Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scour redirest virus: XP


  • Please log in to reply
15 replies to this topic

#1 learntodowell

learntodowell

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 September 2012 - 04:12 AM

I have the scour redirect virus. I ran mbam and it detects 3 threats but does not kill the virus. I ran combofix and it did not kill the virus either. Please help. Thank you. :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:44 PM

Posted 27 September 2012 - 06:44 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 1checkers

1checkers

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 September 2012 - 10:32 AM

need help! I am infected with the scour redirect virus!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:44 PM

Posted 27 September 2012 - 10:49 AM

1checkers

Create a new topic

Thanks

#5 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 02:44 AM

03:42:57.0828 2756 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:42:58.0125 2756 ============================================================
03:42:58.0125 2756 Current date / time: 2012/09/28 03:42:58.0125
03:42:58.0125 2756 SystemInfo:
03:42:58.0125 2756
03:42:58.0125 2756 OS Version: 5.1.2600 ServicePack: 3.0
03:42:58.0125 2756 Product type: Workstation
03:42:58.0125 2756 ComputerName: COMPUTER
03:42:58.0125 2756 UserName: User
03:42:58.0125 2756 Windows directory: C:\WINDOWS
03:42:58.0125 2756 System windows directory: C:\WINDOWS
03:42:58.0125 2756 Processor architecture: Intel x86
03:42:58.0125 2756 Number of processors: 4
03:42:58.0125 2756 Page size: 0x1000
03:42:58.0125 2756 Boot type: Normal boot
03:42:58.0125 2756 ============================================================
03:42:59.0140 2756 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:42:59.0156 2756 ============================================================
03:42:59.0156 2756 \Device\Harddisk0\DR0:
03:42:59.0156 2756 MBR partitions:
03:42:59.0156 2756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
03:42:59.0156 2756 ============================================================
03:42:59.0203 2756 C: <-> \Device\Harddisk0\DR0\Partition1
03:42:59.0203 2756 ============================================================
03:42:59.0203 2756 Initialize success
03:42:59.0203 2756 ============================================================
03:43:00.0203 2624 ============================================================
03:43:00.0203 2624 Scan started
03:43:00.0203 2624 Mode: Manual;
03:43:00.0203 2624 ============================================================
03:43:01.0593 2624 ================ Scan system memory ========================
03:43:01.0593 2624 System memory - ok
03:43:01.0593 2624 ================ Scan services =============================
03:43:01.0734 2624 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] 47979675 C:\WINDOWS\system32\DRIVERS\47979675.sys
03:43:01.0734 2624 47979675 - ok
03:43:01.0812 2624 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\EmsisoftEmergencyKit\Run\a2ddax86.sys
03:43:01.0812 2624 A2DDA - ok
03:43:01.0812 2624 Abiosdsk - ok
03:43:01.0828 2624 abp480n5 - ok
03:43:01.0875 2624 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:43:01.0890 2624 ACPI - ok
03:43:01.0906 2624 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:43:01.0906 2624 ACPIEC - ok
03:43:01.0984 2624 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:43:01.0984 2624 AdobeFlashPlayerUpdateSvc - ok
03:43:01.0984 2624 adpu160m - ok
03:43:02.0031 2624 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:43:02.0031 2624 aec - ok
03:43:02.0078 2624 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:43:02.0078 2624 AFD - ok
03:43:02.0078 2624 Aha154x - ok
03:43:02.0078 2624 aic78u2 - ok
03:43:02.0078 2624 aic78xx - ok
03:43:02.0109 2624 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:43:02.0125 2624 Alerter - ok
03:43:02.0156 2624 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
03:43:02.0156 2624 ALG - ok
03:43:02.0156 2624 AliIde - ok
03:43:02.0218 2624 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
03:43:02.0234 2624 Ambfilt - ok
03:43:02.0250 2624 amsint - ok
03:43:02.0281 2624 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:43:02.0281 2624 AppMgmt - ok
03:43:02.0281 2624 asc - ok
03:43:02.0296 2624 asc3350p - ok
03:43:02.0296 2624 asc3550 - ok
03:43:02.0375 2624 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:43:02.0390 2624 aspnet_state - ok
03:43:02.0421 2624 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:43:02.0421 2624 AsyncMac - ok
03:43:02.0468 2624 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:43:02.0468 2624 atapi - ok
03:43:02.0468 2624 Atdisk - ok
03:43:02.0515 2624 [ C434B72352FADD9249D5541274021570 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
03:43:02.0531 2624 Ati HotKey Poller - ok
03:43:02.0796 2624 [ B4368B39A18630C3EC8D7F496F76F19B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:43:03.0000 2624 ati2mtag - ok
03:43:03.0062 2624 [ BD9CA8136738040D3257363ED12BE693 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
03:43:03.0062 2624 AtiHDAudioService - ok
03:43:03.0093 2624 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
03:43:03.0093 2624 AtiHdmiService - ok
03:43:03.0125 2624 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:43:03.0125 2624 Atmarpc - ok
03:43:03.0171 2624 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:43:03.0171 2624 AudioSrv - ok
03:43:03.0203 2624 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:43:03.0203 2624 audstub - ok
03:43:03.0250 2624 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:43:03.0250 2624 Beep - ok
03:43:03.0265 2624 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
03:43:03.0281 2624 BITS - ok
03:43:03.0328 2624 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
03:43:03.0328 2624 Browser - ok
03:43:03.0359 2624 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:43:03.0359 2624 cbidf2k - ok
03:43:03.0390 2624 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:43:03.0390 2624 CCDECODE - ok
03:43:03.0390 2624 cd20xrnt - ok
03:43:03.0421 2624 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:43:03.0421 2624 Cdaudio - ok
03:43:03.0421 2624 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:43:03.0437 2624 Cdfs - ok
03:43:03.0468 2624 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:43:03.0468 2624 Cdrom - ok
03:43:03.0468 2624 Changer - ok
03:43:03.0484 2624 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:43:03.0484 2624 CiSvc - ok
03:43:03.0500 2624 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:43:03.0500 2624 ClipSrv - ok
03:43:03.0578 2624 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:43:03.0593 2624 clr_optimization_v2.0.50727_32 - ok
03:43:03.0625 2624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:43:03.0656 2624 clr_optimization_v4.0.30319_32 - ok
03:43:03.0656 2624 CmdIde - ok
03:43:03.0656 2624 COMSysApp - ok
03:43:03.0687 2624 [ 91B4A2E4EC360E82093890425C784B2D ] CPen20 C:\WINDOWS\system32\Drivers\CPen20.sys
03:43:03.0687 2624 CPen20 - ok
03:43:03.0687 2624 Cpqarray - ok
03:43:03.0734 2624 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:43:03.0734 2624 CryptSvc - ok
03:43:03.0734 2624 dac2w2k - ok
03:43:03.0734 2624 dac960nt - ok
03:43:03.0796 2624 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:43:03.0796 2624 DcomLaunch - ok
03:43:03.0828 2624 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:43:03.0828 2624 Dhcp - ok
03:43:03.0875 2624 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:43:03.0875 2624 Disk - ok
03:43:03.0875 2624 dmadmin - ok
03:43:03.0906 2624 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:43:03.0921 2624 dmboot - ok
03:43:03.0937 2624 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
03:43:03.0937 2624 dmio - ok
03:43:03.0937 2624 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:43:03.0937 2624 dmload - ok
03:43:03.0953 2624 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
03:43:03.0953 2624 dmserver - ok
03:43:03.0984 2624 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:43:03.0984 2624 DMusic - ok
03:43:04.0015 2624 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:43:04.0015 2624 Dnscache - ok
03:43:04.0046 2624 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:43:04.0046 2624 Dot3svc - ok
03:43:04.0062 2624 dpti2o - ok
03:43:04.0125 2624 [ BB45013A0E6EC0F39BE4EF663FF2E993 ] DragonSvc C:\Program Files\Common Files\Nuance\dgnsvc.exe
03:43:04.0125 2624 DragonSvc - ok
03:43:04.0140 2624 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:43:04.0140 2624 drmkaud - ok
03:43:04.0156 2624 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:43:04.0156 2624 EapHost - ok
03:43:04.0187 2624 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:43:04.0187 2624 ERSvc - ok
03:43:04.0234 2624 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
03:43:04.0234 2624 Eventlog - ok
03:43:04.0265 2624 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
03:43:04.0281 2624 EventSystem - ok
03:43:04.0328 2624 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:43:04.0328 2624 Fastfat - ok
03:43:04.0375 2624 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:43:04.0375 2624 FastUserSwitchingCompatibility - ok
03:43:04.0406 2624 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:43:04.0406 2624 Fdc - ok
03:43:04.0421 2624 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:43:04.0421 2624 Fips - ok
03:43:04.0421 2624 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:43:04.0421 2624 Flpydisk - ok
03:43:04.0437 2624 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:43:04.0437 2624 FltMgr - ok
03:43:04.0531 2624 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:43:04.0531 2624 FontCache3.0.0.0 - ok
03:43:04.0562 2624 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:43:04.0562 2624 Fs_Rec - ok
03:43:04.0578 2624 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:43:04.0578 2624 Ftdisk - ok
03:43:04.0593 2624 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:43:04.0593 2624 Gpc - ok
03:43:04.0671 2624 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
03:43:04.0671 2624 gupdate - ok
03:43:04.0671 2624 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
03:43:04.0671 2624 gupdatem - ok
03:43:04.0734 2624 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:43:04.0734 2624 gusvc - ok
03:43:04.0796 2624 [ 4236E014632F4163F53EBB717F41594C ] HCF_MSFT C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
03:43:04.0796 2624 HCF_MSFT - ok
03:43:04.0828 2624 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:43:04.0828 2624 HDAudBus - ok
03:43:04.0890 2624 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:43:04.0890 2624 helpsvc - ok
03:43:04.0921 2624 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
03:43:04.0921 2624 HidServ - ok
03:43:04.0968 2624 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:43:04.0968 2624 HidUsb - ok
03:43:05.0000 2624 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:43:05.0000 2624 hkmsvc - ok
03:43:05.0000 2624 hpn - ok
03:43:05.0031 2624 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
03:43:05.0031 2624 HSFHWBS2 - ok
03:43:05.0062 2624 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
03:43:05.0078 2624 HSF_DP - ok
03:43:05.0109 2624 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:43:05.0109 2624 HTTP - ok
03:43:05.0140 2624 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:43:05.0171 2624 HTTPFilter - ok
03:43:05.0171 2624 i2omgmt - ok
03:43:05.0187 2624 i2omp - ok
03:43:05.0234 2624 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:43:05.0234 2624 i8042prt - ok
03:43:05.0296 2624 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:43:05.0312 2624 idsvc - ok
03:43:05.0328 2624 ihuwlxfgl - ok
03:43:05.0343 2624 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:43:05.0343 2624 Imapi - ok
03:43:05.0390 2624 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:43:05.0390 2624 ImapiService - ok
03:43:05.0390 2624 ini910u - ok
03:43:05.0546 2624 [ 0CE2EAB2FFB33B8B0EF2B8E0D8B3F026 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:43:05.0625 2624 IntcAzAudAddService - ok
03:43:05.0625 2624 IntelIde - ok
03:43:05.0656 2624 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:43:05.0656 2624 Ip6Fw - ok
03:43:05.0687 2624 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:43:05.0687 2624 IpFilterDriver - ok
03:43:05.0718 2624 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:43:05.0718 2624 IpInIp - ok
03:43:05.0750 2624 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:43:05.0750 2624 IpNat - ok
03:43:05.0781 2624 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:43:05.0781 2624 IPSec - ok
03:43:05.0812 2624 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:43:05.0812 2624 IRENUM - ok
03:43:05.0812 2624 is3srv - ok
03:43:05.0828 2624 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:43:05.0828 2624 isapnp - ok
03:43:05.0921 2624 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
03:43:05.0921 2624 JavaQuickStarterService - ok
03:43:05.0937 2624 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:43:05.0937 2624 Kbdclass - ok
03:43:05.0968 2624 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:43:05.0968 2624 kbdhid - ok
03:43:05.0984 2624 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:43:06.0000 2624 kmixer - ok
03:43:06.0015 2624 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:43:06.0015 2624 KSecDD - ok
03:43:06.0046 2624 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:43:06.0046 2624 lanmanserver - ok
03:43:06.0078 2624 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:43:06.0078 2624 lanmanworkstation - ok
03:43:06.0093 2624 lbrtfdc - ok
03:43:06.0093 2624 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:43:06.0093 2624 LmHosts - ok
03:43:06.0109 2624 maxdueoke - ok
03:43:06.0140 2624 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
03:43:06.0140 2624 MBAMProtector - ok
03:43:06.0187 2624 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:43:06.0187 2624 MBAMScheduler - ok
03:43:06.0234 2624 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:43:06.0250 2624 MBAMService - ok
03:43:06.0296 2624 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
03:43:06.0296 2624 mcdbus - ok
03:43:06.0343 2624 [ 2738B111A73181FA654812C7DD9C8ED6 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
03:43:06.0343 2624 MDM - ok
03:43:06.0390 2624 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:43:06.0390 2624 mdmxsdk - ok
03:43:06.0390 2624 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:43:06.0406 2624 Messenger - ok
03:43:06.0484 2624 [ 46ED68F71C2297D7BB929935B8E96A9F ] MilShieldCleaner C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
03:43:06.0500 2624 MilShieldCleaner - ok
03:43:06.0546 2624 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:43:06.0546 2624 mnmdd - ok
03:43:06.0578 2624 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:43:06.0593 2624 mnmsrvc - ok
03:43:06.0656 2624 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:43:06.0671 2624 Modem - ok
03:43:06.0812 2624 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
03:43:06.0968 2624 Monfilt - ok
03:43:07.0031 2624 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:43:07.0031 2624 Mouclass - ok
03:43:07.0062 2624 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:43:07.0062 2624 mouhid - ok
03:43:07.0078 2624 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:43:07.0078 2624 MountMgr - ok
03:43:07.0125 2624 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:43:07.0140 2624 MozillaMaintenance - ok
03:43:07.0171 2624 [ 2D5990203CB98B7DFD13D73D71C48028 ] MR97310_USB_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310c.sys
03:43:07.0171 2624 MR97310_USB_DUAL_CAMERA - ok
03:43:07.0187 2624 mraid35x - ok
03:43:07.0218 2624 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:43:07.0218 2624 MREMP50 - ok
03:43:07.0234 2624 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:43:07.0234 2624 MRESP50 - ok
03:43:07.0265 2624 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:43:07.0265 2624 MRxDAV - ok
03:43:07.0312 2624 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:43:07.0312 2624 MRxSmb - ok
03:43:07.0343 2624 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:43:07.0343 2624 MSDTC - ok
03:43:07.0359 2624 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:43:07.0359 2624 Msfs - ok
03:43:07.0359 2624 MSIServer - ok
03:43:07.0375 2624 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:43:07.0375 2624 MSKSSRV - ok
03:43:07.0390 2624 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:43:07.0390 2624 MSPCLOCK - ok
03:43:07.0406 2624 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:43:07.0406 2624 MSPQM - ok
03:43:07.0437 2624 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:43:07.0453 2624 mssmbios - ok
03:43:07.0484 2624 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
03:43:07.0484 2624 MSTEE - ok
03:43:07.0515 2624 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:43:07.0515 2624 Mup - ok
03:43:07.0562 2624 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:43:07.0562 2624 NABTSFEC - ok
03:43:07.0609 2624 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:43:07.0609 2624 napagent - ok
03:43:07.0640 2624 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:43:07.0640 2624 NDIS - ok
03:43:07.0671 2624 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:43:07.0671 2624 NdisIP - ok
03:43:07.0718 2624 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:43:07.0718 2624 NdisTapi - ok
03:43:07.0734 2624 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:43:07.0734 2624 Ndisuio - ok
03:43:07.0750 2624 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:43:07.0750 2624 NdisWan - ok
03:43:07.0781 2624 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:43:07.0781 2624 NDProxy - ok
03:43:07.0781 2624 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:43:07.0796 2624 NetBIOS - ok
03:43:07.0828 2624 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:43:07.0828 2624 NetBT - ok
03:43:07.0859 2624 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
03:43:07.0875 2624 NetDDE - ok
03:43:07.0875 2624 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:43:07.0875 2624 NetDDEdsdm - ok
03:43:07.0906 2624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:43:07.0906 2624 Netlogon - ok
03:43:07.0937 2624 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
03:43:07.0953 2624 Netman - ok
03:43:08.0000 2624 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:43:08.0000 2624 NetTcpPortSharing - ok
03:43:08.0031 2624 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
03:43:08.0046 2624 Nla - ok
03:43:08.0046 2624 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:43:08.0046 2624 Npfs - ok
03:43:08.0093 2624 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:43:08.0109 2624 Ntfs - ok
03:43:08.0109 2624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:43:08.0109 2624 NtLmSsp - ok
03:43:08.0140 2624 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:43:08.0140 2624 NtmsSvc - ok
03:43:08.0171 2624 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:43:08.0171 2624 Null - ok
03:43:08.0828 2624 [ 774A0D43912F75DA99D32F2D9E6A674C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:43:09.0453 2624 nv - ok
03:43:09.0515 2624 [ 4D6F0D3FB17C1BA64942F415C73ADCDB ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
03:43:09.0515 2624 NVENETFD - ok
03:43:09.0546 2624 [ A211AB524324E84C2C805B52DFCDD544 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
03:43:09.0546 2624 NVHDA - ok
03:43:09.0656 2624 [ C7D99FA8AD232234D86F7EE5CAB102AD ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
03:43:09.0687 2624 NVIDIA Performance Driver Service - ok
03:43:09.0718 2624 [ 921E63AA1E1A20302223D016ACAFB52B ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
03:43:09.0718 2624 nvnetbus - ok
03:43:09.0765 2624 [ 6B665BDA473E2888A036D0BA5663B5A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
03:43:09.0765 2624 NVSvc - ok
03:43:09.0828 2624 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
03:43:09.0828 2624 nvUpdatusService - ok
03:43:09.0859 2624 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:43:09.0859 2624 NwlnkFlt - ok
03:43:09.0875 2624 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:43:09.0890 2624 NwlnkFwd - ok
03:43:09.0921 2624 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:43:09.0921 2624 ose - ok
03:43:10.0046 2624 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:43:10.0109 2624 osppsvc - ok
03:43:10.0140 2624 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:43:10.0140 2624 Parport - ok
03:43:10.0140 2624 Partizan - ok
03:43:10.0187 2624 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:43:10.0187 2624 PartMgr - ok
03:43:10.0218 2624 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:43:10.0218 2624 ParVdm - ok
03:43:10.0218 2624 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:43:10.0218 2624 PCI - ok
03:43:10.0218 2624 PCIDump - ok
03:43:10.0234 2624 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:43:10.0234 2624 PCIIde - ok
03:43:10.0250 2624 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:43:10.0250 2624 Pcmcia - ok
03:43:10.0250 2624 PDCOMP - ok
03:43:10.0265 2624 PDFRAME - ok
03:43:10.0265 2624 PDRELI - ok
03:43:10.0265 2624 PDRFRAME - ok
03:43:10.0265 2624 perc2 - ok
03:43:10.0281 2624 perc2hib - ok
03:43:10.0312 2624 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
03:43:10.0312 2624 PlugPlay - ok
03:43:10.0343 2624 [ 10BE25C04613B70D8CE1F412E14D9454 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
03:43:10.0359 2624 PnkBstrK - ok
03:43:10.0359 2624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:43:10.0359 2624 PolicyAgent - ok
03:43:10.0375 2624 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:43:10.0375 2624 PptpMiniport - ok
03:43:10.0421 2624 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
03:43:10.0421 2624 Processor - ok
03:43:10.0421 2624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:43:10.0421 2624 ProtectedStorage - ok
03:43:10.0421 2624 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:43:10.0437 2624 PSched - ok
03:43:10.0453 2624 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:43:10.0453 2624 Ptilink - ok
03:43:10.0453 2624 puoeygpa - ok
03:43:10.0453 2624 ql1080 - ok
03:43:10.0453 2624 Ql10wnt - ok
03:43:10.0468 2624 ql12160 - ok
03:43:10.0468 2624 ql1240 - ok
03:43:10.0468 2624 ql1280 - ok
03:43:10.0500 2624 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:43:10.0500 2624 RasAcd - ok
03:43:10.0531 2624 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:43:10.0531 2624 RasAuto - ok
03:43:10.0546 2624 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:43:10.0546 2624 Rasl2tp - ok
03:43:10.0593 2624 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:43:10.0593 2624 RasMan - ok
03:43:10.0609 2624 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:43:10.0609 2624 RasPppoe - ok
03:43:10.0609 2624 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:43:10.0609 2624 Raspti - ok
03:43:10.0625 2624 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:43:10.0625 2624 Rdbss - ok
03:43:10.0640 2624 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:43:10.0640 2624 RDPCDD - ok
03:43:10.0656 2624 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:43:10.0656 2624 rdpdr - ok
03:43:10.0687 2624 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:43:10.0687 2624 RDPWD - ok
03:43:10.0703 2624 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:43:10.0703 2624 RDSessMgr - ok
03:43:10.0734 2624 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:43:10.0750 2624 redbook - ok
03:43:10.0781 2624 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:43:10.0781 2624 RemoteAccess - ok
03:43:10.0828 2624 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:43:10.0828 2624 RemoteRegistry - ok
03:43:10.0828 2624 rnpsexrl - ok
03:43:10.0843 2624 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
03:43:10.0843 2624 RpcLocator - ok
03:43:10.0875 2624 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:43:10.0890 2624 RpcSs - ok
03:43:10.0921 2624 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:43:10.0921 2624 RSVP - ok
03:43:10.0937 2624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
03:43:10.0937 2624 SamSs - ok
03:43:10.0968 2624 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:43:10.0968 2624 SCardSvr - ok
03:43:10.0984 2624 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:43:11.0000 2624 Schedule - ok
03:43:11.0031 2624 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:43:11.0031 2624 Secdrv - ok
03:43:11.0031 2624 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
03:43:11.0031 2624 seclogon - ok
03:43:11.0031 2624 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
03:43:11.0031 2624 SENS - ok
03:43:11.0062 2624 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:43:11.0062 2624 serenum - ok
03:43:11.0062 2624 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:43:11.0062 2624 Serial - ok
03:43:11.0093 2624 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:43:11.0093 2624 Sfloppy - ok
03:43:11.0109 2624 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:43:11.0109 2624 ShellHWDetection - ok
03:43:11.0125 2624 Simbad - ok
03:43:11.0140 2624 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:43:11.0156 2624 SLIP - ok
03:43:11.0156 2624 Sparrow - ok
03:43:11.0187 2624 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:43:11.0187 2624 splitter - ok
03:43:11.0203 2624 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:43:11.0203 2624 Spooler - ok
03:43:11.0234 2624 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:43:11.0234 2624 sr - ok
03:43:11.0281 2624 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
03:43:11.0281 2624 srservice - ok
03:43:11.0312 2624 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:43:11.0328 2624 Srv - ok
03:43:11.0328 2624 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:43:11.0343 2624 SSDPSRV - ok
03:43:11.0359 2624 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:43:11.0359 2624 stisvc - ok
03:43:11.0406 2624 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:43:11.0406 2624 streamip - ok
03:43:11.0421 2624 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:43:11.0421 2624 swenum - ok
03:43:11.0421 2624 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:43:11.0421 2624 swmidi - ok
03:43:11.0437 2624 SwPrv - ok
03:43:11.0437 2624 symc810 - ok
03:43:11.0437 2624 symc8xx - ok
03:43:11.0453 2624 sym_hi - ok
03:43:11.0453 2624 sym_u3 - ok
03:43:11.0468 2624 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:43:11.0468 2624 sysaudio - ok
03:43:11.0500 2624 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:43:11.0500 2624 SysmonLog - ok
03:43:11.0500 2624 szkg5 - ok
03:43:11.0515 2624 szkgfs - ok
03:43:11.0515 2624 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:43:11.0531 2624 TapiSrv - ok
03:43:11.0562 2624 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:43:11.0578 2624 Tcpip - ok
03:43:11.0593 2624 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:43:11.0593 2624 TDPIPE - ok
03:43:11.0609 2624 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:43:11.0609 2624 TDTCP - ok
03:43:11.0640 2624 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:43:11.0640 2624 TermDD - ok
03:43:11.0656 2624 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
03:43:11.0671 2624 TermService - ok
03:43:11.0687 2624 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
03:43:11.0687 2624 Themes - ok
03:43:11.0734 2624 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:43:11.0734 2624 TlntSvr - ok
03:43:11.0734 2624 TosIde - ok
03:43:11.0750 2624 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:43:11.0765 2624 TrkWks - ok
03:43:11.0781 2624 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:43:11.0781 2624 Udfs - ok
03:43:11.0781 2624 ultra - ok
03:43:11.0812 2624 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:43:11.0812 2624 Update - ok
03:43:11.0843 2624 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
03:43:11.0843 2624 upnphost - ok
03:43:11.0859 2624 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
03:43:11.0859 2624 UPS - ok
03:43:11.0890 2624 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
03:43:11.0906 2624 usbaudio - ok
03:43:11.0937 2624 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:43:11.0937 2624 usbccgp - ok
03:43:11.0953 2624 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:43:11.0953 2624 usbehci - ok
03:43:11.0953 2624 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:43:11.0968 2624 usbhub - ok
03:43:11.0968 2624 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
03:43:11.0968 2624 usbohci - ok
03:43:11.0984 2624 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:43:11.0984 2624 usbprint - ok
03:43:12.0000 2624 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:43:12.0000 2624 usbscan - ok
03:43:12.0015 2624 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:43:12.0015 2624 USBSTOR - ok
03:43:12.0046 2624 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:43:12.0046 2624 VgaSave - ok
03:43:12.0046 2624 ViaIde - ok
03:43:12.0062 2624 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:43:12.0062 2624 VolSnap - ok
03:43:12.0093 2624 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
03:43:12.0093 2624 VSS - ok
03:43:12.0109 2624 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
03:43:12.0125 2624 W32Time - ok
03:43:12.0140 2624 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:43:12.0140 2624 Wanarp - ok
03:43:12.0140 2624 WDICA - ok
03:43:12.0156 2624 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:43:12.0156 2624 wdmaud - ok
03:43:12.0171 2624 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
03:43:12.0171 2624 WebClient - ok
03:43:12.0218 2624 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
03:43:12.0234 2624 winachsf - ok
03:43:12.0312 2624 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:43:12.0312 2624 winmgmt - ok
03:43:12.0375 2624 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
03:43:12.0390 2624 WinRM - ok
03:43:12.0421 2624 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:43:12.0421 2624 WmdmPmSN - ok
03:43:12.0468 2624 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:43:12.0468 2624 Wmi - ok
03:43:12.0500 2624 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:43:12.0500 2624 WmiApSrv - ok
03:43:12.0578 2624 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
03:43:12.0578 2624 WMPNetworkSvc - ok
03:43:12.0671 2624 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:43:12.0687 2624 WPFFontCache_v0400 - ok
03:43:12.0718 2624 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:43:12.0718 2624 WS2IFSL - ok
03:43:12.0765 2624 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:43:12.0765 2624 WSTCODEC - ok
03:43:12.0812 2624 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:43:12.0812 2624 wuauserv - ok
03:43:12.0843 2624 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:43:12.0843 2624 WudfPf - ok
03:43:12.0859 2624 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:43:12.0859 2624 WudfRd - ok
03:43:12.0875 2624 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:43:12.0875 2624 WudfSvc - ok
03:43:12.0921 2624 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:43:12.0968 2624 WZCSVC - ok
03:43:12.0984 2624 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:43:13.0000 2624 xmlprov - ok
03:43:13.0000 2624 yhelnrxe - ok
03:43:13.0015 2624 ================ Scan global ===============================
03:43:13.0031 2624 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
03:43:13.0078 2624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:43:13.0093 2624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:43:13.0093 2624 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
03:43:13.0093 2624 [Global] - ok
03:43:13.0093 2624 ================ Scan MBR ==================================
03:43:13.0125 2624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:43:13.0312 2624 \Device\Harddisk0\DR0 - ok
03:43:13.0312 2624 ================ Scan VBR ==================================
03:43:13.0312 2624 [ CCD9F7B803A788D54B534880F3E60D53 ] \Device\Harddisk0\DR0\Partition1
03:43:13.0328 2624 \Device\Harddisk0\DR0\Partition1 - ok
03:43:13.0328 2624 ============================================================
03:43:13.0328 2624 Scan finished
03:43:13.0328 2624 ============================================================
03:43:13.0328 2168 Detected object count: 0
03:43:13.0328 2168 Actual detected object count: 0

#6 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 04:20 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 07:44:28
-----------------------------
07:44:28.140 OS Version: Windows 5.1.2600 Service Pack 3
07:44:28.140 Number of processors: 4 586 0x202
07:44:28.140 ComputerName: COMPUTER UserName: User
07:44:29.875 Initialize success
07:44:46.359 AVAST engine defs: 12092701
07:44:50.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
07:44:50.531 Disk 0 Vendor: SAMSUNG_HD320KJ CP100-12 Size: 305245MB BusType: 3
07:44:50.875 Disk 0 MBR read successfully
07:44:50.875 Disk 0 MBR scan
07:44:50.890 Disk 0 Windows XP default MBR code
07:44:50.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
07:44:51.218 Disk 0 scanning sectors +625121280
07:44:51.921 Disk 0 scanning C:\WINDOWS\system32\drivers
07:46:44.453 Service scanning
07:46:45.609 Service ambplmqw C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Malware-gen
07:47:01.718 Modules scanning
07:48:52.671 Disk 0 trace - called modules:
07:48:52.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:48:52.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2efab8]
07:48:52.765 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b2b7f18]
07:48:52.765 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b253940]
07:48:53.625 AVAST engine scan C:\WINDOWS
07:51:41.968 AVAST engine scan C:\WINDOWS\system32
08:05:19.218 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Malware-gen
08:22:31.171 AVAST engine scan C:\WINDOWS\system32\drivers
08:27:29.828 AVAST engine scan C:\Documents and Settings\User
11:17:50.140 AVAST engine scan C:\Documents and Settings\All Users
11:39:40.656 Scan finished successfully
16:59:43.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
16:59:43.968 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Edited by learntodowell, 28 September 2012 - 04:22 PM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:44 PM

Posted 28 September 2012 - 05:51 PM

ESET log?

#8 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 07:01 PM

ESET Online Log
---------------

C:\Documents and Settings\User\My Documents\Downloads\CPP-ProductKeyFinder.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP26\A0007735.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP26\A0007736.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP26\A0007737.exe a variant of Win32/Injector.XBJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP26\A0007738.exe a variant of Win32/Injector.XBJ trojan cleaned by deleting - quarantined
C:\WINDOWS\explorer.exe a variant of Win32/Patched.IA trojan unable to clean
C:\WINDOWS\system32\winlogon.exe a variant of Win32/Patched.IA trojan unable to clean
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A4XNTXYX\a9174[1].pdf JS/Exploit.Pdfka.PSK trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\wgsdgsdgdsgsd.exe a variant of Win32/Injector.XBJ trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Patched.IA trojan

#9 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 07:20 PM

Hi BC Advisor, :)

These two files seem to be critically important they are not able to be cleaned:

C:\WINDOWS\explorer.exe -----------------a variant of Win32/Patched.IA trojan
C:\WINDOWS\system32\winlogon.exe --------a variant of Win32/Patched.IA trojan

I also believe there may be a problem with a "desktop.ini" file because hitmanpro identifies it sometimes as a issue usually when the GAC virus is identified by hitman (C:/windows/assewbly/gac/.... )in addition to a zaccess virus (zeroacess virus?). Historically these are bugs I have seen identified in the past on my machine.



Roughly 30 days ago I used to have bsod and fixed it with choosing f8 on boot up and then selecting "last known good configuration" to start my machine via windows xp. That fixed the bsod. Immediately before I had the bsod I unplugged my computer when either mbam or hitman had run identifying viral files and the program was in a state of cleaning then locked up. I think the winlogon, desktop.ini were identifieed when the clening locked up and I unpluggded the machine to restart it.

Weird Stuff. I did not know to choose last known configuration to fix bsod. So I installed a sdd and loaded win 7. Later the ssd lockded up so I tried to go back to the hdd with xp the hard drive I scanned for you the logs of which are above. I installed the sdd as a secondary drive and voila a fbi money pack virus showed up not long after. I had the fbi money pack virus and another variant of it months ago on the hdd xp primary c drive. So right now I disconnected the ssd which will not boot with win 7 fully installded on it and am focusing on removing scour-qbees-livesearch redirect from the hdd running xp as primary and only boot drive. Once cleanded I will start to figure out why the ssd with win 7 will bsod and the win 7 programs cannot fix it it. I think xp is a terrific operating system and win 7 is not as stable. Plus I do not like changing things on my system such as installing a ssd and a new evga geforce 520 video card to replace the orginally installed geforce 8400 which was a replacement for the factory installed 8400 someone removed before I purchased the computer used. So many changes may make it had to clean viruses from the machine. If you want me to disconnect the 520 video card or reinstall the 8400 I can easly. Right now I removed the ssd completely from the machine so the only os operating and booting up from is the xp hdd acting as the c drive. :)

Edited by learntodowell, 28 September 2012 - 07:23 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:44 PM

Posted 28 September 2012 - 08:42 PM

I do not want you to run any tools like hitman pro when you are being helped

C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe

Copy all these files to desktop

Go to

https://www.virustotal.com/

Click on CHOOSE FILE

Browse to desktop and upload these files one by one

Post the generated report link here

#11 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 09:02 PM

Winlogon.exe
============

Analysis completed.
SHA256: 27ed23684efdeb3ac342e2ab7a3320fb21b6721519239edfa9e764b3778fc934
SHA1: cdd7acb815a5b720fa9ecdaaf8767ab051a61ca4
MD5: 0b1df5bfbbe448171c15bebe81464ee4
File size: 532.0 KB ( 544768 bytes )
File name: winlogon.exe
File type: unknown
Detection ratio: 9 / 42
Analysis date: 2012-09-29 01:59:44 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120928
AntiVir - 20120928
Antiy-AVL Trojan/Win32.Patched.gen 20120927
Avast - 20120928
AVG - 20120928
BitDefender - 20120928
ByteHero - 20120928
CAT-QuickHeal - 20120927
ClamAV - 20120928
Commtouch - 20120928
Comodo - 20120928
DrWeb - 20120927
Emsisoft Trojan.Patched!IK 20120919
eSafe Win32.Trojan 20120927
eScan - 20120926
ESET-NOD32 a variant of Win32/Patched.IA 20120928
F-Prot - 20120926
F-Secure - 20120927
Fortinet W32/Bamital.FL!tr 20120928
GData - 20120928
Ikarus Trojan.Patched 20120928
Jiangmin - 20120927
K7AntiVirus - 20120928
Kaspersky - 20120928
McAfee - 20120927
McAfee-GW-Edition - 20120928
Microsoft - 20120926
Norman - 20120928
nProtect - 20120927
Panda - 20120928
PCTools - 20120928
Rising Trojan.Win32.Generic.12B0459D 20120927
Sophos - 20120928
SUPERAntiSpyware - 20120911
Symantec - 20120928
TheHacker - 20120928
TotalDefense - 20120928
TrendMicro PE_BAMITAL.SME 20120928
TrendMicro-HouseCall TROJ_GEN.F47V0821 20120926
VBA32 - 20120927
VIPRE - 20120928
ViRobot - 20120928

Comments
Votes
Additional information
No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:44 PM

Posted 28 September 2012 - 09:17 PM

Bamital infection requires advanced tools

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#13 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 09:32 PM

C:\WINDOWS\System32\svchost.exe
===============================


Analysis completed.
SHA256: 4be8748d6c9a526f3a265dcb92432f4427252af7e131d4b602118706b030277f
SHA1: 098154bfdc7ddb39660d808b185c32a139c98c5b
MD5: 82e4b2260cbe150912ee619c98ef8252
File size: 38.5 KB ( 39424 bytes )
File name: svchost.exe
File type: Win32 EXE
Detection ratio: 25 / 43
Analysis date: 2012-09-29 02:07:38 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
Agnitum - 20120928
AhnLab-V3 - 20120928
AntiVir TR/Agent.39424.143 20120928
Antiy-AVL - 20120927
Avast Win32:Malware-gen 20120928
AVG Agent3.BWSF 20120928
BitDefender Trojan.Generic.7727955 20120928
ByteHero - 20120918
CAT-QuickHeal Trojan.Agent.tisv 20120927
ClamAV - 20120928
Commtouch - 20120928
Comodo UnclassifiedMalware 20120928
DrWeb - 20120927
Emsisoft Trojan.Patched!IK 20120919
eSafe Win32.Trojan 20120927
ESET-NOD32 - 20120928
F-Prot - 20120926
F-Secure Trojan.Generic.7727955 20120927
Fortinet W32/Bamital.FL!tr 20120928
GData Trojan.Generic.7727955 20120928
Ikarus Trojan.Patched 20120928
Jiangmin Trojan/Agent.gxsj 20120927
K7AntiVirus Trojan 20120928
Kaspersky Trojan.Win32.Agent.tisv 20120928
Kingsoft Win32.Troj.Patched.(kcloud) 20120925
McAfee Generic.dx!bfnl 20120927
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20120928
Microsoft - 20120926
Norman W32/Troj_Generic.DMACB 20120928
nProtect Trojan.Generic.7727955 20120927
Panda Generic Malware 20120928
PCTools - 20120928
Rising - 20120927
Sophos - 20120928
SUPERAntiSpyware - 20120911
Symantec - 20120928
TheHacker Trojan/Agent.tevb 20120928
TotalDefense - 20120928
TrendMicro PE_BAMITAL.SME 20120928
TrendMicro-HouseCall TROJ_GEN.F47V0817 20120926
VBA32 - 20120927
VIPRE Trojan.Win32.Generic!BT 20120928
ViRobot - 20120928

Comments
Votes
Additional information
No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community No votesMore votes
An error occurred Blog | Twitter | contact@virustotal.com| Google groups | ToS | Privacy policy Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.
Email: Recover password Cancel
Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community.
First name Last name Username * Email * Password * Confirm password * * Required field Cancel Sign up
Sign inUsername or email Password Forgot your password? Cancel Sign in

#14 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 09:33 PM

C:\WINDOWS\explorer.exe
=======================

Analysis completed.
SHA256: f47e59017da57d67d5c82bb597cb2c94736b327df97105613d89e4baf54cce59
SHA1: 0d228925c9c8dae9544746aa2eaf432f330d6eda
MD5: 89e6793404cbbac0a564505880e3332f
File size: 1.0 MB ( 1058304 bytes )
File name: explorer.exe
File type: unknown
Detection ratio: 6 / 41
Analysis date: 2012-09-29 02:03:57 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120928
AntiVir - 20120928
Antiy-AVL - 20120927
Avast - 20120928
AVG - 20120928
BitDefender - 20120928
ByteHero - 20120928
CAT-QuickHeal - 20120927
ClamAV - 20120928
Commtouch - 20120928
Comodo - 20120928
DrWeb - 20120927
Emsisoft - 20120919
eScan - 20120926
ESET-NOD32 a variant of Win32/Patched.IA 20120928
F-Prot - 20120926
F-Secure - 20120927
Fortinet W32/Bamital.FL!tr 20120928
GData - 20120928
Ikarus - 20120928
Jiangmin - 20120927
K7AntiVirus - 20120928
Kaspersky - 20120928
McAfee - 20120927
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20120928
Microsoft - 20120926
Norman - 20120928
nProtect - 20120927
Panda - 20120928
PCTools - 20120928
Rising Trojan.Win32.Generic.12AD5BD8 20120927
Sophos - 20120928
SUPERAntiSpyware - 20120911
Symantec - 20120928
TheHacker - 20120928
TotalDefense - 20120928
TrendMicro PE_BAMITAL.SME 20120928
TrendMicro-HouseCall TROJ_GEN.F47V0821 20120926
VBA32 - 20120927
VIPRE - 20120928
ViRobot - 20120928

Comments
Votes
Additional information
No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community No votesMore votes
An error occurred Blog | Twitter | contact@virustotal.com| Google groups | ToS | Privacy policy Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.
Email: Recover password Cancel
Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community.
First name Last name Username * Email * Password * Confirm password * * Required field Cancel Sign up
Sign inUsername or email Password Forgot your password? Cancel Sign in

#15 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 28 September 2012 - 09:38 PM

Thank you for your assistance. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users