Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to find and remove


  • Please log in to reply
15 replies to this topic

#1 mynet

mynet

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 September 2012 - 05:49 PM

A couple of months ago Notepad began closing after a few minutes of me using it, a popup would say something to the effect that Notepad needs to close because a malicious program is trying to use it. I did a full scan with MSE and it found a bunch of trojans which I proceeded to remove. I did a full scan again and my computer came up clean but when I turned the computer on later MSE was giving a warning that there's a virus which I again removed, did a full scan and MSE found nothing, but again on reboot the same thing happened. I removed it again, did several full scans and my computer came up clean even after rebooting.

So I thought the virus was gone, but a few days ago I noticed that some links I clicked in Google are redirected to another site. I did a full scan with MSE and this time it found a Java exploit (java/CVE-1202-1723.OA), I removed it, did a full scan and MSE didn't find anything but I continued to be redirected in Google. I downloaded Malwarebytes and it found 2 trojans which I removed, did a full scan with Malwarebytes then with MSE and both found nothing but some Google links were still being redirected. I tried Avast and Gmer and they too did not find anything.

So what do I do now? I now I got something on the computer but don't know what or how to get rid of it.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:43 PM

Posted 08 September 2012 - 05:52 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 09 September 2012 - 06:08 PM

Sorry for not getting back sooner. I'm wary about downloading stuff I know nothing about. I looked up TDSSkiller and some people have reported that after running it their computer totally stopped functioning. How safe is it for me to use it? It's a laptop that's infected if that makes any difference.

#4 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 September 2012 - 11:55 AM

12:49:00.0328 1376 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:49:00.0359 1376 ============================================================
12:49:00.0359 1376 Current date / time: 2012/09/10 12:49:00.0359
12:49:00.0359 1376 SystemInfo:
12:49:00.0359 1376
12:49:00.0359 1376 OS Version: 5.1.2600 ServicePack: 3.0
12:49:00.0359 1376 Product type: Workstation
12:49:00.0359 1376 ComputerName: BAGS
12:49:00.0359 1376 UserName: Mark Cierebiej
12:49:00.0359 1376 Windows directory: C:\WINDOWS
12:49:00.0359 1376 System windows directory: C:\WINDOWS
12:49:00.0359 1376 Processor architecture: Intel x86
12:49:00.0359 1376 Number of processors: 1
12:49:00.0359 1376 Page size: 0x1000
12:49:00.0359 1376 Boot type: Normal boot
12:49:00.0359 1376 ============================================================
12:49:02.0421 1376 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:49:02.0421 1376 ============================================================
12:49:02.0421 1376 \Device\Harddisk0\DR0:
12:49:02.0437 1376 MBR partitions:
12:49:02.0437 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
12:49:02.0453 1376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x21A4F55
12:49:02.0453 1376 ============================================================
12:49:02.0500 1376 C: <-> \Device\Harddisk0\DR0\Partition1
12:49:02.0531 1376 D: <-> \Device\Harddisk0\DR0\Partition2
12:49:02.0531 1376 ============================================================
12:49:02.0531 1376 Initialize success
12:49:02.0531 1376 ============================================================
12:49:22.0656 3116 ============================================================
12:49:22.0656 3116 Scan started
12:49:22.0656 3116 Mode: Manual; TDLFS;
12:49:22.0656 3116 ============================================================
12:49:22.0906 3116 ================ Scan system memory ========================
12:49:22.0906 3116 System memory - ok
12:49:22.0921 3116 ================ Scan services =============================
12:49:23.0046 3116 Abiosdsk - ok
12:49:23.0078 3116 abp480n5 - ok
12:49:23.0140 3116 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:49:23.0140 3116 ACPI - ok
12:49:23.0203 3116 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:49:23.0203 3116 ACPIEC - ok
12:49:23.0296 3116 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:49:23.0312 3116 AdobeFlashPlayerUpdateSvc - ok
12:49:23.0328 3116 adpu160m - ok
12:49:23.0421 3116 [ F13D8E7E1FAA31019C25EB17B5FB2662 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:49:23.0421 3116 aeaudio - ok
12:49:23.0484 3116 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:49:23.0484 3116 aec - ok
12:49:23.0562 3116 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:49:23.0562 3116 AFD - ok
12:49:23.0765 3116 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:49:23.0828 3116 AgereSoftModem - ok
12:49:23.0859 3116 Aha154x - ok
12:49:23.0875 3116 aic78u2 - ok
12:49:23.0890 3116 aic78xx - ok
12:49:23.0953 3116 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:49:23.0953 3116 Alerter - ok
12:49:23.0984 3116 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:49:23.0984 3116 ALG - ok
12:49:24.0000 3116 AliIde - ok
12:49:24.0031 3116 amsint - ok
12:49:24.0093 3116 [ 285B803BFA147716B6FE7545586450CD ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:49:24.0093 3116 ApfiltrService - ok
12:49:24.0109 3116 AppMgmt - ok
12:49:24.0171 3116 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:49:24.0171 3116 Arp1394 - ok
12:49:24.0203 3116 asc - ok
12:49:24.0218 3116 asc3350p - ok
12:49:24.0234 3116 asc3550 - ok
12:49:24.0375 3116 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
12:49:24.0375 3116 aspnet_state - ok
12:49:24.0406 3116 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:49:24.0406 3116 AsyncMac - ok
12:49:24.0453 3116 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:49:24.0453 3116 atapi - ok
12:49:24.0484 3116 Atdisk - ok
12:49:24.0531 3116 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:49:24.0531 3116 Atmarpc - ok
12:49:24.0593 3116 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:49:24.0593 3116 AudioSrv - ok
12:49:24.0687 3116 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:49:24.0687 3116 audstub - ok
12:49:24.0734 3116 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:49:24.0750 3116 Beep - ok
12:49:24.0828 3116 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:49:24.0843 3116 BITS - ok
12:49:24.0906 3116 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:49:24.0984 3116 Browser - ok
12:49:25.0046 3116 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:49:25.0046 3116 cbidf2k - ok
12:49:25.0062 3116 cd20xrnt - ok
12:49:25.0109 3116 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:49:25.0109 3116 Cdaudio - ok
12:49:25.0140 3116 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:49:25.0140 3116 Cdfs - ok
12:49:25.0187 3116 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:49:25.0187 3116 Cdrom - ok
12:49:25.0218 3116 Changer - ok
12:49:25.0265 3116 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:49:25.0265 3116 CiSvc - ok
12:49:25.0296 3116 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:49:25.0296 3116 ClipSrv - ok
12:49:25.0328 3116 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:49:25.0328 3116 CmBatt - ok
12:49:25.0359 3116 CmdIde - ok
12:49:25.0375 3116 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:49:25.0375 3116 Compbatt - ok
12:49:25.0406 3116 COMSysApp - ok
12:49:25.0453 3116 Cpqarray - ok
12:49:25.0500 3116 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:49:25.0500 3116 CryptSvc - ok
12:49:25.0515 3116 dac2w2k - ok
12:49:25.0531 3116 dac960nt - ok
12:49:25.0593 3116 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:49:25.0609 3116 DcomLaunch - ok
12:49:25.0671 3116 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:49:25.0671 3116 Dhcp - ok
12:49:25.0687 3116 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:49:25.0687 3116 Disk - ok
12:49:25.0703 3116 dmadmin - ok
12:49:25.0765 3116 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:49:25.0796 3116 dmboot - ok
12:49:25.0828 3116 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:49:25.0828 3116 dmio - ok
12:49:25.0859 3116 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:49:25.0859 3116 dmload - ok
12:49:25.0906 3116 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:49:25.0906 3116 dmserver - ok
12:49:25.0937 3116 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:49:25.0937 3116 DMusic - ok
12:49:25.0984 3116 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:49:25.0984 3116 Dnscache - ok
12:49:26.0031 3116 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:49:26.0046 3116 Dot3svc - ok
12:49:26.0046 3116 dpti2o - ok
12:49:26.0109 3116 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:49:26.0109 3116 drmkaud - ok
12:49:26.0156 3116 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
12:49:26.0156 3116 eabfiltr - ok
12:49:26.0203 3116 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
12:49:26.0203 3116 eabusb - ok
12:49:26.0234 3116 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:49:26.0234 3116 EapHost - ok
12:49:26.0265 3116 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:49:26.0281 3116 ERSvc - ok
12:49:26.0328 3116 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:49:26.0343 3116 Eventlog - ok
12:49:26.0375 3116 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:49:26.0390 3116 EventSystem - ok
12:49:26.0437 3116 [ FB54F67974D13D73BE3E2F1DF042D295 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
12:49:26.0437 3116 ewusbnet - ok
12:49:26.0484 3116 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
12:49:26.0484 3116 ew_hwusbdev - ok
12:49:26.0531 3116 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:49:26.0531 3116 Fastfat - ok
12:49:26.0578 3116 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:49:26.0593 3116 FastUserSwitchingCompatibility - ok
12:49:26.0671 3116 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:49:26.0671 3116 Fdc - ok
12:49:26.0703 3116 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:49:26.0703 3116 Fips - ok
12:49:26.0734 3116 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:49:26.0734 3116 Flpydisk - ok
12:49:26.0796 3116 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:49:26.0796 3116 FltMgr - ok
12:49:26.0812 3116 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:49:26.0828 3116 Fs_Rec - ok
12:49:26.0843 3116 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:49:26.0843 3116 Ftdisk - ok
12:49:26.0906 3116 [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:49:26.0906 3116 GEARAspiWDM - ok
12:49:26.0937 3116 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:49:26.0937 3116 Gpc - ok
12:49:27.0062 3116 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:49:27.0078 3116 gupdate - ok
12:49:27.0093 3116 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:49:27.0093 3116 gupdatem - ok
12:49:27.0203 3116 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:49:27.0203 3116 helpsvc - ok
12:49:27.0250 3116 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:49:27.0250 3116 HidServ - ok
12:49:27.0281 3116 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:49:27.0281 3116 HidUsb - ok
12:49:27.0343 3116 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:49:27.0359 3116 hkmsvc - ok
12:49:27.0375 3116 hpn - ok
12:49:27.0468 3116 [ 6745820C1B0783A367F03DA128F5B1E2 ] hpqwmi C:\Program Files\HPQ\shared\hpqwmi.exe
12:49:27.0468 3116 hpqwmi - ok
12:49:27.0546 3116 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:49:27.0578 3116 HTTP - ok
12:49:27.0640 3116 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:49:27.0687 3116 HTTPFilter - ok
12:49:27.0750 3116 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
12:49:27.0750 3116 huawei_enumerator - ok
12:49:27.0781 3116 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
12:49:27.0796 3116 hwdatacard - ok
12:49:27.0890 3116 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
12:49:28.0031 3116 HWDeviceService.exe - ok
12:49:28.0046 3116 i2omgmt - ok
12:49:28.0062 3116 i2omp - ok
12:49:28.0109 3116 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:49:28.0109 3116 i8042prt - ok
12:49:28.0203 3116 [ AFBF1B43CC830BDC03B582003DA439C2 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:49:28.0250 3116 ialm - ok
12:49:28.0265 3116 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:49:28.0265 3116 Imapi - ok
12:49:28.0312 3116 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:49:28.0312 3116 ImapiService - ok
12:49:28.0328 3116 ini910u - ok
12:49:28.0359 3116 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:49:28.0375 3116 IntelIde - ok
12:49:28.0421 3116 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:49:28.0421 3116 intelppm - ok
12:49:28.0484 3116 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:49:28.0484 3116 Ip6Fw - ok
12:49:28.0515 3116 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:49:28.0515 3116 IpFilterDriver - ok
12:49:28.0562 3116 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:49:28.0562 3116 IpInIp - ok
12:49:28.0640 3116 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:49:28.0640 3116 IpNat - ok
12:49:28.0703 3116 [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
12:49:28.0703 3116 iPodService - ok
12:49:28.0734 3116 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:49:28.0734 3116 IPSec - ok
12:49:28.0765 3116 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:49:28.0765 3116 IRENUM - ok
12:49:28.0812 3116 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:49:28.0812 3116 isapnp - ok
12:49:28.0937 3116 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:49:28.0953 3116 JavaQuickStarterService - ok
12:49:28.0984 3116 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:49:28.0984 3116 Kbdclass - ok
12:49:29.0015 3116 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:49:29.0031 3116 kmixer - ok
12:49:29.0078 3116 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:49:29.0078 3116 KSecDD - ok
12:49:29.0125 3116 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:49:29.0125 3116 lanmanserver - ok
12:49:29.0156 3116 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:49:29.0171 3116 lanmanworkstation - ok
12:49:29.0203 3116 lbrtfdc - ok
12:49:29.0265 3116 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:49:29.0281 3116 LmHosts - ok
12:49:29.0328 3116 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:49:29.0328 3116 MBAMProtector - ok
12:49:29.0421 3116 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:49:29.0453 3116 MBAMService - ok
12:49:29.0500 3116 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:49:29.0500 3116 Messenger - ok
12:49:29.0546 3116 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
12:49:29.0562 3116 MidiSyn - ok
12:49:29.0609 3116 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:49:29.0640 3116 mnmdd - ok
12:49:29.0703 3116 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:49:29.0703 3116 mnmsrvc - ok
12:49:29.0765 3116 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:49:29.0765 3116 Modem - ok
12:49:29.0796 3116 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:49:29.0796 3116 Mouclass - ok
12:49:29.0828 3116 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:49:29.0828 3116 mouhid - ok
12:49:29.0859 3116 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:49:29.0859 3116 MountMgr - ok
12:49:29.0937 3116 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:49:29.0953 3116 MozillaMaintenance - ok
12:49:29.0984 3116 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:49:29.0984 3116 MpFilter - ok
12:49:30.0093 3116 [ A69630D039C38018689190234F866D77 ] MpKsl9eca322c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0B1DC12-057A-4EBA-9901-B4AFB24F7BD5}\MpKsl9eca322c.sys
12:49:30.0093 3116 MpKsl9eca322c - ok
12:49:30.0109 3116 mraid35x - ok
12:49:30.0140 3116 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:49:30.0140 3116 MRxDAV - ok
12:49:30.0218 3116 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:49:30.0265 3116 MRxSmb - ok
12:49:30.0312 3116 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:49:30.0312 3116 MSDTC - ok
12:49:30.0359 3116 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:49:30.0359 3116 Msfs - ok
12:49:30.0375 3116 MSIServer - ok
12:49:30.0421 3116 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:49:30.0421 3116 MSKSSRV - ok
12:49:30.0484 3116 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:49:30.0484 3116 MsMpSvc - ok
12:49:30.0515 3116 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:49:30.0531 3116 MSPCLOCK - ok
12:49:30.0562 3116 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:49:30.0562 3116 MSPQM - ok
12:49:30.0609 3116 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:49:30.0656 3116 mssmbios - ok
12:49:30.0718 3116 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:49:30.0718 3116 Mup - ok
12:49:30.0796 3116 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:49:30.0812 3116 napagent - ok
12:49:30.0859 3116 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:49:30.0875 3116 NDIS - ok
12:49:30.0921 3116 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:49:30.0937 3116 NdisTapi - ok
12:49:30.0937 3116 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:49:30.0953 3116 Ndisuio - ok
12:49:30.0968 3116 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:49:30.0968 3116 NdisWan - ok
12:49:31.0031 3116 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:49:31.0031 3116 NDProxy - ok
12:49:31.0062 3116 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:49:31.0062 3116 NetBIOS - ok
12:49:31.0093 3116 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:49:31.0093 3116 NetBT - ok
12:49:31.0140 3116 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:49:31.0156 3116 NetDDE - ok
12:49:31.0171 3116 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:49:31.0171 3116 NetDDEdsdm - ok
12:49:31.0234 3116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:49:31.0250 3116 Netlogon - ok
12:49:31.0281 3116 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:49:31.0296 3116 Netman - ok
12:49:31.0359 3116 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:49:31.0359 3116 NIC1394 - ok
12:49:31.0406 3116 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:49:31.0406 3116 Nla - ok
12:49:31.0453 3116 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:49:31.0453 3116 Npfs - ok
12:49:31.0515 3116 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:49:31.0546 3116 Ntfs - ok
12:49:31.0578 3116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:49:31.0578 3116 NtLmSsp - ok
12:49:31.0671 3116 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:49:31.0687 3116 NtmsSvc - ok
12:49:31.0734 3116 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:49:31.0734 3116 Null - ok
12:49:31.0781 3116 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:49:31.0796 3116 NwlnkFlt - ok
12:49:31.0812 3116 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:49:31.0812 3116 NwlnkFwd - ok
12:49:31.0843 3116 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:49:31.0843 3116 ohci1394 - ok
12:49:31.0875 3116 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:49:31.0890 3116 Parport - ok
12:49:31.0906 3116 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:49:31.0906 3116 PartMgr - ok
12:49:31.0968 3116 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:49:31.0968 3116 ParVdm - ok
12:49:32.0000 3116 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:49:32.0000 3116 PCI - ok
12:49:32.0015 3116 PCIDump - ok
12:49:32.0046 3116 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
12:49:32.0046 3116 PCIIde - ok
12:49:32.0062 3116 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:49:32.0078 3116 Pcmcia - ok
12:49:32.0093 3116 PDCOMP - ok
12:49:32.0109 3116 PDFRAME - ok
12:49:32.0140 3116 PDRELI - ok
12:49:32.0156 3116 PDRFRAME - ok
12:49:32.0171 3116 perc2 - ok
12:49:32.0203 3116 perc2hib - ok
12:49:32.0281 3116 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:49:32.0281 3116 PlugPlay - ok
12:49:32.0296 3116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:49:32.0312 3116 PolicyAgent - ok
12:49:32.0328 3116 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:49:32.0328 3116 PptpMiniport - ok
12:49:32.0343 3116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:49:32.0359 3116 ProtectedStorage - ok
12:49:32.0375 3116 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:49:32.0375 3116 PSched - ok
12:49:32.0406 3116 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:49:32.0406 3116 Ptilink - ok
12:49:32.0453 3116 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:49:32.0453 3116 PxHelp20 - ok
12:49:32.0468 3116 ql1080 - ok
12:49:32.0484 3116 Ql10wnt - ok
12:49:32.0500 3116 ql12160 - ok
12:49:32.0531 3116 ql1240 - ok
12:49:32.0546 3116 ql1280 - ok
12:49:32.0578 3116 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:49:32.0578 3116 RasAcd - ok
12:49:32.0687 3116 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:49:32.0687 3116 RasAuto - ok
12:49:32.0734 3116 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:49:32.0734 3116 Rasl2tp - ok
12:49:32.0796 3116 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:49:32.0796 3116 RasMan - ok
12:49:32.0828 3116 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:49:32.0828 3116 RasPppoe - ok
12:49:32.0843 3116 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:49:32.0843 3116 Raspti - ok
12:49:32.0875 3116 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:49:32.0890 3116 Rdbss - ok
12:49:32.0906 3116 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:49:32.0906 3116 RDPCDD - ok
12:49:32.0968 3116 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:49:32.0968 3116 RDPWD - ok
12:49:33.0015 3116 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:49:33.0031 3116 RDSessMgr - ok
12:49:33.0062 3116 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:49:33.0062 3116 redbook - ok
12:49:33.0093 3116 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:49:33.0109 3116 RemoteAccess - ok
12:49:33.0125 3116 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:49:33.0140 3116 RpcLocator - ok
12:49:33.0187 3116 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:49:33.0203 3116 RpcSs - ok
12:49:33.0250 3116 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:49:33.0265 3116 RSVP - ok
12:49:33.0328 3116 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
12:49:33.0328 3116 RTL8023xp - ok
12:49:33.0375 3116 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:49:33.0375 3116 rtl8139 - ok
12:49:33.0421 3116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:49:33.0421 3116 SamSs - ok
12:49:33.0484 3116 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:49:33.0500 3116 SCardSvr - ok
12:49:33.0562 3116 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:49:33.0578 3116 Schedule - ok
12:49:33.0656 3116 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:49:33.0656 3116 sdbus - ok
12:49:33.0718 3116 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:49:33.0718 3116 Secdrv - ok
12:49:33.0765 3116 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:49:33.0765 3116 seclogon - ok
12:49:33.0828 3116 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
12:49:33.0843 3116 senfilt - ok
12:49:33.0859 3116 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:49:33.0859 3116 SENS - ok
12:49:33.0890 3116 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:49:33.0890 3116 Serial - ok
12:49:33.0921 3116 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:49:33.0937 3116 Sfloppy - ok
12:49:34.0000 3116 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:49:34.0015 3116 SharedAccess - ok
12:49:34.0062 3116 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:49:34.0062 3116 ShellHWDetection - ok
12:49:34.0078 3116 Simbad - ok
12:49:34.0156 3116 [ 014AB093E6452EA88031BB6E22919BB5 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:49:34.0156 3116 smwdm - ok
12:49:34.0234 3116 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
12:49:34.0234 3116 SoundMAX Agent Service (default) - ok
12:49:34.0250 3116 Sparrow - ok
12:49:34.0281 3116 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:49:34.0281 3116 splitter - ok
12:49:34.0343 3116 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:49:34.0343 3116 Spooler - ok
12:49:34.0406 3116 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:49:34.0406 3116 sr - ok
12:49:34.0453 3116 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:49:34.0468 3116 srservice - ok
12:49:34.0515 3116 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:49:34.0531 3116 Srv - ok
12:49:34.0562 3116 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:49:34.0562 3116 SSDPSRV - ok
12:49:34.0640 3116 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:49:34.0656 3116 stisvc - ok
12:49:34.0703 3116 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:49:34.0703 3116 swenum - ok
12:49:34.0781 3116 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:49:34.0781 3116 swmidi - ok
12:49:34.0796 3116 SwPrv - ok
12:49:34.0828 3116 symc810 - ok
12:49:34.0843 3116 symc8xx - ok
12:49:34.0875 3116 sym_hi - ok
12:49:34.0890 3116 sym_u3 - ok
12:49:34.0921 3116 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:49:34.0921 3116 sysaudio - ok
12:49:34.0968 3116 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:49:34.0968 3116 SysmonLog - ok
12:49:35.0015 3116 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:49:35.0015 3116 TapiSrv - ok
12:49:35.0078 3116 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:49:35.0078 3116 Tcpip - ok
12:49:35.0109 3116 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:49:35.0109 3116 TDPIPE - ok
12:49:35.0140 3116 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:49:35.0140 3116 TDTCP - ok
12:49:35.0171 3116 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:49:35.0171 3116 TermDD - ok
12:49:35.0234 3116 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:49:35.0234 3116 TermService - ok
12:49:35.0265 3116 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:49:35.0281 3116 Themes - ok
12:49:35.0328 3116 [ 2448935E1CF84B0341A24A17908C7311 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
12:49:35.0343 3116 tifm21 - ok
12:49:35.0343 3116 TosIde - ok
12:49:35.0375 3116 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:49:35.0375 3116 TrkWks - ok
12:49:35.0406 3116 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:49:35.0421 3116 Udfs - ok
12:49:35.0421 3116 ultra - ok
12:49:35.0453 3116 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:49:35.0453 3116 UMWdf - ok
12:49:35.0515 3116 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:49:35.0515 3116 Update - ok
12:49:35.0562 3116 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:49:35.0578 3116 upnphost - ok
12:49:35.0609 3116 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:49:35.0640 3116 UPS - ok
12:49:35.0703 3116 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:49:35.0703 3116 usbccgp - ok
12:49:35.0734 3116 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:49:35.0734 3116 usbehci - ok
12:49:35.0796 3116 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:49:35.0796 3116 usbhub - ok
12:49:35.0843 3116 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:49:35.0843 3116 usbprint - ok
12:49:35.0890 3116 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:49:35.0906 3116 usbscan - ok
12:49:35.0953 3116 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:49:35.0953 3116 USBSTOR - ok
12:49:35.0984 3116 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:49:36.0000 3116 usbuhci - ok
12:49:36.0015 3116 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:49:36.0015 3116 VgaSave - ok
12:49:36.0046 3116 ViaIde - ok
12:49:36.0062 3116 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:49:36.0078 3116 VolSnap - ok
12:49:36.0156 3116 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:49:36.0171 3116 VSS - ok
12:49:36.0406 3116 [ 67CAA926EF06E07F2D31056B39F51C54 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
12:49:36.0609 3116 w29n51 - ok
12:49:36.0687 3116 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:49:36.0703 3116 W32Time - ok
12:49:36.0734 3116 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:49:36.0734 3116 Wanarp - ok
12:49:36.0796 3116 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:49:36.0812 3116 Wdf01000 - ok
12:49:36.0812 3116 WDICA - ok
12:49:36.0843 3116 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:49:36.0843 3116 wdmaud - ok
12:49:36.0890 3116 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:49:36.0890 3116 WebClient - ok
12:49:36.0984 3116 [ 38106C7BD34EAE89D2769AC0BA2E846B ] WIND. RunOuc C:\Program Files\WIND\UpdateDog\ouc.exe
12:49:37.0015 3116 WIND. RunOuc - ok
12:49:37.0093 3116 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:49:37.0109 3116 winmgmt - ok
12:49:37.0156 3116 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:49:37.0156 3116 WmdmPmSN - ok
12:49:37.0203 3116 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:49:37.0203 3116 WmiAcpi - ok
12:49:37.0250 3116 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:49:37.0265 3116 WmiApSrv - ok
12:49:37.0343 3116 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:49:37.0343 3116 wscsvc - ok
12:49:37.0359 3116 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:49:37.0359 3116 wuauserv - ok
12:49:37.0468 3116 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:49:37.0484 3116 WZCSVC - ok
12:49:37.0546 3116 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:49:37.0609 3116 xmlprov - ok
12:49:37.0656 3116 ================ Scan global ===============================
12:49:37.0718 3116 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:49:37.0796 3116 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:49:37.0828 3116 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:49:37.0875 3116 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:49:37.0875 3116 [Global] - ok
12:49:37.0875 3116 ================ Scan MBR ==================================
12:49:37.0906 3116 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:49:38.0765 3116 \Device\Harddisk0\DR0 - ok
12:49:38.0781 3116 ================ Scan VBR ==================================
12:49:38.0781 3116 [ A6DCA7C5A89F7932580B9ADE93055C0C ] \Device\Harddisk0\DR0\Partition1
12:49:38.0781 3116 \Device\Harddisk0\DR0\Partition1 - ok
12:49:38.0796 3116 [ 17D833D8B8E8032BEC9C55461B9F2763 ] \Device\Harddisk0\DR0\Partition2
12:49:38.0796 3116 \Device\Harddisk0\DR0\Partition2 - ok
12:49:38.0796 3116 ============================================================
12:49:38.0812 3116 Scan finished
12:49:38.0812 3116 ============================================================
12:49:38.0812 3896 Detected object count: 0
12:49:38.0812 3896 Actual detected object count: 0


I'll post the other scans when I download the other tools

#5 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 September 2012 - 01:48 PM

I seem to be having some trouble with aswMBR. How do I know when the scan is finished? The last line says it's scanning but nothing is happening. A few lines above the text is yellow. I'm not sure what I'm suppose to do, do I save the log now or do I keep waiting? By the way while it was scanning MSE popped up with a message that it found something, is cleaning and no action required.

Edited by mynet, 10 September 2012 - 01:48 PM.


#6 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 September 2012 - 01:58 PM

It finished scanning, here it is:

14:22:27.984 OS Version: Windows 5.1.2600 Service Pack 3
14:22:27.984 Number of processors: 1 586 0xD08
14:22:27.984 ComputerName: BAGS UserName:
14:22:29.468 Initialize success
14:28:11.953 AVAST engine defs: 12091000
14:28:27.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:28:27.656 Disk 0 Vendor: ST960821A 3.02 Size: 57231MB BusType: 3
14:28:27.703 Disk 0 MBR read successfully
14:28:27.703 Disk 0 MBR scan
14:28:27.781 Disk 0 Windows XP default MBR code
14:28:27.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
14:28:27.859 Disk 0 Partition - 00 0F Extended LBA 17225 MB offset 81915435
14:28:27.890 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 17225 MB offset 81915498
14:28:27.921 Disk 0 scanning sectors +117194175
14:28:28.046 Disk 0 scanning C:\WINDOWS\system32\drivers
14:28:54.281 Service scanning
14:29:08.578 Service MpKsl29a627af c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0B1DC12-057A

-4EBA-9901-B4AFB24F7BD5}\MpKsl29a627af.sys **LOCKED** 32
14:29:24.921 Modules scanning
14:30:32.421 Disk 0 trace - called modules:
14:30:32.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:30:32.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df4ab8]
14:30:32.500 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000071[0x89e129e8]
14:30:32.515 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89ddf940]
14:30:32.906 AVAST engine scan C:\WINDOWS
14:31:05.718 AVAST engine scan C:\WINDOWS\system32
14:35:00.437 AVAST engine scan C:\WINDOWS\system32\drivers
14:35:31.796 AVAST engine scan C:\Documents and Settings\Mark
14:54:22.156 AVAST engine scan C:\Documents and Settings\All Users
14:55:17.062 Scan finished successfully
14:55:33.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\My Documents\MBR.dat"
14:55:33.765 The log file has been saved successfully to "C:\Documents and Settings\Mark\My Documents\aswMBR.txt"

#7 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 September 2012 - 02:14 PM

I need some help with ESET Online Scanner, I'm not sure what I'm suppose to do. There are 2 check boxes one is checked "Remove found threats" and the other "scan archives" is unchecked. Do I leave it the way it is? It also says that another anti virus program is detected that may affect performance and quality of scan. The "Show list" shows MSE but I also have Malwarebytes. Do I disable both of them or just MSE?

Edited by mynet, 10 September 2012 - 02:15 PM.


#8 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 September 2012 - 06:29 PM

Here's the ESET list:

C:\Documents and Settings\Mark\Local Settings\Application Data\{50922FE6-E323-11E1-8270-B8AC6F996F26}

\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\53K6WUIL\checking[1].htm

HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\J0C0SXQF\checking[1].htm

HTML/ScrInject.B.Gen virus deleted - quarantined


So it that it, is there a next step?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:43 PM

Posted 10 September 2012 - 09:08 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 11 September 2012 - 11:55 AM

Is it necessary to do the additional scans? Since I scanned with ESET I'm no longer be redirected.

#11 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 11 September 2012 - 06:20 PM

MBAM didn't find anything on full scan and it didn't find anything after reboot scan either. Here's the mini-toolbox result:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Mark (administrator) on 11-09-2012 at 19:06:34
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Media disconnected)
HUAWEI Mobile Connect - 3G Network Card = Local Area Connection 9 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 9"

set address name="Local Area Connection 9" source=dhcp
set dns name="Local Area Connection 9" source=dhcp register=PRIMARY
set wins name="Local Area Connection 9" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : bags Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy

Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media

disconnected Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0A-E4-D7-C1-8BEthernet adapter Wireless Network Connection: Media

State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/Wireless

2200BG Network Connection Physical Address. . . . . . . . . : 00-15-00-05-94-87Ethernet adapter Local Area

Connection 9: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . .

: HUAWEI Mobile Connect - 3G Network Card Physical Address. . . . . . . . . : 00-1E-10-1F-C4-9APPP adapter

WIND Mobile: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP)

Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.198.4.181 Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 10.198.4.181 DNS Servers . . . . . . . . . . . : 74.115.197.69

74.115.197.68 Primary WINS Server . . . . . . . : 10.11.12.13

Secondary WINS Server . . . . . . : 10.11.12.14 NetBIOS over Tcpip. . . . . . . . : DisabledServer: 74-115-

197-68.eng.wind.ca
Address: 74.115.197.68

Name: google.com
Addresses: 74.125.226.194, 74.125.226.195, 74.125.226.196, 74.125.226.197
74.125.226.198, 74.125.226.199, 74.125.226.200, 74.125.226.201, 74.125.226.206
74.125.226.192, 74.125.226.193

Pinging google.com [74.125.226.193] with 32 bytes of data:Reply from 74.125.226.193: bytes=32 time=164ms TTL=56Reply

from 74.125.226.193: bytes=32 time=149ms TTL=56Ping statistics for 74.125.226.193: Packets: Sent = 2, Received =

2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 149ms, Maximum = 164ms, Average =

156msServer: 74-115-197-69.eng.wind.ca
Address: 74.115.197.69

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=461ms TTL=45Reply

from 98.139.183.24: bytes=32 time=355ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2,

Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 355ms, Maximum = 461ms, Average =

408msServer: 74-115-197-69.eng.wind.ca
Address: 74.115.197.69

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host

unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent =

2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms,

Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from

127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average =

0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0a e4 d7 c1 8b ...... Realtek RTL8139 Family PCI

Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 15 00 05 94 87 ...... Intel® PRO/Wireless 2200BG Network

Connection - Packet Scheduler Miniport
0x10005 ...00 1e 10 1f c4 9a ...... HUAWEI Mobile Connect - 3G Network Card -

Packet Scheduler Miniport
0x20006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.198.4.181 10.198.4.181 1
10.198.4.181 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.198.4.181 10.198.4.181 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.198.4.181 10.198.4.181 1
255.255.255.255 255.255.255.255 10.198.4.181 3 1
255.255.255.255 255.255.255.255 10.198.4.181 2 1
255.255.255.255 255.255.255.255 10.198.4.181 10.198.4.181 1
255.255.255.255 255.255.255.255 10.198.4.181 10005 1
Default Gateway: 10.198.4.181
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/11/2012 02:36:10 PM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.0.1526.0, faulting module unknown, version 0.0.0.0, fault

address 0xfec7f9af.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (09/09/2012 07:56:48 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang

address 0x00000000.

Error: (09/05/2012 02:14:04 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A

required certificate is not within its validity period when verifying against the current system clock or the

timestamp in the signed file.

Error: (09/05/2012 02:14:04 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A

required certificate is not within its validity period when verifying against the current system clock or the

timestamp in the signed file.

Error: (09/04/2012 11:24:02 PM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.0.1526.0, faulting module unknown, version 0.0.0.0, fault

address 0xfe8df9af.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (09/04/2012 07:02:37 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security

essentialsNILNILNIL

Error: (08/15/2012 03:13:36 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security

essentialsNILNILNIL

Error: (08/13/2012 01:46:17 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x800106bascancmainwindow__onscancomplete0security

essentialsNILNILNIL

Error: (08/13/2012 01:44:00 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2

4.0.1526.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10

mptelemetry1.

Error: (08/13/2012 01:43:59 PM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.0.1526.0, faulting module unknown, version 0.0.0.0, fault

address 0xfef2f9a6.
Processing media-specific event for [MsMpEng.exe!ws!]


System errors:
=============
Error: (09/11/2012 06:33:17 PM) (Source: Service Control Manager) (User: )
Description: The WIND. OUC service failed to start due to the following error:
%%1053

Error: (09/11/2012 06:33:17 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WIND. OUC service to connect.

Error: (09/11/2012 06:31:34 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Error: (09/11/2012 06:31:34 PM) (Source: DCOM) (User: BAGS)
Description: DCOM got error "%%1053" attempting to start the service iPodService with arguments "-Service"
in order to run the server:
{7A7FB085-6068-4898-8CCA-480A9187277C}

Error: (09/11/2012 06:31:00 PM) (Source: Service Control Manager) (User: )
Description: The WIND. OUC service failed to start due to the following error:
%%1053

Error: (09/11/2012 06:30:59 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WIND. OUC service to connect.

Error: (09/11/2012 02:41:16 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (09/11/2012 02:35:57 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

Failure Type: %%830

Exception code: 0xc0000005

Resource: file:C:\WINDOWS\ie7\reg00182

Error: (09/11/2012 00:37:24 PM) (Source: Service Control Manager) (User: )
Description: The WIND. OUC service failed to start due to the following error:
%%1053

Error: (09/11/2012 00:37:24 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WIND. OUC service to connect.


Microsoft Office Sessions:
=========================
Error: (09/11/2012 02:36:10 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.0.1526.0unknown0.0.0.0fec7f9af

Error: (09/09/2012 07:56:48 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe10.0.0.3646hungapp0.0.0.000000000

Error: (09/05/2012 02:14:04 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required

certificate is not within its validity period when verifying against the current system clock or the timestamp in

the signed file.

Error: (09/05/2012 02:14:04 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required

certificate is not within its validity period when verifying against the current system clock or the timestamp in

the signed file.

Error: (09/04/2012 11:24:02 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.0.1526.0unknown0.0.0.0fe8df9af

Error: (09/04/2012 07:02:37 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security

essentialsNILNILNIL

Error: (08/15/2012 03:13:36 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security

essentialsNILNILNIL

Error: (08/13/2012 01:46:17 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x800106bascancmainwindow__onscancomplete0security

essentialsNILNILNIL

Error: (08/13/2012 01:44:00 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)

4.0.1526.0timeout1.1.8601.0fixed1 _ 20485 _ not bootNILNILNIL

Error: (08/13/2012 01:43:59 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.0.1526.0unknown0.0.0.0fef2f9a6


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader 7.0 (Version: 7.0.0)
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Broadcom 802.11 Wireless LAN Adapter
ESET Online Scanner v3
Google Update Helper (Version: 1.3.21.111)
HP Help and Support (Version: 3.200.16.1)
HP Software Update (Version: 3.0.5.001)
HP Wireless Assistant 1.01 B2 (Version: 1.01 B2)
HP_User_Guides_0005 (Version: 1.08.0001)
Inkscape 0.48.1 (Version: 0.48.1)
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD (Version: 5.0-B11.649)
iTunes (Version: 4.7.0.42)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
muvee autoProducer 4.0 - SE (Version: 4.00.050)
Quick Launch Buttons 5.10 B5 (Version: 5.10 B5)
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.71)
Sonic Audio Module (Version: 2.0.0.1)
Sonic Copy Module (Version: 2.0.0.1)
Sonic Data Module (Version: 2.0.0.1)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.3)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.12.01.5240)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.10.0000)
TIxx21 (Version: 1.10.0000)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WIND (Version: 21.003.27.09.562)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
Zone Deluxe Games (Version: 7.1.7412.1)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2038.42 MB
Available physical RAM: 1387.02 MB
Total Pagefile: 3930.88 MB
Available Pagefile: 3455.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:39.06 GB) (Free:22.72 GB) NTFS
2 Drive d: (drive d) (Fixed) (Total:16.82 GB) (Free:16.74 GB) NTFS
4 Drive f: (WIND) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\BAGS

Administrator ASPNET Guest
HelpAssistant Mark SUPPORT_388945a0


**** End of log ****

#12 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 11 September 2012 - 06:27 PM

FSS Result:

Farbar Service Scanner Version: 06-08-2012
Ran by Mark (administrator) on 11-09-2012 at 19:24:47
Running from "C:\Documents and Settings\Mark\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#13 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 11 September 2012 - 06:39 PM

Here's the adware cleaner report:

# AdwCleaner v2.001 - Logfile created 09/11/2012 at 19:29:10
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mark - BAGS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mark\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Mark\Application

Data\Mozilla\Firefox\Profiles\a5h5hjia.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Zugo

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\a5h5hjia.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[S1].txt - [1694 octets] - [11/09/2012 19:29:10]

########## EOF - C:\AdwCleaner[S1].txt - [1754 octets] ##########


So what's the scoop, is the computer clean or is there a problem? I'm not getting redirected anymore since the ESET scan I did the other day.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:43 PM

Posted 11 September 2012 - 06:40 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 mynet

mynet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 12 September 2012 - 02:02 PM

Thank you very much for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users