768 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:47:06.0671 0768 MSPQM - ok
11:47:06.0734 0768 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:06.0750 0768 mssmbios - ok
11:47:06.0781 0768 MSSQL$AUTODESKVAULT - ok
11:47:06.0859 0768 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:47:06.0890 0768 Mup - ok
11:47:07.0031 0768 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:47:07.0125 0768 napagent - ok
11:47:07.0171 0768 nbservice - ok
11:47:07.0265 0768 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:47:07.0390 0768 NDIS - ok
11:47:07.0500 0768 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:07.0500 0768 NdisTapi - ok
11:47:07.0562 0768 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:07.0578 0768 Ndisuio - ok
11:47:07.0656 0768 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:07.0703 0768 NdisWan - ok
11:47:07.0781 0768 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:47:07.0796 0768 NDProxy - ok
11:47:07.0875 0768 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:47:07.0890 0768 Net Driver HPZ12 - ok
11:47:07.0953 0768 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:07.0968 0768 NetBIOS - ok
11:47:08.0093 0768 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:08.0156 0768 NetBT - ok
11:47:08.0250 0768 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:47:08.0281 0768 NetDDE - ok
11:47:08.0375 0768 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:47:08.0375 0768 NetDDEdsdm - ok
11:47:08.0453 0768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:47:08.0453 0768 Netlogon - ok
11:47:08.0593 0768 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:47:08.0656 0768 Netman - ok
11:47:08.0718 0768 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:47:08.0765 0768 NetTcpPortSharing - ok
11:47:08.0812 0768 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:47:08.0843 0768 NIC1394 - ok
11:47:08.0984 0768 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:47:09.0062 0768 Nla - ok
11:47:09.0156 0768 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
11:47:09.0171 0768 NPF - ok
11:47:09.0250 0768 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:47:09.0265 0768 Npfs - ok
11:47:09.0468 0768 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:47:09.0656 0768 Ntfs - ok
11:47:09.0703 0768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:47:09.0718 0768 NtLmSsp - ok
11:47:09.0890 0768 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:47:10.0000 0768 NtmsSvc - ok
11:47:10.0046 0768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:47:10.0046 0768 Null - ok
11:47:10.0078 0768 NWDHCP - ok
11:47:10.0125 0768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:10.0140 0768 NwlnkFlt - ok
11:47:10.0187 0768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:10.0187 0768 NwlnkFwd - ok
11:47:10.0234 0768 NxFsMon - ok
11:47:10.0312 0768 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:47:10.0328 0768 ohci1394 - ok
11:47:10.0437 0768 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:47:10.0468 0768 ose - ok
11:47:10.0593 0768 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:47:10.0625 0768 Parport - ok
11:47:10.0671 0768 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:47:10.0671 0768 PartMgr - ok
11:47:10.0734 0768 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:47:10.0734 0768 ParVdm - ok
11:47:10.0796 0768 [ 505CBA425DF3BB230F244E1C23221058 ] PcdrNdisuio C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
11:47:10.0812 0768 PcdrNdisuio - ok
11:47:10.0875 0768 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:47:10.0890 0768 PCI - ok
11:47:10.0937 0768 PCIDump - ok
11:47:11.0000 0768 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:47:11.0015 0768 PCIIde - ok
11:47:11.0093 0768 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:11.0140 0768 Pcmcia - ok
11:47:11.0187 0768 pcscnsrv - ok
11:47:11.0234 0768 PDCOMP - ok
11:47:11.0265 0768 PDFRAME - ok
11:47:11.0343 0768 [ 11028C6A84A967070CB1286550F2058F ] pdlnepkt C:\WINDOWS\system32\bobo.dll
11:47:11.0359 0768 pdlnepkt ( Backdoor.Multi.ZAccess.gen ) - infected
11:47:11.0359 0768 pdlnepkt - detected Backdoor.Multi.ZAccess.gen (0)
11:47:11.0406 0768 PDRELI - ok
11:47:11.0421 0768 PDRFRAME - ok
11:47:11.0468 0768 perc2 - ok
11:47:11.0500 0768 perc2hib - ok
11:47:11.0609 0768 pfc - ok
11:47:11.0687 0768 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:47:11.0687 0768 PlugPlay - ok
11:47:11.0765 0768 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:47:11.0796 0768 Pml Driver HPZ12 - ok
11:47:11.0859 0768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:47:11.0859 0768 PolicyAgent - ok
11:47:11.0937 0768 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:11.0953 0768 PptpMiniport - ok
11:47:12.0000 0768 prevxdriver - ok
11:47:12.0046 0768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:47:12.0062 0768 ProtectedStorage - ok
11:47:12.0125 0768 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
11:47:12.0125 0768 Ps2 - ok
11:47:12.0203 0768 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:47:12.0218 0768 PSched - ok
11:47:12.0281 0768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:12.0281 0768 Ptilink - ok
11:47:12.0359 0768 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:47:12.0359 0768 PxHelp20 - ok
11:47:12.0421 0768 ql1080 - ok
11:47:12.0453 0768 Ql10wnt - ok
11:47:12.0484 0768 ql12160 - ok
11:47:12.0515 0768 ql1240 - ok
11:47:12.0546 0768 ql1280 - ok
11:47:12.0609 0768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:12.0609 0768 RasAcd - ok
11:47:12.0703 0768 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:47:12.0734 0768 RasAuto - ok
11:47:12.0781 0768 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:12.0796 0768 Rasl2tp - ok
11:47:12.0921 0768 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:47:12.0984 0768 RasMan - ok
11:47:13.0046 0768 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:13.0062 0768 RasPppoe - ok
11:47:13.0125 0768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:13.0125 0768 Raspti - ok
11:47:13.0234 0768 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:13.0296 0768 Rdbss - ok
11:47:13.0328 0768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:13.0328 0768 RDPCDD - ok
11:47:13.0453 0768 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:47:13.0484 0768 RDPWD - ok
11:47:13.0593 0768 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:47:13.0625 0768 RDSessMgr - ok
11:47:13.0703 0768 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:47:13.0718 0768 redbook - ok
11:47:13.0812 0768 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:47:13.0828 0768 RemoteAccess - ok
11:47:13.0859 0768 remoteregistry - ok
11:47:13.0937 0768 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:47:13.0968 0768 RpcLocator - ok
11:47:14.0171 0768 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:47:14.0171 0768 RpcSs - ok
11:47:14.0265 0768 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:47:14.0312 0768 RSVP - ok
11:47:14.0562 0768 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
11:47:14.0781 0768 rt2870 - ok
11:47:14.0906 0768 [ 1A2A445E8968B2019E75E08F3A1344FC ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
11:47:14.0921 0768 RTL8023xp - ok
11:47:15.0000 0768 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:47:15.0000 0768 rtl8139 - ok
11:47:15.0046 0768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:47:15.0046 0768 SamSs - ok
11:47:15.0125 0768 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:47:15.0156 0768 SCardSvr - ok
11:47:15.0281 0768 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:47:15.0343 0768 Schedule - ok
11:47:15.0437 0768 sdbus - ok
11:47:15.0500 0768 se44bus - ok
11:47:15.0578 0768 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:15.0578 0768 Secdrv - ok
11:47:15.0656 0768 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:47:15.0671 0768 seclogon - ok
11:47:15.0734 0768 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:47:15.0750 0768 SENS - ok
11:47:15.0812 0768 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:15.0828 0768 Serenum - ok
11:47:15.0875 0768 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:47:15.0906 0768 Serial - ok
11:47:16.0000 0768 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:16.0000 0768 Sfloppy - ok
11:47:16.0031 0768 sfvfs02 - ok
11:47:16.0203 0768 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:47:16.0296 0768 SharedAccess - ok
11:47:16.0375 0768 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:47:16.0390 0768 ShellHWDetection - ok
11:47:16.0406 0768 Simbad - ok
11:47:16.0453 0768 SMCB000 - ok
11:47:16.0500 0768 Sparrow - ok
11:47:16.0515 0768 spcstb - ok
11:47:16.0562 0768 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:47:16.0562 0768 splitter - ok
11:47:16.0640 0768 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:47:16.0671 0768 Spooler - ok
11:47:16.0734 0768 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:47:16.0750 0768 sr - ok
11:47:16.0875 0768 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:47:16.0921 0768 srservice - ok
11:47:17.0109 0768 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:47:17.0250 0768 Srv - ok
11:47:17.0328 0768 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:47:17.0359 0768 SSDPSRV - ok
11:47:17.0406 0768 statusagent - ok
11:47:17.0468 0768 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
11:47:17.0468 0768 StillCam - ok
11:47:17.0625 0768 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:47:17.0765 0768 stisvc - ok
11:47:17.0843 0768 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:17.0843 0768 swenum - ok
11:47:17.0906 0768 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:47:17.0921 0768 swmidi - ok
11:47:17.0953 0768 SwPrv - ok
11:47:18.0000 0768 symc810 - ok
11:47:18.0031 0768 symc8xx - ok
11:47:18.0062 0768 sym_hi - ok
11:47:18.0093 0768 sym_u3 - ok
11:47:18.0156 0768 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:18.0187 0768 sysaudio - ok
11:47:18.0250 0768 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:47:18.0281 0768 SysmonLog - ok
11:47:18.0421 0768 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:47:18.0531 0768 TapiSrv - ok
11:47:18.0718 0768 [ 456E0F5B9BEB184521B0EE8FA7CC92C7 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:18.0843 0768 Tcpip - ok
11:47:18.0906 0768 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:18.0921 0768 TDPIPE - ok
11:47:18.0968 0768 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:47:18.0984 0768 TDTCP - ok
11:47:19.0046 0768 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:19.0062 0768 TermDD - ok
11:47:19.0234 0768 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:47:19.0328 0768 TermService - ok
11:47:19.0453 0768 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:47:19.0453 0768 Themes - ok
11:47:19.0531 0768 tm_cfw - ok
11:47:19.0656 0768 [ E80CC0C9C45649A4CE23EA70A607F56E ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
11:47:19.0765 0768 TomTomHOMEService - ok
11:47:19.0796 0768 TosIde - ok
11:47:19.0906 0768 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:47:19.0937 0768 TrkWks - ok
11:47:20.0015 0768 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:47:20.0046 0768 Udfs - ok
11:47:20.0078 0768 ultra - ok
11:47:20.0156 0768 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
11:47:20.0171 0768 UMWdf - ok
11:47:20.0390 0768 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:47:20.0531 0768 Update - ok
11:47:20.0656 0768 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:47:20.0703 0768 upnphost - ok
11:47:20.0750 0768 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:47:20.0765 0768 UPS - ok
11:47:20.0812 0768 USB11LDR - ok
11:47:20.0890 0768 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:20.0906 0768 usbccgp - ok
11:47:21.0000 0768 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:47:21.0000 0768 usbehci - ok
11:47:21.0109 0768 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:21.0125 0768 usbhub - ok
11:47:21.0156 0768 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:21.0171 0768 usbprint - ok
11:47:21.0218 0768 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:47:21.0234 0768 usbscan - ok
11:47:21.0281 0768 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:21.0296 0768 USBSTOR - ok
11:47:21.0343 0768 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:21.0359 0768 usbuhci - ok
11:47:21.0421 0768 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:47:21.0437 0768 VgaSave - ok
11:47:21.0484 0768 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:47:21.0484 0768 ViaIde - ok
11:47:21.0578 0768 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:47:21.0593 0768 VolSnap - ok
11:47:21.0687 0768 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:47:21.0750 0768 VSS - ok
11:47:21.0796 0768 vthah - ok
11:47:21.0921 0768 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:47:21.0984 0768 W32Time - ok
11:47:22.0031 0768 W8335XP - ok
11:47:22.0109 0768 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:22.0125 0768 Wanarp - ok
11:47:22.0203 0768 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:47:22.0203 0768 wanatw - ok
11:47:22.0296 0768 [ 4DC56A5F4614BF123251D5AE54F914FD ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
11:47:25.0812 0768 WANMiniportService - ok
11:47:25.0859 0768 WDICA - ok
11:47:25.0953 0768 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:25.0984 0768 wdmaud - ok
11:47:26.0062 0768 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:47:26.0093 0768 WebClient - ok
11:47:26.0250 0768 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:47:26.0296 0768 winmgmt - ok
11:47:26.0437 0768 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:47:26.0437 0768 WmdmPmSN - ok
11:47:26.0562 0768 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:47:26.0593 0768 WmiApSrv - ok
11:47:26.0640 0768 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:47:26.0656 0768 WS2IFSL - ok
11:47:26.0687 0768 wtwservice - ok
11:47:26.0734 0768 wudfsvc - ok
11:47:26.0765 0768 WUSB54GPV4SRV - ok
11:47:27.0015 0768 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:47:27.0171 0768 WZCSVC - ok
11:47:27.0265 0768 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:47:27.0296 0768 xmlprov - ok
11:47:27.0406 0768 ================ Scan global ===============================
11:47:27.0500 0768 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:47:27.0656 0768 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:47:27.0906 0768 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:47:27.0968 0768 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:47:27.0968 0768 [Global] - ok
11:47:27.0968 0768 ================ Scan MBR ==================================
11:47:28.0015 0768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:47:28.0265 0768 \Device\Harddisk0\DR0 - ok
11:47:28.0296 0768 [ EC81DEC7E21EA5BF1DE5F9F520B31763 ] \Device\Harddisk1\DR1
11:47:31.0140 0768 \Device\Harddisk1\DR1 - ok
11:47:31.0156 0768 ================ Scan VBR ==================================
11:47:31.0187 0768 [ 4E4AB2C5600FBEF0EFF594D1045E7BA7 ] \Device\Harddisk0\DR0\Partition1
11:47:31.0187 0768 \Device\Harddisk0\DR0\Partition1 - ok
11:47:31.0234 0768 [ B1DD7F4DF2FA78E00F8EBCF9F3EB6EDF ] \Device\Harddisk0\DR0\Partition2
11:47:31.0234 0768 \Device\Harddisk0\DR0\Partition2 - ok
11:47:31.0250 0768 ============================================================
11:47:31.0250 0768 Scan finished
11:47:31.0250 0768 ============================================================
11:47:31.0281 1392 Detected object count: 2
11:47:31.0281 1392 Actual detected object count: 2
11:48:06.0812 1392 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
11:48:08.0281 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\@ - copied to quarantine
11:48:08.0296 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\cfg.ini - copied to quarantine
11:48:08.0296 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\Desktop.ini - copied to quarantine
11:48:08.0625 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\L\swmcxyxb - copied to quarantine
11:48:11.0125 1392 Backup copy found, using it..
11:48:11.0328 1392 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
11:48:11.0375 1392 C:\WINDOWS\$NtUninstallKB62280$\2643923730 - will be deleted on reboot
11:48:11.0390 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\@ - will be deleted on reboot
11:48:11.0390 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\cfg.ini - will be deleted on reboot
11:48:11.0390 1392 C:\WINDOWS\$NtUninstallKB62280$\485945278\Desktop.ini - will be deleted on reboot
11:48:11.0437 1392 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
11:48:11.0500 1392 C:\WINDOWS\system32\bobo.dll - copied to quarantine
11:48:11.0531 1392 HKLM\SYSTEM\ControlSet001\services\pdlnepkt - will be deleted on reboot
11:48:11.0546 1392 HKLM\SYSTEM\ControlSet002\services\pdlnepkt - will be deleted on reboot
11:48:11.0578 1392 HKLM\SYSTEM\ControlSet003\services\pdlnepkt - will be deleted on reboot
11:48:11.0625 1392 C:\WINDOWS\system32\bobo.dll - will be deleted on reboot
11:48:11.0656 1392 pdlnepkt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete


I am still getting “Can not get update. Is proxy configured?” when trying to run ESET.

I also tried MBAM, could not finish install
“Setup
access is denied
Error
Setup was not completed. Please correct the problem and run setup again.”

I rebooted again in safe mode with networking and tried all three again. TDSKILLER found no threats the second time. I received the same result as above, when trying to run ESET & MBAM the second time.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 02 September 2012 - 11:26 AM

Boot into safemode with networking

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

http://www.bleepingcomputer.com/download/unhide/

Run it,this should unhide your files

Install malwarebytes now and run it

Edited by narenxp, 02 September 2012 - 11:27 AM.


#7 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 02 September 2012 - 12:43 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 12:36:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* HidServ [Missing ImagePath]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 00:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys : 359,936 : 05/25/2005 03:07 PM : 63fdfea54eb53de2d863ee454937ce1e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys : 360,448 : 01/13/2006 03:07 AM : 5562cc0a47b2aef06d3417b733f3c195 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys : 360,576 : 04/20/2006 03:18 AM : b2220c618b42a2212a59d91ebd6fc4b4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys : 360,832 : 10/30/2007 03:53 AM : 64798ecfa43d78c7178375fcdd16d8c8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360,960 : 06/20/2008 03:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361,600 : 06/20/2008 03:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 03:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360,320 : 06/20/2008 00:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys : 359,040 : 08/04/2004 00:00 AM : 9f4b36614a0fc234525ba224957de55c [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys : 359,808 : 05/25/2005 03:04 PM : 88763a98a4c26c409741b4aa162720c9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys : 359,808 : 01/12/2006 09:28 PM : 583e063fdc888ca30d05c2724b0d7ef4 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys : 359,808 : 04/20/2006 09:51 AM : 1dbf125862891817f374f407626967f4 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys : 361,344 : 04/13/2008 03:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys : 360,064 : 10/30/2007 01:20 PM : 90caff4b094573449a0872a0f919b178 [Pos Repl]
+-> C:\WINDOWS\ERDNT\cache\tcpip.sys : 361,600 : 06/20/2008 00:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 03:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 03:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

Program finished at: 09/02/2012 12:38:41 PM
Execution time: 0 hours(s), 1 minute(s), and 51 seconds(s)


Malwarebytes is scanning now, it will take some time to run a complete scan.

#8 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 03 September 2012 - 08:58 AM

I could not run a complete scan in MBAM. After about 5 hours of scanning the computer would shutdown on its own. So i ran a quick scan that completed.
I am unsure if you want me to also run a scan in safemode or now try to run a complete scan after restart?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 03 September 2012 - 09:03 AM

Post the quick scan MBAM log

Try to run ESET online scanner now

Do you still have pop ups in normal mode?

Press Windows+R key and type

%temp% and click ok

Copy the SMTMP folder to desktop

Edited by narenxp, 03 September 2012 - 09:04 AM.


#10 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 04 September 2012 - 02:44 PM

Objects scanned: 438895
Time elapsed: 3 hour(s), 36 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sftROMikgcIJuCh.exe (FraudTool.FakeRecovery) -> Data: C:\Documents and Settings\All Users\Application Data\sftROMikgcIJuCh.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 51
C:\Documents and Settings\All Users\Application Data\sftROMikgcIJuCh.exe (FraudTool.FakeRecovery) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amdagp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AR5416.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\array_utility_service4,0,1,3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\as32svc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atirage3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ATNT40K.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avgems.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avinitnt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BootScreen.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cimnotify.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cisvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnxtdiag.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpuz132.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CSRBC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddxgb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DSI_SiUSBXp_3_1.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwusbdnt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emu10k1.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F700isw.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fastfat.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfx.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iteatapi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdhid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KMWDFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\L6POD.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxrsge10s.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcredirector.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netmnt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NVENET.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oracleservicelocalora.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oraclesnmppeermasteragent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ossrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdlnsv25.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PNDIS5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpcsvr4x.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SaiNtSub.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SE27mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Si3132r5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SISNICXP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SiSRaid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slapd-data52.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SQTECH905C.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\USBCamera.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\V0070VID.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\videX32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\QWAVE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\JiaoIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\naiavfilter1.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

ESET LOG
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-52f16868 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-57b15f87 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-5b0884b7 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-5e334866 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-5e802769 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\6587b9c1-6cb2e4d2 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ Win32/Conedex.I trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\5949a594-4a3a4080 a variant of Win32/Injector.RXO trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\8d45084-45f5467f a variant of Win32/Injector.RCL trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\29347deb-526af083 Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\331022b5-71578d4a a variant of Win32/Injector.RXO trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C8RBE7AN\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DURLI7H7\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MY2FUS4X\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PB722ILO\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q7JSYEBE\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XXUCKTHI\fat-cat-stuck-in-pot[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZHOL8UGN\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1399\A0226780.sys Win32/TrojanProxy.Agent.NJA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0245695.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247706.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247718.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247730.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247742.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247754.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247766.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247781.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247793.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0247803.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0248803.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0248817.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0248827.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0248838.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0248850.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249850.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249859.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249871.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249881.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249893.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249905.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0249917.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0250917.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0250931.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0250966.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0250979.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251001.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251011.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251294.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251435.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251442.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0251445.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0253457.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0253464.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0253474.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0254474.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0254481.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0254490.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0255490.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0256490.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0256501.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0256508.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1405\A0256548.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\rtkt0000\zafs0000\tsk0008.dta probably a variant of Win32/Agent.GSJKHXJ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\rtkt0000\zafs0000\tsk0010.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\rtkt0000\zafs0000\tsk0012.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.05.34\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2012_22.08.00\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.09.2012_11.46.24\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.09.2012_11.46.24\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.09.2012_11.46.24\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\fcftp.dll Win32/PSW.Papras.CD trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\fcftp.dll a variant of Win32/Kryptik.AHEJ trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache3846480709381494993.tmp Java/Agent.EO trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache5489449896977622048.tmp Java/Agent.EO trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache6696409148634710677.tmp Java/Exploit.CVE-2012-0507.Z trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/PSW.Papras.CD trojan



I ran a complet scan with MBAM after running ESET, here is the log


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: YOUR-F78BF48CE2 [administrator]

9/3/2012 19:12:22
mbam-log-2012-09-03 (19-12-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 529200
Time elapsed: 7 hour(s), 17 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I no longer get pop ups while in regular mode, and everything seems to be back on my desktop. I copied the SMTMP folder to my desktop. what else should i do with it?

Thank You

Edited by atlanticpt, 04 September 2012 - 02:46 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 04 September 2012 - 02:58 PM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#12 atlanticpt

atlanticpt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 08 September 2012 - 03:08 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by HP_Owner (administrator) on 08-09-2012 at 15:55:15
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : your-f78bf48ce2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-11-D8-ED-1F-89
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 69.248.3.48
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 69.248.0.1
DHCP Server . . . . . . . . . . . : 69.252.208.68
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Saturday, September 08, 2012 13:54:35
Lease Expires . . . . . . . . . . : Monday, September 10, 2012 15:28:35
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.226.228, 74.125.226.227, 74.125.226.233, 74.125.226.226
74.125.226.231, 74.125.226.229, 74.125.226.225, 74.125.226.230, 74.125.226.238
74.125.226.224, 74.125.226.232


Pinging google.com [173.194.43.14] with 32 bytes of data:

Reply from 173.194.43.14: bytes=32 time=11ms TTL=56
Reply from 173.194.43.14: bytes=32 time=11ms TTL=56

Ping statistics for 173.194.43.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 11ms, Average = 11ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=399ms TTL=53
Reply from 98.139.183.24: bytes=32 time=418ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 399ms, Maximum = 418ms, Average = 408ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 d8 ed 1f 89 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 69.248.0.1 69.248.3.48 20
69.248.0.0 255.255.248.0 69.248.3.48 69.248.3.48 20
69.248.3.48 255.255.255.255 127.0.0.1 127.0.0.1 20
69.255.255.255 255.255.255.255 69.248.3.48 69.248.3.48 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 69.248.3.48 69.248.3.48 20
255.255.255.255 255.255.255.255 69.248.3.48 69.248.3.48 1
Default Gateway: 69.248.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2012 00:16:11 PM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/02/2012 10:58:31 AM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/02/2012 10:57:23 AM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/02/2012 10:56:39 AM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/02/2012 10:56:22 AM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/01/2012 00:07:02 AM) (Source: Application Error) (User: )
Description: Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [ctfmon.exe!ws!]

Error: (09/01/2012 00:06:11 AM) (Source: Application Error) (User: )
Description: Faulting application cmd.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [cmd.exe!ws!]

Error: (09/01/2012 00:05:20 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [rundll32.exe!ws!]

Error: (09/01/2012 00:05:18 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [rundll32.exe!ws!]

Error: (09/01/2012 00:04:59 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [rundll32.exe!ws!]


System errors:
=============
Error: (09/08/2012 01:56:29 PM) (Source: DCOM) (User: YOUR-F78BF48CE2)
Description: DCOM got error "%%1058" attempting to start the service iPodService with arguments "-Service"
in order to run the server:
{7A7FB085-6068-4898-8CCA-480A9187277C}

Error: (09/08/2012 01:56:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
FsFilter
Imapi

Error: (09/08/2012 01:56:11 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Avg7core service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Mssql$sony_mediamgr service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Mrpostman service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Wwsecsvc service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The WIBUKEY service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The QPCapSvc service terminated with the following error:
%%126

Error: (09/08/2012 01:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Pacsptisvr service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (09/02/2012 00:16:11 PM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/02/2012 10:58:31 AM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/02/2012 10:57:23 AM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/02/2012 10:56:39 AM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/02/2012 10:56:22 AM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/01/2012 00:07:02 AM) (Source: Application Error)(User: )
Description: ctfmon.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/01/2012 00:06:11 AM) (Source: Application Error)(User: )
Description: cmd.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/01/2012 00:05:20 AM) (Source: Application Error)(User: )
Description: rundll32.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/01/2012 00:05:18 AM) (Source: Application Error)(User: )
Description: rundll32.exe5.1.2600.5512unknown0.0.0.0715b9e59

Error: (09/01/2012 00:04:59 AM) (Source: Application Error)(User: )
Description: rundll32.exe5.1.2600.5512unknown0.0.0.0715b9e59


=========================== Installed Programs ============================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
7300 (Version: 47.0.1.000)
7300_Help (Version: 47.0.1.000)
7300Trb (Version: 47.0.1.000)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.20)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Agere Systems PCI Soft Modem
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
AOL Coach Version 1.0(Build:20020605.1)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AVS Image Converter 2.0.2.160
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Belkin Basic Wireless USB Adapter (Version: 2.0.5.0)
Belkin Setup and Router Monitor
Belkin USB Wireless Adaptor (Version: 1.0.0.10)
BufferChm (Version: 100.0.170.000)
CameraDrivers (Version: 4.5.0.211)
Cfont Pro v4
Chuzzle Demo 2.0
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000)
cp_dwSharkTaleCards1 (Version: 45.4.157.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Easy Internet Sign-up (Version: FE UI-3.2.0.1491)
ESET Online Scanner v3
Express Burn
Fax (Version: 47.0.1.000)
Help and Support Additions (Version: 3.0.5)
HP Boot Optimizer (Version: 1.0.2)
HP Color LaserJet CM2320 MFP Series 3.0 (Version: 3.0)
HP Deskjet Printer Preload (Version: 10.1.0)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Help and Support 4.0 (Version: 4.00.0025)
HP Image Zone 4.8.6 (Version: 4.8.6)
HP Image Zone Plus 4.8.6 (Version: 4.8.6)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Organize
HP Photosmart Cameras 4.5 (Version: 4.5)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPIZplus450 (Version: 48.2.6.0)
hppCLJCM2320 (Version: 001.000.00088)
hppFaxDrvCM2320 (Version: 003.000.00001)
hppFaxUtilityCM2320 (Version: 001.000.00087)
hppFonts (Version: 001.001.00061)
hppManualsCM2320 (Version: 001.000.00081)
hppQFolderCM2320 (Version: 1.00.0000)
hppscanCM2320 (Version: 001.000.00088)
hppScanToCM2320 (Version: 001.000.00083)
hppSendFaxCM2320 (Version: 003.000.00001)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.767)
iTunes (Version: 4.7.0.42)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java™ 6 Update 12 (Version: 6.0.120)
KBD
LiveUpdate 2.5 (Symantec Corporation) (Version: 2.5.55.0)
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Money 2001 (Version: 9.0.0.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Dancer LE (Version: 1.1.0.3522)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.1829)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Pando Toolbar
PanoStandAlone (Version: 45.4.157.000)
PC-Doctor for Windows (Version: 1.06.005)
PEM Software Systems, Inc
PhotoGallery (Version: 45.4.157.000)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
PlanSwift Professional 9.1
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 47.0.1.000)
PS2
PSPrinters06 (Version: 1.00.0000)
Python 2.2 pywin32 extensions (build 203)
QFolder (Version: 1.00.0000)
Quicken 2005 (Version: 14.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.67.75.0)
Readme (Version: 47.0.1.000)
RealPlayer
Scan (Version: 10.1.0.0)
ScannerCopy (Version: 4.5.0.0)
SkinsHP1 (Version: 45.4.157.000)
Sonic Express Labeler (Version: 2.0.0)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
TomTom HOME 2.7.4.1962 (Version: 2.7.4.1962)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TrayApp (Version: 100.0.170.000)
Unity Web Player (Version: )
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Updates from HP
Veetle TV 0.9.18 (Version: 0.9.18)
Verizon Online Help and Support
Viewpoint Media Player
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 1015.48 MB
Available physical RAM: 614.67 MB
Total Pagefile: 1677.55 MB
Available Pagefile: 1425.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.95 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:86.18 GB) (Free:55.28 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:1.83 GB) FAT32
3 Drive f: () (Fixed) (Total:16.19 GB) (Free:11.28 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-F78BF48CE2

Administrator Guest HelpAssistant
HP_Owner SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by HP_Owner (administrator) on 08-09-2012 at 15:59:30
Running from "C:\Documents and Settings\HP_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 00:00] - [2008-06-20 07:51] - 0361600 ____A (Microsoft Corporation) 456E0F5B9BEB184521B0EE8FA7CC92C7

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


# AdwCleaner v2.000 - Logfile created 09/08/2012 at 16:01:45
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUR-F78BF48CE2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S2].txt - [2613 octets] - [08/09/2012 16:01:45]

########## EOF - C:\AdwCleaner[S2].txt - [2673 octets] ##########

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:11 AM

Posted 08 September 2012 - 03:13 PM

Download

wuauserv
wscsvc
BITS

Launch them,click YES

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Did you UNHIDE your files? Use this tool

http://www.bleepingcomputer.com/download/unhide/

I want you to check if your startmenu programs are not hidden.

Edited by narenxp, 08 September 2012 - 03:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users