Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malicious website


  • Please log in to reply
20 replies to this topic

#1 sam gibson

sam gibson

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 05 September 2012 - 07:57 AM

Hello!

My computer appears to be infected with some malware-

malwarebytes antimalware keeps somcing up with these messages:

malwarebutes has successfully blocked access to potentially malicous IP 95.211.188.45 (or) 95211141105. (or) 94968684.


And avast keeps coming up with messages like:

avast has detected a secure connection from you email program (process svchost.exe) to the SMTP server 202.248.238.12 (nifty.com).


please advise! i have no idea what to do and would appreciate any help hugely.

Regards, sam

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:08 AM

Posted 05 September 2012 - 08:05 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 01:40 PM

okay- thanks alot! here are the reports:

first TDS:

13:39:07.0109 4868 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:39:09.0125 4868 ============================================================
13:39:09.0125 4868 Current date / time: 2012/09/06 13:39:09.0125
13:39:09.0125 4868 SystemInfo:
13:39:09.0125 4868
13:39:09.0125 4868 OS Version: 5.1.2600 ServicePack: 3.0
13:39:09.0125 4868 Product type: Workstation
13:39:09.0125 4868 ComputerName: COMPUTER_1
13:39:09.0125 4868 UserName: sam ling gibson
13:39:09.0125 4868 Windows directory: C:\WINDOWS
13:39:09.0125 4868 System windows directory: C:\WINDOWS
13:39:09.0125 4868 Processor architecture: Intel x86
13:39:09.0125 4868 Number of processors: 2
13:39:09.0125 4868 Page size: 0x1000
13:39:09.0125 4868 Boot type: Normal boot
13:39:09.0125 4868 ============================================================
13:39:10.0625 4868 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:39:10.0625 4868 ============================================================
13:39:10.0625 4868 \Device\Harddisk0\DR0:
13:39:10.0640 4868 MBR partitions:
13:39:10.0640 4868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
13:39:10.0656 4868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xE75FD3F
13:39:10.0656 4868 ============================================================
13:39:10.0687 4868 C: <-> \Device\Harddisk0\DR0\Partition1
13:39:10.0734 4868 D: <-> \Device\Harddisk0\DR0\Partition2
13:39:10.0734 4868 ============================================================
13:39:10.0734 4868 Initialize success
13:39:10.0734 4868 ============================================================
13:39:27.0234 2252 ============================================================
13:39:27.0234 2252 Scan started
13:39:27.0234 2252 Mode: Manual;
13:39:27.0234 2252 ============================================================
13:39:27.0671 2252 ================ Scan system memory ========================
13:39:27.0671 2252 System memory - ok
13:39:27.0671 2252 ================ Scan services =============================
13:39:27.0781 2252 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
13:39:27.0781 2252 Aavmker4 - ok
13:39:27.0796 2252 Abiosdsk - ok
13:39:27.0796 2252 abp480n5 - ok
13:39:27.0843 2252 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:39:27.0859 2252 ACPI - ok
13:39:27.0875 2252 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:39:27.0875 2252 ACPIEC - ok
13:39:27.0875 2252 adpu160m - ok
13:39:27.0906 2252 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:39:27.0906 2252 aec - ok
13:39:27.0937 2252 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:39:27.0937 2252 AFD - ok
13:39:27.0953 2252 Aha154x - ok
13:39:27.0968 2252 aic78u2 - ok
13:39:27.0968 2252 aic78xx - ok
13:39:28.0000 2252 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:39:28.0000 2252 Alerter - ok
13:39:28.0031 2252 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:39:28.0031 2252 ALG - ok
13:39:28.0031 2252 AliIde - ok
13:39:28.0078 2252 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:39:28.0093 2252 AmdPPM - ok
13:39:28.0093 2252 amsint - ok
13:39:28.0187 2252 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:39:28.0203 2252 Apple Mobile Device - ok
13:39:28.0234 2252 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:39:28.0234 2252 AppMgmt - ok
13:39:28.0312 2252 [ 0297AF4B89769159058B996C21218421 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
13:39:28.0343 2252 AR5416 - ok
13:39:28.0343 2252 asc - ok
13:39:28.0359 2252 asc3350p - ok
13:39:28.0390 2252 asc3550 - ok
13:39:28.0437 2252 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:39:28.0437 2252 aswFsBlk - ok
13:39:28.0453 2252 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
13:39:28.0468 2252 aswFW - ok
13:39:28.0484 2252 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
13:39:28.0484 2252 aswKbd - ok
13:39:28.0500 2252 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
13:39:28.0515 2252 aswMon2 - ok
13:39:28.0515 2252 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
13:39:28.0531 2252 aswNdis - ok
13:39:28.0546 2252 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
13:39:28.0546 2252 aswNdis2 - ok
13:39:28.0562 2252 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
13:39:28.0562 2252 AswRdr - ok
13:39:28.0609 2252 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:39:28.0625 2252 aswSnx - ok
13:39:28.0656 2252 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
13:39:28.0671 2252 aswSP - ok
13:39:28.0687 2252 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
13:39:28.0703 2252 aswTdi - ok
13:39:28.0734 2252 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:39:28.0734 2252 AsyncMac - ok
13:39:28.0765 2252 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:39:28.0765 2252 atapi - ok
13:39:28.0765 2252 Atdisk - ok
13:39:28.0812 2252 [ 1E7E66136C8F1DAD9F5A0CC74E384758 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:39:28.0828 2252 Ati HotKey Poller - ok
13:39:28.0953 2252 [ 35C9ED69A581EE5E36A1BCD45F17167D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:39:29.0046 2252 ati2mtag - ok
13:39:29.0109 2252 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:39:29.0109 2252 Atmarpc - ok
13:39:29.0156 2252 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:39:29.0156 2252 AudioSrv - ok
13:39:29.0171 2252 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:39:29.0171 2252 audstub - ok
13:39:29.0203 2252 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:39:29.0218 2252 avast! Antivirus - ok
13:39:29.0250 2252 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
13:39:29.0250 2252 avast! Firewall - ok
13:39:29.0296 2252 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:39:29.0296 2252 Beep - ok
13:39:29.0343 2252 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:39:29.0375 2252 BITS - ok
13:39:29.0421 2252 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:39:29.0437 2252 Bonjour Service - ok
13:39:29.0453 2252 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
13:39:29.0468 2252 Browser - ok
13:39:29.0515 2252 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:39:29.0515 2252 cbidf2k - ok
13:39:29.0546 2252 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:39:29.0546 2252 CCDECODE - ok
13:39:29.0546 2252 cd20xrnt - ok
13:39:29.0578 2252 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:39:29.0578 2252 Cdaudio - ok
13:39:29.0593 2252 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:39:29.0593 2252 Cdfs - ok
13:39:29.0609 2252 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:39:29.0625 2252 Cdrom - ok
13:39:29.0625 2252 Changer - ok
13:39:29.0640 2252 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:39:29.0640 2252 CiSvc - ok
13:39:29.0656 2252 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:39:29.0656 2252 ClipSrv - ok
13:39:29.0671 2252 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:39:29.0687 2252 CmBatt - ok
13:39:29.0687 2252 CmdIde - ok
13:39:29.0703 2252 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:39:29.0703 2252 Compbatt - ok
13:39:29.0718 2252 COMSysApp - ok
13:39:29.0734 2252 Cpqarray - ok
13:39:29.0765 2252 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:39:29.0765 2252 CryptSvc - ok
13:39:29.0781 2252 dac2w2k - ok
13:39:29.0781 2252 dac960nt - ok
13:39:29.0843 2252 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:39:29.0875 2252 DcomLaunch - ok
13:39:29.0890 2252 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:39:29.0906 2252 Dhcp - ok
13:39:29.0921 2252 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:39:29.0921 2252 Disk - ok
13:39:29.0937 2252 dmadmin - ok
13:39:30.0000 2252 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:39:30.0015 2252 dmboot - ok
13:39:30.0046 2252 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:39:30.0062 2252 dmio - ok
13:39:30.0078 2252 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:39:30.0078 2252 dmload - ok
13:39:30.0109 2252 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:39:30.0109 2252 dmserver - ok
13:39:30.0140 2252 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:39:30.0140 2252 DMusic - ok
13:39:30.0171 2252 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:39:30.0171 2252 Dnscache - ok
13:39:30.0187 2252 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:39:30.0203 2252 Dot3svc - ok
13:39:30.0203 2252 dpti2o - ok
13:39:30.0234 2252 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:39:30.0234 2252 drmkaud - ok
13:39:30.0265 2252 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:39:30.0281 2252 EapHost - ok
13:39:30.0312 2252 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:39:30.0312 2252 ERSvc - ok
13:39:30.0343 2252 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
13:39:30.0359 2252 Eventlog - ok
13:39:30.0390 2252 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
13:39:30.0406 2252 EventSystem - ok
13:39:30.0421 2252 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:39:30.0421 2252 Fastfat - ok
13:39:30.0453 2252 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:39:30.0468 2252 FastUserSwitchingCompatibility - ok
13:39:30.0500 2252 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:39:30.0500 2252 Fdc - ok
13:39:30.0515 2252 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:39:30.0515 2252 Fips - ok
13:39:30.0593 2252 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:39:30.0609 2252 FLEXnet Licensing Service - ok
13:39:30.0640 2252 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:39:30.0640 2252 Flpydisk - ok
13:39:30.0671 2252 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:39:30.0671 2252 FltMgr - ok
13:39:30.0687 2252 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:39:30.0687 2252 Fs_Rec - ok
13:39:30.0718 2252 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:39:30.0718 2252 Ftdisk - ok
13:39:30.0750 2252 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:39:30.0750 2252 GEARAspiWDM - ok
13:39:30.0796 2252 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:39:30.0796 2252 Gpc - ok
13:39:30.0843 2252 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:39:30.0859 2252 gusvc - ok
13:39:30.0890 2252 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:39:30.0890 2252 HDAudBus - ok
13:39:30.0953 2252 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:39:30.0953 2252 helpsvc - ok
13:39:31.0000 2252 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:39:31.0015 2252 HidServ - ok
13:39:31.0062 2252 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:39:31.0062 2252 HidUsb - ok
13:39:31.0078 2252 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:39:31.0093 2252 hkmsvc - ok
13:39:31.0109 2252 hpn - ok
13:39:31.0156 2252 [ 1AD70425A72AC287E1D16F6FA066E714 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
13:39:31.0171 2252 HssSrv - ok
13:39:31.0218 2252 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:39:31.0218 2252 HTTP - ok
13:39:31.0250 2252 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:39:31.0265 2252 HTTPFilter - ok
13:39:31.0281 2252 i2omgmt - ok
13:39:31.0296 2252 i2omp - ok
13:39:31.0328 2252 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:39:31.0328 2252 i8042prt - ok
13:39:31.0343 2252 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:39:31.0343 2252 Imapi - ok
13:39:31.0359 2252 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:39:31.0375 2252 ImapiService - ok
13:39:31.0390 2252 ini910u - ok
13:39:31.0578 2252 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:39:31.0703 2252 IntcAzAudAddService - ok
13:39:31.0718 2252 IntelIde - ok
13:39:31.0734 2252 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:39:31.0734 2252 Ip6Fw - ok
13:39:31.0765 2252 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:39:31.0781 2252 IpFilterDriver - ok
13:39:31.0796 2252 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:39:31.0796 2252 IpInIp - ok
13:39:31.0828 2252 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:39:31.0843 2252 IpNat - ok
13:39:31.0906 2252 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:39:31.0937 2252 iPod Service - ok
13:39:31.0968 2252 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:39:31.0968 2252 IPSec - ok
13:39:32.0000 2252 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:39:32.0015 2252 IRENUM - ok
13:39:32.0031 2252 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:39:32.0031 2252 isapnp - ok
13:39:32.0109 2252 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
13:39:32.0109 2252 JavaQuickStarterService - ok
13:39:32.0140 2252 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:39:32.0156 2252 Kbdclass - ok
13:39:32.0187 2252 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:39:32.0187 2252 kmixer - ok
13:39:32.0203 2252 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:39:32.0218 2252 KSecDD - ok
13:39:32.0250 2252 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:39:32.0312 2252 LanmanServer - ok
13:39:32.0359 2252 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:39:32.0390 2252 lanmanworkstation - ok
13:39:32.0390 2252 lbrtfdc - ok
13:39:32.0437 2252 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:39:32.0437 2252 LmHosts - ok
13:39:32.0468 2252 [ C2B26AF5DA2E31FD3221D2B21FAE6249 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:39:32.0468 2252 MBAMProtector - ok
13:39:32.0515 2252 [ 8FAAF64A7144CFE36008764307A3A133 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:39:32.0531 2252 MBAMService - ok
13:39:32.0546 2252 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:39:32.0562 2252 Messenger - ok
13:39:32.0593 2252 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:39:32.0593 2252 mnmdd - ok
13:39:32.0625 2252 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:39:32.0625 2252 mnmsrvc - ok
13:39:32.0671 2252 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:39:32.0671 2252 Modem - ok
13:39:32.0687 2252 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:39:32.0687 2252 Mouclass - ok
13:39:32.0703 2252 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:39:32.0703 2252 MountMgr - ok
13:39:32.0718 2252 mraid35x - ok
13:39:32.0734 2252 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:39:32.0734 2252 MRxDAV - ok
13:39:32.0750 2252 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:39:32.0765 2252 MRxSmb - ok
13:39:32.0796 2252 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:39:32.0812 2252 MSDTC - ok
13:39:32.0828 2252 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:39:32.0843 2252 Msfs - ok
13:39:32.0843 2252 MSIServer - ok
13:39:32.0859 2252 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:39:32.0875 2252 MSKSSRV - ok
13:39:32.0890 2252 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:39:32.0890 2252 MSPCLOCK - ok
13:39:32.0906 2252 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:39:32.0906 2252 MSPQM - ok
13:39:32.0937 2252 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:39:32.0937 2252 mssmbios - ok
13:39:32.0953 2252 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:39:32.0968 2252 MSTEE - ok
13:39:32.0984 2252 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:39:32.0984 2252 Mup - ok
13:39:33.0015 2252 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:39:33.0015 2252 NABTSFEC - ok
13:39:33.0046 2252 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:39:33.0078 2252 napagent - ok
13:39:33.0093 2252 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:39:33.0109 2252 NDIS - ok
13:39:33.0125 2252 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:39:33.0140 2252 NdisIP - ok
13:39:33.0156 2252 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:39:33.0156 2252 NdisTapi - ok
13:39:33.0171 2252 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:39:33.0171 2252 Ndisuio - ok
13:39:33.0187 2252 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:39:33.0187 2252 NdisWan - ok
13:39:33.0203 2252 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:39:33.0203 2252 NDProxy - ok
13:39:33.0218 2252 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:39:33.0218 2252 NetBIOS - ok
13:39:33.0250 2252 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:39:33.0250 2252 NetBT - ok
13:39:33.0265 2252 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:39:33.0281 2252 NetDDE - ok
13:39:33.0296 2252 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:39:33.0312 2252 NetDDEdsdm - ok
13:39:33.0328 2252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:39:33.0343 2252 Netlogon - ok
13:39:33.0375 2252 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:39:33.0390 2252 Netman - ok
13:39:33.0437 2252 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
13:39:33.0453 2252 Nla - ok
13:39:33.0468 2252 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:39:33.0484 2252 Npfs - ok
13:39:33.0500 2252 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:39:33.0515 2252 Ntfs - ok
13:39:33.0546 2252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:39:33.0546 2252 NtLmSsp - ok
13:39:33.0593 2252 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:39:33.0625 2252 NtmsSvc - ok
13:39:33.0656 2252 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:39:33.0671 2252 Null - ok
13:39:33.0687 2252 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:39:33.0687 2252 NwlnkFlt - ok
13:39:33.0718 2252 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:39:33.0718 2252 NwlnkFwd - ok
13:39:33.0765 2252 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:39:33.0765 2252 ose - ok
13:39:33.0796 2252 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:39:33.0812 2252 Parport - ok
13:39:33.0828 2252 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:39:33.0828 2252 PartMgr - ok
13:39:33.0859 2252 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:39:33.0859 2252 ParVdm - ok
13:39:33.0875 2252 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:39:33.0875 2252 PCI - ok
13:39:33.0890 2252 PCIDump - ok
13:39:33.0906 2252 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:39:33.0906 2252 PCIIde - ok
13:39:33.0937 2252 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:39:33.0937 2252 Pcmcia - ok
13:39:33.0953 2252 PDCOMP - ok
13:39:33.0953 2252 PDFRAME - ok
13:39:33.0968 2252 PDRELI - ok
13:39:33.0984 2252 PDRFRAME - ok
13:39:33.0984 2252 perc2 - ok
13:39:34.0000 2252 perc2hib - ok
13:39:34.0062 2252 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
13:39:34.0078 2252 PlugPlay - ok
13:39:34.0093 2252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:39:34.0109 2252 PolicyAgent - ok
13:39:34.0125 2252 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:39:34.0125 2252 PptpMiniport - ok
13:39:34.0140 2252 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:39:34.0156 2252 Processor - ok
13:39:34.0156 2252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:39:34.0171 2252 ProtectedStorage - ok
13:39:34.0187 2252 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:39:34.0187 2252 PSched - ok
13:39:34.0203 2252 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:39:34.0203 2252 Ptilink - ok
13:39:34.0218 2252 ql1080 - ok
13:39:34.0218 2252 Ql10wnt - ok
13:39:34.0234 2252 ql12160 - ok
13:39:34.0250 2252 ql1240 - ok
13:39:34.0250 2252 ql1280 - ok
13:39:34.0265 2252 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:39:34.0281 2252 RasAcd - ok
13:39:34.0296 2252 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:39:34.0312 2252 RasAuto - ok
13:39:34.0343 2252 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:39:34.0343 2252 Rasl2tp - ok
13:39:34.0359 2252 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:39:34.0375 2252 RasMan - ok
13:39:34.0390 2252 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:39:34.0390 2252 RasPppoe - ok
13:39:34.0390 2252 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:39:34.0406 2252 Raspti - ok
13:39:34.0421 2252 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:39:34.0421 2252 Rdbss - ok
13:39:34.0437 2252 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:39:34.0437 2252 RDPCDD - ok
13:39:34.0453 2252 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:39:34.0468 2252 rdpdr - ok
13:39:34.0500 2252 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:39:34.0500 2252 RDPWD - ok
13:39:34.0515 2252 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:39:34.0531 2252 RDSessMgr - ok
13:39:34.0562 2252 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:39:34.0562 2252 redbook - ok
13:39:34.0593 2252 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:39:34.0593 2252 RemoteAccess - ok
13:39:34.0625 2252 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:39:34.0640 2252 RemoteRegistry - ok
13:39:34.0671 2252 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:39:34.0671 2252 RpcLocator - ok
13:39:34.0703 2252 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:39:34.0718 2252 RpcSs - ok
13:39:34.0765 2252 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:39:34.0781 2252 RSVP - ok
13:39:34.0812 2252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:39:34.0812 2252 SamSs - ok
13:39:34.0843 2252 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:39:34.0859 2252 SCardSvr - ok
13:39:34.0906 2252 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:39:34.0921 2252 Schedule - ok
13:39:34.0953 2252 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:39:34.0953 2252 Secdrv - ok
13:39:34.0984 2252 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:39:35.0000 2252 seclogon - ok
13:39:35.0000 2252 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:39:35.0031 2252 SENS - ok
13:39:35.0046 2252 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:39:35.0046 2252 Serial - ok
13:39:35.0078 2252 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:39:35.0093 2252 Sfloppy - ok
13:39:35.0125 2252 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:39:35.0140 2252 SharedAccess - ok
13:39:35.0156 2252 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:39:35.0187 2252 ShellHWDetection - ok
13:39:35.0187 2252 Simbad - ok
13:39:35.0234 2252 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:39:35.0234 2252 SkypeUpdate - ok
13:39:35.0265 2252 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:39:35.0265 2252 SLIP - ok
13:39:35.0281 2252 Sparrow - ok
13:39:35.0328 2252 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:39:35.0328 2252 splitter - ok
13:39:35.0359 2252 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:39:35.0390 2252 Spooler - ok
13:39:35.0421 2252 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:39:35.0421 2252 sr - ok
13:39:35.0453 2252 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:39:35.0484 2252 srservice - ok
13:39:35.0500 2252 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:39:35.0500 2252 Srv - ok
13:39:35.0515 2252 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:39:35.0546 2252 SSDPSRV - ok
13:39:35.0593 2252 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:39:35.0625 2252 stisvc - ok
13:39:35.0656 2252 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:39:35.0656 2252 streamip - ok
13:39:35.0687 2252 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:39:35.0703 2252 swenum - ok
13:39:35.0718 2252 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:39:35.0718 2252 swmidi - ok
13:39:35.0734 2252 SwPrv - ok
13:39:35.0734 2252 symc810 - ok
13:39:35.0750 2252 symc8xx - ok
13:39:35.0765 2252 sym_hi - ok
13:39:35.0781 2252 sym_u3 - ok
13:39:35.0812 2252 [ 409F7EEB079D6154CCB26A02E6E27844 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:39:35.0828 2252 SynTP - ok
13:39:35.0843 2252 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:39:35.0859 2252 sysaudio - ok
13:39:35.0890 2252 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:39:35.0921 2252 SysmonLog - ok
13:39:35.0953 2252 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
13:39:35.0953 2252 taphss - ok
13:39:36.0000 2252 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:39:36.0031 2252 TapiSrv - ok
13:39:36.0078 2252 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:39:36.0093 2252 Tcpip - ok
13:39:36.0109 2252 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:39:36.0109 2252 TDPIPE - ok
13:39:36.0140 2252 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:39:36.0156 2252 TDTCP - ok
13:39:36.0171 2252 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:39:36.0171 2252 TermDD - ok
13:39:36.0218 2252 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:39:36.0250 2252 TermService - ok
13:39:36.0281 2252 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:39:36.0312 2252 Themes - ok
13:39:36.0343 2252 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:39:36.0359 2252 TlntSvr - ok
13:39:36.0375 2252 TosIde - ok
13:39:36.0406 2252 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:39:36.0437 2252 TrkWks - ok
13:39:36.0468 2252 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:39:36.0468 2252 Udfs - ok
13:39:36.0484 2252 ultra - ok
13:39:36.0515 2252 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:39:36.0531 2252 Update - ok
13:39:36.0562 2252 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:39:36.0578 2252 upnphost - ok
13:39:36.0609 2252 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:39:36.0625 2252 UPS - ok
13:39:36.0671 2252 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:39:36.0687 2252 usbaudio - ok
13:39:36.0703 2252 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:39:36.0718 2252 usbccgp - ok
13:39:36.0734 2252 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:39:36.0734 2252 usbehci - ok
13:39:36.0765 2252 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:39:36.0765 2252 usbhub - ok
13:39:36.0781 2252 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:39:36.0796 2252 usbohci - ok
13:39:36.0828 2252 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:39:36.0828 2252 usbprint - ok
13:39:36.0843 2252 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:39:36.0843 2252 usbstor - ok
13:39:36.0906 2252 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:39:36.0906 2252 usbvideo - ok
13:39:36.0921 2252 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:39:36.0937 2252 VgaSave - ok
13:39:36.0937 2252 ViaIde - ok
13:39:36.0953 2252 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:39:36.0968 2252 VolSnap - ok
13:39:37.0000 2252 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:39:37.0015 2252 VSS - ok
13:39:37.0062 2252 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:39:37.0078 2252 W32Time - ok
13:39:37.0109 2252 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:39:37.0125 2252 Wanarp - ok
13:39:37.0156 2252 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:39:37.0171 2252 Wdf01000 - ok
13:39:37.0187 2252 WDICA - ok
13:39:37.0218 2252 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:39:37.0218 2252 wdmaud - ok
13:39:37.0250 2252 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:39:37.0281 2252 WebClient - ok
13:39:37.0343 2252 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:39:37.0359 2252 winmgmt - ok
13:39:37.0421 2252 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:39:37.0437 2252 WmdmPmSN - ok
13:39:37.0468 2252 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:39:37.0484 2252 Wmi - ok
13:39:37.0500 2252 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:39:37.0515 2252 WmiAcpi - ok
13:39:37.0562 2252 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:39:37.0578 2252 WmiApSrv - ok
13:39:37.0609 2252 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:39:37.0640 2252 wscsvc - ok
13:39:37.0671 2252 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:39:37.0671 2252 WSTCODEC - ok
13:39:37.0703 2252 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:39:37.0734 2252 wuauserv - ok
13:39:37.0765 2252 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:39:37.0812 2252 WZCSVC - ok
13:39:37.0843 2252 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:39:37.0875 2252 xmlprov - ok
13:39:37.0875 2252 ================ Scan global ===============================
13:39:37.0906 2252 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:39:37.0937 2252 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
13:39:37.0984 2252 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
13:39:38.0031 2252 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
13:39:38.0046 2252 [Global] - ok
13:39:38.0046 2252 ================ Scan MBR ==================================
13:39:38.0062 2252 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:39:38.0296 2252 \Device\Harddisk0\DR0 - ok
13:39:38.0296 2252 ================ Scan VBR ==================================
13:39:38.0296 2252 [ CE9BC7E3A89FD7F7483B9507F9CF5328 ] \Device\Harddisk0\DR0\Partition1
13:39:38.0296 2252 \Device\Harddisk0\DR0\Partition1 - ok
13:39:38.0328 2252 [ 84B10D75BBF0B9035AFC6611AB15F1EE ] \Device\Harddisk0\DR0\Partition2
13:39:38.0328 2252 \Device\Harddisk0\DR0\Partition2 - ok
13:39:38.0328 2252 ============================================================
13:39:38.0328 2252 Scan finished
13:39:38.0328 2252 ============================================================
13:39:38.0359 2260 Detected object count: 0
13:39:38.0359 2260 Actual detected object count: 0
13:39:45.0312 3988 Deinitialize success

#4 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 01:47 PM

asw mbr:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-06 13:43:08
-----------------------------
13:43:08.031 OS Version: Windows 5.1.2600 Service Pack 3
13:43:08.031 Number of processors: 2 586 0x301
13:43:08.031 ComputerName: COMPUTER_1 UserName:
13:43:10.000 Initialize success
13:43:11.203 AVAST engine defs: 12082100
13:43:46.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:43:46.296 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
13:43:46.328 Disk 0 MBR read successfully
13:43:46.328 Disk 0 MBR scan
13:43:46.468 Disk 0 Windows XP default MBR code
13:43:46.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
13:43:46.468 Disk 0 Partition - 00 0F Extended LBA 118463 MB offset 245762370
13:43:46.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 118463 MB offset 245762433
13:43:46.500 Disk 0 scanning sectors +488376000
13:43:46.578 Disk 0 scanning C:\WINDOWS\system32\drivers
13:43:57.343 Service scanning
13:44:11.218 Modules scanning
13:44:25.171 Disk 0 trace - called modules:
13:44:25.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:44:25.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac2dab8]
13:44:25.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8ac6c030]
13:44:25.203 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac30bd0]
13:44:26.156 AVAST engine scan C:\WINDOWS
13:44:32.921 AVAST engine scan C:\WINDOWS\system32
13:45:44.375 File: C:\WINDOWS\system32\wmphk32.exe **INFECTED** Win32:Kolab-PQ [Trj]
13:45:52.546 AVAST engine scan C:\WINDOWS\system32\drivers
13:46:03.281 AVAST engine scan C:\Documents and Settings\sam ling gibson
13:47:59.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sam ling gibson\Desktop\MBR.dat"
13:47:59.468 The log file has been saved successfully to "C:\Documents and Settings\sam ling gibson\Desktop\aswMBR.txt"

#5 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 04:34 PM

and finally Eset

C:\Documents and Settings\sam ling gibson\cxcmeo.exe a variant of Win32/Injector.VZD trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\puslu.exe Win32/Agent.OBA trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\tmpp.exe a variant of Win32/Injector.VZD trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\Desktop\software for backup\PDFCreator-1_4_2_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\Local Settings\Temp\tmp103.exe a variant of Win32/Injector.WBC trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\Local Settings\Temporary Internet Files\Content.IE5\GH0RCV2J\lx[1] Win32/Agent.OBA trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\Local Settings\Temporary Internet Files\Content.IE5\SZ4RU1EX\hc[1] a variant of Win32/Injector.VZD trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\Local Settings\Temporary Internet Files\Content.IE5\YV2JU1GH\t[1] a variant of Win32/Injector.WBC trojan cleaned by deleting - quarantined
C:\Documents and Settings\sam ling gibson\My Documents\Downloads\Subtitulos-para-Un-tipo-genial.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\WINDOWS\system32\wmphk32.exe a variant of Win32/Injector.LJX trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Agent.OBA trojan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:08 AM

Posted 06 September 2012 - 05:06 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 09:57 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by sam ling gibson (administrator) on 06-09-2012 at 21:55:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

========================= IP Configuration: ================================

Atheros AR928x Wireless Network Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : computer_1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR928x Wireless Network Adapter

Physical Address. . . . . . . . . : 00-17-C4-46-49-FC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 190.157.2.140

200.118.2.91

Lease Obtained. . . . . . . . . . : Thursday, September 06, 2012 9:47:26 PM

Lease Expires . . . . . . . . . . : Thursday, September 06, 2012 10:47:26 PM

Server: Static-IP-1901572140.cable.net.co
Address: 190.157.2.140

Name: google.com
Addresses: 74.125.229.161, 74.125.229.162, 74.125.229.163, 74.125.229.164
74.125.229.165, 74.125.229.166, 74.125.229.167, 74.125.229.168, 74.125.229.169
74.125.229.174, 74.125.229.160



Pinging google.com [173.194.37.14] with 32 bytes of data:



Reply from 173.194.37.14: bytes=32 time=50ms TTL=54

Reply from 173.194.37.14: bytes=32 time=79ms TTL=54



Ping statistics for 173.194.37.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 79ms, Average = 64ms

Server: Static-IP-1901572140.cable.net.co
Address: 190.157.2.140

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=137ms TTL=49

Reply from 98.138.253.109: bytes=32 time=150ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 137ms, Maximum = 150ms, Average = 143ms

Server: Static-IP-1901572140.cable.net.co
Address: 190.157.2.140

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 c4 46 49 fc ...... Atheros AR928x Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.12 192.168.0.12 25
192.168.0.12 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.12 192.168.0.12 25
224.0.0.0 240.0.0.0 192.168.0.12 192.168.0.12 25
255.255.255.255 255.255.255.255 192.168.0.12 192.168.0.12 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2012 05:07:45 AM) (Source: Application Error) (User: )
Description: Faulting application tmp103.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [tmp103.exe!ws!]

Error: (08/30/2012 08:54:37 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/30/2012 02:10:25 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/30/2012 02:08:47 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/30/2012 02:08:40 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shlwapi.dll, version 6.0.2900.5512, fault address 0x00006720.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/30/2012 02:01:02 PM) (Source: Application Error) (User: )
Description: Faulting application flv to avi mpeg wmv 3gp mp4 ipod converter.exe, version 1.0.0.1, faulting module flv to avi mpeg wmv 3gp mp4 ipod converter.exe, version 1.0.0.1, fault address 0x000091a8.
Processing media-specific event for [flv to avi mpeg wmv 3gp mp4 ipod converter.exe!ws!]

Error: (08/29/2012 02:03:48 AM) (Source: Application Hang) (User: )
Description: Hanging application AutoShutdown.exe, version 1.2.4.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2012 09:19:26 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/20/2012 03:18:10 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.10.0.116, faulting module mshtml.dll, version 6.0.2900.5512, fault address 0x0021e595.
Processing media-specific event for [skype.exe!ws!]

Error: (08/14/2012 00:17:21 AM) (Source: Application Hang) (User: )
Description: Hanging application AutoShutdown.exe, version 1.2.4.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/06/2012 09:48:20 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 8050c623.

Error: (09/06/2012 09:47:46 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (09/06/2012 08:34:32 PM) (Source: DCOM) (User: COMPUTER_1)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (09/06/2012 08:29:52 PM) (Source: DCOM) (User: COMPUTER_1)
Description: DCOM got error "%%1058" attempting to start the service helpsvc with arguments ""
in order to run the server:
{833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error: (09/06/2012 08:29:52 PM) (Source: DCOM) (User: COMPUTER_1)
Description: DCOM got error "%%1058" attempting to start the service helpsvc with arguments ""
in order to run the server:
{833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error: (09/06/2012 08:16:47 PM) (Source: DCOM) (User: COMPUTER_1)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/06/2012 03:36:31 PM) (Source: Dhcp) (User: )
Description: The IP address lease 172.28.5.171 for the Network Card with network address 0017C44649FC has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (09/06/2012 07:10:13 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.12 for the Network Card with network address 0017C44649FC has been
denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (09/06/2012 06:13:58 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (09/06/2012 06:13:14 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


Microsoft Office Sessions:
=========================
Error: (09/04/2012 05:07:45 AM) (Source: Application Error)(User: )
Description: tmp103.exe0.0.0.0ntdll.dll5.1.2600.55120001b1fa

Error: (08/30/2012 08:54:37 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (08/30/2012 02:10:25 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (08/30/2012 02:08:47 PM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (08/30/2012 02:08:40 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512shlwapi.dll6.0.2900.551200006720

Error: (08/30/2012 02:01:02 PM) (Source: Application Error)(User: )
Description: flv to avi mpeg wmv 3gp mp4 ipod converter.exe1.0.0.1flv to avi mpeg wmv 3gp mp4 ipod converter.exe1.0.0.1000091a8

Error: (08/29/2012 02:03:48 AM) (Source: Application Hang)(User: )
Description: AutoShutdown.exe1.2.4.5hungapp0.0.0.000000000

Error: (08/28/2012 09:19:26 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (08/20/2012 03:18:10 PM) (Source: Application Error)(User: )
Description: skype.exe5.10.0.116mshtml.dll6.0.2900.55120021e595

Error: (08/14/2012 00:17:21 AM) (Source: Application Hang)(User: )
Description: AutoShutdown.exe1.2.4.5hungapp0.0.0.000000000


=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Wireless LAN Client Adapter (Version: 1.0.4.0505)
ATI Display Driver (Version: 8.511-080624a-066661C-Acer)
avast! Internet Security (Version: 7.0.1466.0)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Efficient Sticky Notes 1.68
ESET Online Scanner v3
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.0.0103
Foxit Reader (Version: 5.3.1.606)
Google Chrome (Version: 21.0.1180.89)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
PDF Settings (Version: 1.0)
PDFCreator (Version: 1.4.2)
Picasa 3 (Version: 3.8)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Skype™ 5.10 (Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
Update for Windows XP (KB898461) (Version: 1)
Vector Magic (Version: 1.14)
VLC media player 2.0.2 (Version: 2.0.2)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 2814.35 MB
Available physical RAM: 2125.14 MB
Total Pagefile: 4701.85 MB
Available Pagefile: 4135.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.17 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:117.19 GB) (Free:4.22 GB) NTFS
2 Drive d: () (Fixed) (Total:115.69 GB) (Free:50.08 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
sam ling gibson SUPPORT_388945a0


**** End of log ****

#8 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 September 2012 - 10:02 PM

# AdwCleaner v2.000 - Logfile created 09/06/2012 at 22:00:06
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : sam ling gibson - COMPUTER_1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\sam ling gibson\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\sam ling gibson\Application Data\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\sam ling gibson\Application Data\Mozilla\Firefox\Profiles\n5kvfmeg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\sam ling gibson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1502 octets] - [06/09/2012 22:00:06]

########## EOF - C:\AdwCleaner[S1].txt - [1562 octets] ##########

again, thanks a lot.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:08 AM

Posted 06 September 2012 - 10:15 PM

Malwarebytes log?

Farbar service scanner log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#10 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 September 2012 - 07:50 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
sam ling gibson :: COMPUTER_1 [administrator]

Protection: Enabled

8/5/2012 3:36:39 PM
mbam-log-2012-08-05 (15-36-39).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256659
Time elapsed: 1 hour(s), 42 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\sam ling gibson\My Documents\Downloads\SoftonicDownloader_para_free-flv-converter.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam ling gibson\My Documents\Downloads\SoftonicDownloader_para_java-7-jre (1).exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam ling gibson\My Documents\Downloads\SoftonicDownloader_para_java-7-jre.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\sam ling gibson\My Documents\Malwarebytes.Anti-Malware.PRO.v1.60.0.1800.MULTILINGUAL-CRD\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.

(end)

#11 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 September 2012 - 07:51 AM

Farbar Service Scanner Version: 06-08-2012
Ran by sam ling gibson (administrator) on 07-09-2012 at 07:51:30
Running from "C:\Documents and Settings\sam ling gibson\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswFW(9) aswTdi(2) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000300000009000000020000000800000005000000060000000700000001000000
IpSec Tag value is correct.

**** End of log ****

#12 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 September 2012 - 07:53 AM

Rkill 2.3.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/07/2012 07:52:38 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/07/2012 07:53:35 AM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:08 AM

Posted 07 September 2012 - 08:22 AM

Press Windows+R key and type

services.msc and click ok

Right click on

Security center
Automatic updates
Background intelligence transfer

Select - properties-change it to automatic-start it

Post the new FSS log

Edited by narenxp, 07 September 2012 - 08:22 AM.


#14 sam gibson

sam gibson
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 September 2012 - 12:32 PM

hELLO- i had been advised to turn those things off, as they were unnecessary. Do you think otherwise?

Thanks, sam

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:08 AM

Posted 07 September 2012 - 12:38 PM

hELLO- i had been advised to turn those things off, as they were unnecessary. Do you think otherwise?


Who advised you? Please turn it on




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users