Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

From: Nasty Infestion


  • Please log in to reply
18 replies to this topic

#1 jeepndiva

jeepndiva

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 11:28 AM

Windows XP Professional - service pack 3. You can log onto the system but unable to access the internet, icons on desktop and quick launch are messed up. Any assistance would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 11:38 AM

Boot into safemode with networking

Can you browse now?

#3 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 12:03 PM

When I boot into safemode it kicks me right out.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 12:28 PM

Not the safemode.Boot into safemode with networking

Posted Image

#5 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 12:30 PM

Yes safemode with networking.... IE closes immediately after opening.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 12:32 PM

Can you try any other browser?

Copy the tools to the infected PC

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#7 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 01:12 PM

Contents of 1st file

14:03:24.0409 2656 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:03:24.0731 2656 ============================================================
14:03:24.0731 2656 Current date / time: 2012/10/08 14:03:24.0731
14:03:24.0731 2656 SystemInfo:
14:03:24.0731 2656
14:03:24.0731 2656 OS Version: 5.1.2600 ServicePack: 3.0
14:03:24.0731 2656 Product type: Workstation
14:03:24.0731 2656 ComputerName: RSD1
14:03:24.0731 2656 UserName: ldery
14:03:24.0731 2656 Windows directory: C:\WINDOWS
14:03:24.0731 2656 System windows directory: C:\WINDOWS
14:03:24.0731 2656 Processor architecture: Intel x86
14:03:24.0731 2656 Number of processors: 2
14:03:24.0731 2656 Page size: 0x1000
14:03:24.0731 2656 Boot type: Normal boot
14:03:24.0731 2656 ============================================================
14:03:27.0021 2656 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:03:27.0039 2656 Drive \Device\Harddisk1\DR5 - Size: 0x735CF0000 (28.84 Gb), SectorSize: 0x200, Cylinders: 0xEB4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:03:27.0057 2656 Drive \Device\Harddisk2\DR7 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:03:27.0057 2656 ============================================================
14:03:27.0057 2656 \Device\Harddisk0\DR0:
14:03:27.0057 2656 MBR partitions:
14:03:27.0057 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A6DA7A
14:03:27.0057 2656 \Device\Harddisk1\DR5:
14:03:27.0057 2656 MBR partitions:
14:03:27.0057 2656 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x39AC800
14:03:27.0057 2656 \Device\Harddisk2\DR7:
14:03:27.0057 2656 MBR partitions:
14:03:27.0057 2656 \Device\Harddisk2\DR7\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1E0B800
14:03:27.0057 2656 ============================================================
14:03:27.0128 2656 C: <-> \Device\Harddisk0\DR0\Partition1
14:03:27.0128 2656 ============================================================
14:03:27.0128 2656 Initialize success
14:03:27.0128 2656 ============================================================
14:04:23.0779 2612 ============================================================
14:04:23.0779 2612 Scan started
14:04:23.0779 2612 Mode: Manual; TDLFS;
14:04:23.0779 2612 ============================================================
14:04:24.0209 2612 ================ Scan system memory ========================
14:04:24.0924 2612 System memory - ok
14:04:24.0924 2612 ================ Scan services =============================
14:04:25.0032 2612 Abiosdsk - ok
14:04:25.0049 2612 abp480n5 - ok
14:04:25.0103 2612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:04:25.0103 2612 ACPI - ok
14:04:25.0139 2612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:04:25.0139 2612 ACPIEC - ok
14:04:25.0246 2612 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:25.0264 2612 AdobeFlashPlayerUpdateSvc - ok
14:04:25.0264 2612 adpu160m - ok
14:04:25.0318 2612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:04:25.0318 2612 aec - ok
14:04:25.0389 2612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:04:25.0389 2612 AFD - ok
14:04:25.0389 2612 Aha154x - ok
14:04:25.0407 2612 aic78u2 - ok
14:04:25.0407 2612 aic78xx - ok
14:04:25.0461 2612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:04:25.0461 2612 Alerter - ok
14:04:25.0515 2612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:04:25.0515 2612 ALG - ok
14:04:25.0532 2612 AliIde - ok
14:04:25.0532 2612 amsint - ok
14:04:25.0586 2612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:04:25.0586 2612 AppMgmt - ok
14:04:25.0586 2612 asc - ok
14:04:25.0586 2612 asc3350p - ok
14:04:25.0604 2612 asc3550 - ok
14:04:25.0747 2612 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:04:25.0747 2612 aspnet_state - ok
14:04:25.0765 2612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:04:25.0765 2612 AsyncMac - ok
14:04:25.0783 2612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:04:25.0783 2612 atapi - ok
14:04:25.0783 2612 Atdisk - ok
14:04:25.0819 2612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:04:25.0819 2612 Atmarpc - ok
14:04:25.0854 2612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:04:25.0872 2612 AudioSrv - ok
14:04:25.0908 2612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:04:25.0908 2612 audstub - ok
14:04:25.0980 2612 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:04:25.0980 2612 b57w2k - ok
14:04:25.0998 2612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:04:25.0998 2612 Beep - ok
14:04:26.0069 2612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:04:26.0069 2612 BITS - ok
14:04:26.0141 2612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:04:26.0141 2612 Browser - ok
14:04:26.0141 2612 catchme - ok
14:04:26.0194 2612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:04:26.0194 2612 cbidf2k - ok
14:04:26.0194 2612 cd20xrnt - ok
14:04:26.0194 2612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:04:26.0212 2612 Cdaudio - ok
14:04:26.0212 2612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:04:26.0212 2612 Cdfs - ok
14:04:26.0248 2612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:04:26.0248 2612 Cdrom - ok
14:04:26.0266 2612 [ 2A5815CA6FFF24B688C01F828B96819C ] Changer C:\WINDOWS\system32\drivers\Changer.sys
14:04:26.0266 2612 Changer - ok
14:04:26.0284 2612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:04:26.0284 2612 CiSvc - ok
14:04:26.0302 2612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:04:26.0302 2612 ClipSrv - ok
14:04:26.0319 2612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:26.0319 2612 clr_optimization_v2.0.50727_32 - ok
14:04:26.0319 2612 CmdIde - ok
14:04:26.0337 2612 COMSysApp - ok
14:04:26.0355 2612 Cpqarray - ok
14:04:26.0409 2612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:04:26.0409 2612 CryptSvc - ok
14:04:26.0445 2612 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
14:04:26.0445 2612 ctsfm2k - ok
14:04:26.0445 2612 dac2w2k - ok
14:04:26.0463 2612 dac960nt - ok
14:04:26.0516 2612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:04:26.0516 2612 DcomLaunch - ok
14:04:26.0641 2612 [ 2AB40D0F2C34549604C75DC0B54451E7 ] DefaultTabSearch C:\Program Files\DefaultTab\DefaultTabSearch.exe
14:04:26.0641 2612 DefaultTabSearch - ok
14:04:26.0713 2612 [ F4CEED318F6669820A198B9498A88159 ] DefWatch C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
14:04:26.0713 2612 DefWatch - ok
14:04:26.0767 2612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:04:26.0767 2612 Dhcp - ok
14:04:26.0838 2612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:04:26.0838 2612 Disk - ok
14:04:26.0838 2612 dmadmin - ok
14:04:26.0892 2612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:04:26.0892 2612 dmboot - ok
14:04:26.0928 2612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:04:26.0928 2612 dmio - ok
14:04:26.0946 2612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:04:26.0946 2612 dmload - ok
14:04:26.0981 2612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:04:26.0981 2612 dmserver - ok
14:04:26.0999 2612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:04:26.0999 2612 DMusic - ok
14:04:27.0053 2612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:04:27.0071 2612 Dnscache - ok
14:04:27.0107 2612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:04:27.0107 2612 Dot3svc - ok
14:04:27.0142 2612 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:04:27.0142 2612 Dot4 - ok
14:04:27.0196 2612 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:04:27.0196 2612 Dot4Print - ok
14:04:27.0250 2612 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
14:04:27.0250 2612 dot4usb - ok
14:04:27.0268 2612 dpti2o - ok
14:04:27.0321 2612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:04:27.0321 2612 drmkaud - ok
14:04:27.0375 2612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:04:27.0375 2612 EapHost - ok
14:04:27.0446 2612 [ 6024C2A3F856B370927DFBF652A8FD9B ] EPrint III Service C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE
14:04:27.0446 2612 EPrint III Service - ok
14:04:27.0482 2612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:04:27.0482 2612 ERSvc - ok
14:04:27.0500 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:04:27.0500 2612 Eventlog - ok
14:04:27.0554 2612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
14:04:27.0572 2612 EventSystem - ok
14:04:27.0572 2612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:04:27.0572 2612 Fastfat - ok
14:04:27.0643 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:04:27.0643 2612 FastUserSwitchingCompatibility - ok
14:04:27.0697 2612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:04:27.0715 2612 Fdc - ok
14:04:27.0751 2612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:04:27.0751 2612 Fips - ok
14:04:27.0768 2612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:04:27.0768 2612 Flpydisk - ok
14:04:27.0768 2612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:04:27.0786 2612 FltMgr - ok
14:04:27.0876 2612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:04:27.0876 2612 FontCache3.0.0.0 - ok
14:04:27.0912 2612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:04:27.0912 2612 Fs_Rec - ok
14:04:27.0947 2612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:04:27.0947 2612 Ftdisk - ok
14:04:28.0001 2612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:04:28.0001 2612 Gpc - ok
14:04:28.0108 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:04:28.0126 2612 gupdate - ok
14:04:28.0126 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:04:28.0126 2612 gupdatem - ok
14:04:28.0180 2612 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:04:28.0180 2612 gusvc - ok
14:04:28.0269 2612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:04:28.0269 2612 helpsvc - ok
14:04:28.0269 2612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:04:28.0287 2612 HidServ - ok
14:04:28.0287 2612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:04:28.0287 2612 hidusb - ok
14:04:28.0341 2612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:04:28.0341 2612 hkmsvc - ok
14:04:28.0341 2612 hpn - ok
14:04:28.0377 2612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:04:28.0394 2612 HTTP - ok
14:04:28.0412 2612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:04:28.0412 2612 HTTPFilter - ok
14:04:28.0412 2612 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:04:28.0412 2612 i2omgmt - ok
14:04:28.0430 2612 i2omp - ok
14:04:28.0466 2612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
14:04:28.0466 2612 i8042prt - ok
14:04:28.0538 2612 [ 6D4B680D5BF352CD0951AADD4DE119EF ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:04:28.0555 2612 ialm - ok
14:04:28.0645 2612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:04:28.0645 2612 idsvc - ok
14:04:28.0699 2612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:04:28.0699 2612 Imapi - ok
14:04:28.0752 2612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:04:28.0752 2612 ImapiService - ok
14:04:28.0770 2612 ini910u - ok
14:04:28.0770 2612 IntelIde - ok
14:04:28.0788 2612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:04:28.0788 2612 intelppm - ok
14:04:28.0842 2612 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:04:28.0842 2612 ip6fw - ok
14:04:28.0877 2612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:04:28.0877 2612 IpFilterDriver - ok
14:04:28.0895 2612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:04:28.0895 2612 IpInIp - ok
14:04:28.0931 2612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:04:28.0931 2612 IpNat - ok
14:04:28.0931 2612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:04:28.0949 2612 IPSec - ok
14:04:28.0967 2612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:04:28.0967 2612 IRENUM - ok
14:04:29.0003 2612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:04:29.0003 2612 isapnp - ok
14:04:29.0056 2612 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService c:\Program Files\Java\jre6\bin\jqs.exe
14:04:29.0056 2612 JavaQuickStarterService - ok
14:04:29.0092 2612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:04:29.0092 2612 Kbdclass - ok
14:04:29.0092 2612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:04:29.0092 2612 kbdhid - ok
14:04:29.0164 2612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:04:29.0164 2612 kmixer - ok
14:04:29.0164 2612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:04:29.0164 2612 KSecDD - ok
14:04:29.0217 2612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:04:29.0235 2612 lanmanserver - ok
14:04:29.0289 2612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:04:29.0289 2612 lanmanworkstation - ok
14:04:29.0343 2612 [ 406598827A1B5F77954DE11DDE115CED ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
14:04:29.0343 2612 lbrtfdc - ok
14:04:29.0414 2612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:04:29.0414 2612 LmHosts - ok
14:04:29.0468 2612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:04:29.0468 2612 Messenger - ok
14:04:29.0504 2612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:04:29.0504 2612 mnmdd - ok
14:04:29.0557 2612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:04:29.0557 2612 mnmsrvc - ok
14:04:29.0593 2612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:04:29.0611 2612 Modem - ok
14:04:29.0611 2612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:04:29.0611 2612 Mouclass - ok
14:04:29.0647 2612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:04:29.0647 2612 mouhid - ok
14:04:29.0647 2612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:04:29.0647 2612 MountMgr - ok
14:04:29.0718 2612 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:04:29.0718 2612 MpFilter - ok
14:04:29.0861 2612 [ A69630D039C38018689190234F866D77 ] MpKsld217681f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4F3B227-8A97-444C-8E9B-A617FC2F043A}\MpKsld217681f.sys
14:04:29.0861 2612 MpKsld217681f - ok
14:04:29.0861 2612 mraid35x - ok
14:04:29.0897 2612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:04:29.0897 2612 MRxDAV - ok
14:04:29.0933 2612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:04:29.0951 2612 MRxSmb - ok
14:04:29.0969 2612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:04:29.0969 2612 MSDTC - ok
14:04:29.0987 2612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:04:29.0987 2612 Msfs - ok
14:04:29.0987 2612 MSIServer - ok
14:04:30.0022 2612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:04:30.0022 2612 MSKSSRV - ok
14:04:30.0112 2612 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:04:30.0130 2612 MsMpSvc - ok
14:04:30.0148 2612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:04:30.0148 2612 MSPCLOCK - ok
14:04:30.0183 2612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:04:30.0183 2612 MSPQM - ok
14:04:30.0219 2612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:04:30.0219 2612 mssmbios - ok
14:04:30.0255 2612 MSSQL$RETSDATA - ok
14:04:30.0273 2612 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
14:04:30.0273 2612 MSSQLServerADHelper - ok
14:04:30.0309 2612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:04:30.0309 2612 Mup - ok
14:04:30.0344 2612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:04:30.0344 2612 napagent - ok
14:04:30.0398 2612 [ 70C4D2474833B6EF16342E5D33359FF6 ] NAVAP C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
14:04:30.0398 2612 NAVAP - ok
14:04:30.0434 2612 [ F81A56A1BE2C0EA8C2FF320CD5DC9AAD ] NAVAPEL C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
14:04:30.0434 2612 NAVAPEL - ok
14:04:30.0613 2612 [ 49D802531E5984CF1FE028C6C129B9D8 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys
14:04:30.0630 2612 NAVENG - ok
14:04:30.0720 2612 [ 158676A5758C1FA519563B3E72FBF256 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys
14:04:30.0720 2612 NAVEX15 - ok
14:04:30.0809 2612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:04:30.0809 2612 NDIS - ok
14:04:30.0863 2612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:04:30.0863 2612 NdisTapi - ok
14:04:30.0917 2612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:04:30.0917 2612 Ndisuio - ok
14:04:30.0935 2612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:04:30.0935 2612 NdisWan - ok
14:04:30.0970 2612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:04:30.0970 2612 NDProxy - ok
14:04:30.0988 2612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:04:30.0988 2612 NetBIOS - ok
14:04:31.0006 2612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:04:31.0006 2612 NetBT - ok
14:04:31.0060 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:04:31.0060 2612 NetDDE - ok
14:04:31.0060 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:04:31.0078 2612 NetDDEdsdm - ok
14:04:31.0113 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:04:31.0131 2612 Netlogon - ok
14:04:31.0185 2612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:04:31.0185 2612 Netman - ok
14:04:31.0221 2612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:04:31.0221 2612 NetTcpPortSharing - ok
14:04:31.0274 2612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:04:31.0274 2612 Nla - ok
14:04:31.0310 2612 [ 8D2BC561DA4B3E269B148CD7D2F9C176 ] Norton AntiVirus Server C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
14:04:31.0310 2612 Norton AntiVirus Server - ok
14:04:31.0328 2612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:04:31.0328 2612 Npfs - ok
14:04:31.0400 2612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:04:31.0400 2612 Ntfs - ok
14:04:31.0418 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:04:31.0418 2612 NtLmSsp - ok
14:04:31.0471 2612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:04:31.0471 2612 NtmsSvc - ok
14:04:31.0507 2612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:04:31.0507 2612 Null - ok
14:04:31.0561 2612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:04:31.0561 2612 NwlnkFlt - ok
14:04:31.0579 2612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:04:31.0579 2612 NwlnkFwd - ok
14:04:31.0650 2612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:31.0650 2612 ose - ok
14:04:31.0686 2612 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
14:04:31.0704 2612 ossrv - ok
14:04:31.0757 2612 [ 3A7290F2C423B80BA95BECAE015B9B1B ] P17 C:\WINDOWS\system32\drivers\P17.sys
14:04:31.0757 2612 P17 - ok
14:04:31.0793 2612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:04:31.0793 2612 Parport - ok
14:04:31.0829 2612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:04:31.0829 2612 PartMgr - ok
14:04:31.0865 2612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:04:31.0865 2612 ParVdm - ok
14:04:31.0883 2612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:04:31.0883 2612 PCI - ok
14:04:31.0883 2612 PCIDump - ok
14:04:31.0918 2612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:04:31.0918 2612 PCIIde - ok
14:04:31.0936 2612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:04:31.0936 2612 Pcmcia - ok
14:04:31.0936 2612 PDCOMP - ok
14:04:31.0954 2612 PDFRAME - ok
14:04:31.0954 2612 PDRELI - ok
14:04:31.0972 2612 PDRFRAME - ok
14:04:31.0972 2612 perc2 - ok
14:04:31.0972 2612 perc2hib - ok
14:04:32.0044 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:04:32.0044 2612 PlugPlay - ok
14:04:32.0062 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:04:32.0062 2612 PolicyAgent - ok
14:04:32.0115 2612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:04:32.0115 2612 PptpMiniport - ok
14:04:32.0133 2612 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:04:32.0133 2612 Processor - ok
14:04:32.0133 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:04:32.0151 2612 ProtectedStorage - ok
14:04:32.0151 2612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:04:32.0151 2612 PSched - ok
14:04:32.0205 2612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:04:32.0205 2612 Ptilink - ok
14:04:32.0205 2612 ql1080 - ok
14:04:32.0223 2612 Ql10wnt - ok
14:04:32.0223 2612 ql12160 - ok
14:04:32.0240 2612 ql1240 - ok
14:04:32.0240 2612 ql1280 - ok
14:04:32.0258 2612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:04:32.0258 2612 RasAcd - ok
14:04:32.0294 2612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:04:32.0294 2612 RasAuto - ok
14:04:32.0330 2612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:04:32.0330 2612 Rasl2tp - ok
14:04:32.0401 2612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:04:32.0401 2612 RasMan - ok
14:04:32.0419 2612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:04:32.0419 2612 RasPppoe - ok
14:04:32.0419 2612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:04:32.0419 2612 Raspti - ok
14:04:32.0437 2612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:04:32.0437 2612 Rdbss - ok
14:04:32.0455 2612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:04:32.0455 2612 RDPCDD - ok
14:04:32.0473 2612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:04:32.0473 2612 rdpdr - ok
14:04:32.0527 2612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:04:32.0545 2612 RDPWD - ok
14:04:32.0598 2612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:04:32.0598 2612 RDSessMgr - ok
14:04:32.0616 2612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:04:32.0616 2612 redbook - ok
14:04:32.0670 2612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:04:32.0670 2612 RemoteAccess - ok
14:04:32.0706 2612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:04:32.0723 2612 RemoteRegistry - ok
14:04:32.0723 2612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
14:04:32.0723 2612 RpcLocator - ok
14:04:32.0759 2612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:04:32.0759 2612 RpcSs - ok
14:04:32.0795 2612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:04:32.0795 2612 RSVP - ok
14:04:32.0795 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:04:32.0795 2612 SamSs - ok
14:04:32.0813 2612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:04:32.0813 2612 SCardSvr - ok
14:04:32.0849 2612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:04:32.0849 2612 Schedule - ok
14:04:32.0902 2612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:04:32.0902 2612 Secdrv - ok
14:04:32.0938 2612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:04:32.0938 2612 seclogon - ok
14:04:33.0010 2612 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
14:04:33.0027 2612 senfilt - ok
14:04:33.0027 2612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:04:33.0027 2612 SENS - ok
14:04:33.0045 2612 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:04:33.0045 2612 serenum - ok
14:04:33.0045 2612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:04:33.0045 2612 Serial - ok
14:04:33.0099 2612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:04:33.0099 2612 Sfloppy - ok
14:04:33.0117 2612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:04:33.0117 2612 SharedAccess - ok
14:04:33.0153 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:04:33.0153 2612 ShellHWDetection - ok
14:04:33.0153 2612 Simbad - ok
14:04:33.0224 2612 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:04:33.0224 2612 smwdm - ok
14:04:33.0242 2612 Sparrow - ok
14:04:33.0278 2612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:04:33.0296 2612 splitter - ok
14:04:33.0332 2612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:04:33.0332 2612 Spooler - ok
14:04:33.0332 2612 SQLAgent$RETSDATA - ok
14:04:33.0367 2612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:04:33.0367 2612 sr - ok
14:04:33.0403 2612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:04:33.0403 2612 srservice - ok
14:04:33.0457 2612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:04:33.0457 2612 Srv - ok
14:04:33.0493 2612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:04:33.0493 2612 SSDPSRV - ok
14:04:33.0546 2612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:04:33.0546 2612 stisvc - ok
14:04:33.0600 2612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:04:33.0600 2612 swenum - ok
14:04:33.0618 2612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:04:33.0618 2612 swmidi - ok
14:04:33.0618 2612 SwPrv - ok
14:04:33.0636 2612 symc810 - ok
14:04:33.0636 2612 symc8xx - ok
14:04:33.0707 2612 [ 275263F78EA934B98C16EB5749FF250D ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
14:04:33.0707 2612 SymEvent - ok
14:04:33.0707 2612 sym_hi - ok
14:04:33.0707 2612 sym_u3 - ok
14:04:33.0779 2612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:04:33.0779 2612 sysaudio - ok
14:04:33.0832 2612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:04:33.0850 2612 SysmonLog - ok
14:04:33.0904 2612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:04:33.0904 2612 TapiSrv - ok
14:04:33.0940 2612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:04:33.0940 2612 Tcpip - ok
14:04:33.0976 2612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:04:33.0976 2612 TDPIPE - ok
14:04:34.0011 2612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:04:34.0011 2612 TDTCP - ok
14:04:34.0029 2612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:04:34.0029 2612 TermDD - ok
14:04:34.0101 2612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:04:34.0101 2612 TermService - ok
14:04:34.0119 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:04:34.0137 2612 Themes - ok
14:04:34.0154 2612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:04:34.0154 2612 TlntSvr - ok
14:04:34.0172 2612 TosIde - ok
14:04:34.0208 2612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:04:34.0208 2612 TrkWks - ok
14:04:34.0280 2612 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
14:04:34.0298 2612 TuneUp.Defrag - ok
14:04:34.0333 2612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:04:34.0333 2612 Udfs - ok
14:04:34.0351 2612 ultra - ok
14:04:34.0405 2612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:04:34.0405 2612 Update - ok
14:04:34.0441 2612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:04:34.0441 2612 upnphost - ok
14:04:34.0441 2612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:04:34.0459 2612 UPS - ok
14:04:34.0476 2612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:04:34.0476 2612 usbccgp - ok
14:04:34.0512 2612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:04:34.0512 2612 usbehci - ok
14:04:34.0530 2612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:04:34.0530 2612 usbhub - ok
14:04:34.0584 2612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:04:34.0584 2612 USBSTOR - ok
14:04:34.0602 2612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:04:34.0602 2612 usbuhci - ok
14:04:34.0620 2612 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
14:04:34.0620 2612 UxTuneUp - ok
14:04:34.0637 2612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:04:34.0637 2612 VgaSave - ok
14:04:34.0637 2612 ViaIde - ok
14:04:34.0709 2612 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
14:04:34.0709 2612 Viewpoint Manager Service - ok
14:04:34.0727 2612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:04:34.0727 2612 VolSnap - ok
14:04:34.0763 2612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:04:34.0763 2612 VSS - ok
14:04:34.0798 2612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:04:34.0816 2612 W32Time - ok
14:04:34.0870 2612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:04:34.0870 2612 Wanarp - ok
14:04:34.0870 2612 WDICA - ok
14:04:34.0942 2612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:04:34.0942 2612 wdmaud - ok
14:04:34.0995 2612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:04:34.0995 2612 WebClient - ok
14:04:35.0102 2612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:04:35.0120 2612 winmgmt - ok
14:04:35.0156 2612 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:04:35.0174 2612 WmdmPmSN - ok
14:04:35.0210 2612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:04:35.0228 2612 Wmi - ok
14:04:35.0246 2612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:04:35.0246 2612 WmiApSrv - ok
14:04:35.0299 2612 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:04:35.0299 2612 WS2IFSL - ok
14:04:35.0353 2612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:04:35.0353 2612 wscsvc - ok
14:04:35.0407 2612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:04:35.0407 2612 wuauserv - ok
14:04:35.0478 2612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:04:35.0496 2612 WZCSVC - ok
14:04:35.0532 2612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:04:35.0532 2612 xmlprov - ok
14:04:35.0603 2612 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:04:35.0603 2612 YahooAUService - ok
14:04:35.0621 2612 ================ Scan global ===============================
14:04:35.0657 2612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:04:35.0729 2612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:04:35.0746 2612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:04:35.0746 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:04:35.0746 2612 [Global] - ok
14:04:35.0746 2612 ================ Scan MBR ==================================
14:04:35.0782 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:04:36.0086 2612 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:04:36.0086 2612 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:04:36.0104 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
14:04:40.0254 2612 \Device\Harddisk1\DR5 - ok
14:04:40.0272 2612 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk2\DR7
14:04:40.0719 2612 \Device\Harddisk2\DR7 - ok
14:04:40.0719 2612 ================ Scan VBR ==================================
14:04:40.0719 2612 [ B023875946E8C5567C504FFA9267D1CE ] \Device\Harddisk0\DR0\Partition1
14:04:40.0719 2612 \Device\Harddisk0\DR0\Partition1 - ok
14:04:40.0737 2612 [ 767FD6BC5EBE1340E259549230DB6246 ] \Device\Harddisk1\DR5\Partition1
14:04:40.0737 2612 \Device\Harddisk1\DR5\Partition1 - ok
14:04:40.0737 2612 [ 0404C4E53DFE63FEC8E21A642618A484 ] \Device\Harddisk2\DR7\Partition1
14:04:40.0737 2612 \Device\Harddisk2\DR7\Partition1 - ok
14:04:40.0737 2612 ============================================================
14:04:40.0737 2612 Scan finished
14:04:40.0737 2612 ============================================================
14:04:40.0755 1800 Detected object count: 1
14:04:40.0755 1800 Actual detected object count: 1
14:05:09.0286 1800 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:05:09.0286 1800 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:07:41.0630 2652 Deinitialize success


Malwarebytes is running now could only get this to run via open

#8 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 02:04 PM

Malwarebytes log file

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ldery :: RSD1 [administrator]

10/8/2012 2:09:15 PM
mbam-log-2012-10-08 (14-09-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334944
Time elapsed: 51 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 02:06 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#10 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 03:09 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-08 15:16:40
-----------------------------
15:16:40.896 OS Version: Windows 5.1.2600 Service Pack 3
15:16:40.896 Number of processors: 2 586 0x401
15:16:40.896 ComputerName: RSD1 UserName:
15:16:41.787 Initialize success
15:27:26.323 AVAST engine defs: 12100800
15:34:38.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:34:38.729 Disk 0 Vendor: WDC_WD400JD-75HKA1 14.03G14 Size: 38146MB BusType: 3
15:34:38.744 Disk 0 MBR read successfully
15:34:38.744 Disk 0 MBR scan
15:34:38.807 Disk 0 Windows XP default MBR code
15:34:38.807 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
15:34:38.854 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38107 MB offset 64260
15:34:38.869 Disk 0 scanning sectors +78108030
15:34:38.979 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:02.651 Service scanning
15:35:15.370 Service MpKsld217681f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4F3B227-8A97-444C-8E9B-A617FC2F043A}\MpKsld217681f.sys **LOCKED** 32
15:35:33.090 Modules scanning
15:35:38.371 Disk 0 trace - called modules:
15:35:38.387 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:35:38.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89babab8]
15:35:38.387 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89baeb00]
15:35:38.637 AVAST engine scan C:\WINDOWS
15:35:49.731 AVAST engine scan C:\WINDOWS\system32
15:40:22.274 AVAST engine scan C:\WINDOWS\system32\drivers
15:40:47.489 AVAST engine scan C:\Documents and Settings\ldery
15:45:09.411 AVAST engine scan C:\Documents and Settings\All Users
15:45:46.316 Scan finished successfully


Eset Online Scanner found no threats!

Edited by jeepndiva, 08 October 2012 - 03:53 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 06:08 PM

Explain to me the current issues you have.

#12 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 06:17 PM

Cannot access desktop icons via shortcuts, desktop icons are messed up. When I click on any desktop icon it will not execute.
IE sits at non responding. Basically double clicks on the desktop do not work. If I add a short cut to the desktop like Google Chrome double click do not execute it, you have to right click and then open for Chrome to work. When I added the new shortcut to the desktop it was not the correct icon also. The virus added Weatherbug and PC Pro, the PC Pro seems to be gone but not the Weatherbug, I have tried to uninstalled (via control panel) it but it's not removing itself. It says windows installer service could not be accessed. This can occur if running Windows in safe mode, or if the Windows Installer is not correctly installed.

Edited by jeepndiva, 08 October 2012 - 06:43 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 06:44 PM

When did this issue start? Do you have previous restore points?

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Let me know how it goes

Edited by narenxp, 08 October 2012 - 06:55 PM.


#14 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 08 October 2012 - 06:46 PM

Cannot access restore points either.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 08 October 2012 - 06:55 PM

Follow next instructions




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users