Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search results problem and script error


  • Please log in to reply
10 replies to this topic

#1 abc12345xyz

abc12345xyz

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 13 October 2012 - 08:12 PM

Hi, I have a windows XP and use Firefox (ver 16.0.1). I am facing 2 problems on my Toshiba laptop. Whenever I search something on yahoo/google website, and open the searched result in new tab, it always go to different website instead of opening actual searched website. I have to click again on the searched result then only it open the correct website. So, this is my first problem, that on the first click it always open another website, instead of correct one. Second problem is that most of the time I get "Warning: Unresponsive script" prompt that says "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete." Why I get this error?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 AM

Posted 13 October 2012 - 08:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 15 October 2012 - 06:23 PM

Sorry for late reply, I was really busy and having hard time with my laptop. Also thanks a lot for helping me. Below are the requested logs:

TDSSkiller Log
13:49:09.0515 3600 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:49:10.0218 3600 ============================================================
13:49:10.0218 3600 Current date / time: 2012/10/15 13:49:10.0218
13:49:10.0218 3600 SystemInfo:
13:49:10.0218 3600
13:49:10.0218 3600 OS Version: 5.1.2600 ServicePack: 3.0
13:49:10.0218 3600 Product type: Workstation
13:49:10.0218 3600 ComputerName: TEST
13:49:10.0218 3600 UserName: mycomp
13:49:10.0218 3600 Windows directory: C:\WINDOWS
13:49:10.0218 3600 System windows directory: C:\WINDOWS
13:49:10.0218 3600 Processor architecture: Intel x86
13:49:10.0218 3600 Number of processors: 1
13:49:10.0218 3600 Page size: 0x1000
13:49:10.0218 3600 Boot type: Normal boot
13:49:10.0218 3600 ============================================================
13:49:12.0906 3600 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:49:12.0937 3600 ============================================================
13:49:12.0937 3600 \Device\Harddisk0\DR0:
13:49:12.0937 3600 MBR partitions:
13:49:12.0937 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9EAE68
13:49:12.0937 3600 ============================================================
13:49:12.0984 3600 C: <-> \Device\Harddisk0\DR0\Partition1
13:49:12.0984 3600 ============================================================
13:49:12.0984 3600 Initialize success
13:49:12.0984 3600 ============================================================
13:49:19.0890 3844 ============================================================
13:49:19.0890 3844 Scan started
13:49:19.0890 3844 Mode: Manual; TDLFS;
13:49:19.0890 3844 ============================================================
13:49:20.0953 3844 ================ Scan system memory ========================
13:49:20.0953 3844 System memory - ok
13:49:20.0953 3844 ================ Scan services =============================
13:49:21.0078 3844 Abiosdsk - ok
13:49:21.0093 3844 abp480n5 - ok
13:49:21.0156 3844 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:49:21.0187 3844 ACPI - ok
13:49:21.0203 3844 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:49:21.0218 3844 ACPIEC - ok
13:49:21.0234 3844 adpu160m - ok
13:49:21.0265 3844 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:49:21.0281 3844 aec - ok
13:49:21.0359 3844 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:49:21.0375 3844 AFD - ok
13:49:21.0500 3844 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:49:21.0546 3844 AgereSoftModem - ok
13:49:21.0562 3844 Aha154x - ok
13:49:21.0578 3844 aic78u2 - ok
13:49:21.0593 3844 aic78xx - ok
13:49:21.0781 3844 [ 35045A23957A71BA649740741E69408C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:49:21.0875 3844 ALCXWDM - ok
13:49:21.0906 3844 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:49:21.0921 3844 Alerter - ok
13:49:21.0953 3844 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:49:21.0984 3844 ALG - ok
13:49:22.0000 3844 AliIde - ok
13:49:22.0000 3844 amsint - ok
13:49:22.0062 3844 [ 87EC3FDCAF6C5052E2E72B861DEDD3D3 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
13:49:22.0078 3844 ApfiltrService - ok
13:49:22.0156 3844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:49:22.0187 3844 Apple Mobile Device - ok
13:49:22.0187 3844 AppMgmt - ok
13:49:22.0250 3844 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:49:22.0265 3844 Arp1394 - ok
13:49:22.0281 3844 asc - ok
13:49:22.0281 3844 asc3350p - ok
13:49:22.0296 3844 asc3550 - ok
13:49:22.0406 3844 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
13:49:22.0421 3844 aspnet_state - ok
13:49:22.0453 3844 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:49:22.0468 3844 AsyncMac - ok
13:49:22.0500 3844 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:49:22.0500 3844 atapi - ok
13:49:22.0562 3844 Atdisk - ok
13:49:22.0625 3844 [ 850F2A7318A82688110B6D167FC071B2 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:49:22.0671 3844 Ati HotKey Poller - ok
13:49:22.0765 3844 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:49:22.0843 3844 ati2mtag - ok
13:49:22.0906 3844 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:49:22.0937 3844 Atmarpc - ok
13:49:22.0968 3844 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:49:22.0984 3844 AudioSrv - ok
13:49:23.0046 3844 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:49:23.0046 3844 audstub - ok
13:49:23.0203 3844 [ E1DAE1CFF5FE2AE95DD1C7489D26D88D ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
13:49:23.0250 3844 Automatic LiveUpdate Scheduler - ok
13:49:23.0296 3844 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:49:23.0312 3844 Beep - ok
13:49:23.0390 3844 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:49:23.0437 3844 BITS - ok
13:49:23.0500 3844 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
13:49:23.0515 3844 Browser - ok
13:49:23.0640 3844 catchme - ok
13:49:23.0687 3844 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:49:23.0703 3844 cbidf2k - ok
13:49:23.0750 3844 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:49:23.0765 3844 CCDECODE - ok
13:49:23.0828 3844 [ CF1A0433BB97C839484DD359691DD521 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:49:23.0843 3844 ccEvtMgr - ok
13:49:23.0906 3844 [ F6394A17866C8E553874DE5EFF3F3679 ] ccPwdSvc C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
13:49:23.0953 3844 ccPwdSvc - ok
13:49:23.0984 3844 [ 76C495A19F694E18BCE9713B3587948E ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:49:24.0000 3844 ccSetMgr - ok
13:49:24.0000 3844 cd20xrnt - ok
13:49:24.0062 3844 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:49:24.0078 3844 Cdaudio - ok
13:49:24.0140 3844 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:49:24.0156 3844 Cdfs - ok
13:49:24.0171 3844 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:49:24.0187 3844 Cdrom - ok
13:49:24.0296 3844 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
13:49:24.0328 3844 CFSvcs - ok
13:49:24.0343 3844 Changer - ok
13:49:24.0406 3844 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:49:24.0406 3844 CiSvc - ok
13:49:24.0421 3844 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:49:24.0453 3844 ClipSrv - ok
13:49:24.0500 3844 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:49:24.0515 3844 CmBatt - ok
13:49:24.0531 3844 CmdIde - ok
13:49:24.0546 3844 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:49:24.0562 3844 Compbatt - ok
13:49:24.0578 3844 COMSysApp - ok
13:49:24.0593 3844 Cpqarray - ok
13:49:24.0656 3844 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:49:24.0671 3844 CryptSvc - ok
13:49:24.0687 3844 dac2w2k - ok
13:49:24.0703 3844 dac960nt - ok
13:49:24.0781 3844 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:49:24.0796 3844 DcomLaunch - ok
13:49:24.0875 3844 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:49:24.0890 3844 Dhcp - ok
13:49:24.0906 3844 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:49:24.0921 3844 Disk - ok
13:49:24.0937 3844 dmadmin - ok
13:49:25.0031 3844 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:49:25.0078 3844 dmboot - ok
13:49:25.0140 3844 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:49:25.0187 3844 dmio - ok
13:49:25.0234 3844 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:49:25.0250 3844 dmload - ok
13:49:25.0281 3844 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:49:25.0296 3844 dmserver - ok
13:49:25.0328 3844 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:49:25.0343 3844 DMusic - ok
13:49:25.0359 3844 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:49:25.0375 3844 Dnscache - ok
13:49:25.0484 3844 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:49:25.0515 3844 Dot3svc - ok
13:49:25.0531 3844 dpti2o - ok
13:49:25.0546 3844 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:49:25.0562 3844 drmkaud - ok
13:49:25.0609 3844 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
13:49:25.0656 3844 drvmcdb - ok
13:49:25.0687 3844 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
13:49:25.0703 3844 drvnddm - ok
13:49:25.0750 3844 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
13:49:25.0781 3844 DVD-RAM_Service - ok
13:49:25.0843 3844 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:49:25.0875 3844 EapHost - ok
13:49:25.0921 3844 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:49:25.0937 3844 ERSvc - ok
13:49:25.0968 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
13:49:26.0000 3844 Eventlog - ok
13:49:26.0062 3844 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:49:26.0156 3844 EventSystem - ok
13:49:26.0203 3844 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:49:26.0218 3844 Fastfat - ok
13:49:26.0359 3844 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:49:26.0500 3844 FastUserSwitchingCompatibility - ok
13:49:26.0515 3844 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:49:26.0578 3844 Fdc - ok
13:49:26.0687 3844 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:49:26.0750 3844 Fips - ok
13:49:26.0781 3844 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:49:26.0812 3844 Flpydisk - ok
13:49:26.0937 3844 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:49:27.0015 3844 FltMgr - ok
13:49:27.0109 3844 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:49:27.0187 3844 Fs_Rec - ok
13:49:27.0250 3844 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:49:27.0390 3844 Ftdisk - ok
13:49:27.0437 3844 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:49:27.0468 3844 GEARAspiWDM - ok
13:49:27.0515 3844 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:49:27.0531 3844 Gpc - ok
13:49:27.0640 3844 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:49:27.0671 3844 helpsvc - ok
13:49:27.0687 3844 HidServ - ok
13:49:27.0765 3844 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:49:27.0765 3844 HidUsb - ok
13:49:27.0843 3844 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:49:27.0875 3844 hkmsvc - ok
13:49:27.0890 3844 hpn - ok
13:49:27.0968 3844 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:49:28.0062 3844 HPZid412 - ok
13:49:28.0125 3844 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:49:28.0171 3844 HPZipr12 - ok
13:49:28.0218 3844 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:49:28.0265 3844 HPZius12 - ok
13:49:28.0343 3844 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:49:28.0500 3844 HTTP - ok
13:49:28.0578 3844 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:49:28.0625 3844 HTTPFilter - ok
13:49:28.0671 3844 [ 008ADA74E3028FCED5145F4F74230D4B ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:49:28.0734 3844 hwdatacard - ok
13:49:28.0765 3844 i2omgmt - ok
13:49:28.0781 3844 i2omp - ok
13:49:28.0875 3844 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:49:28.0921 3844 i8042prt - ok
13:49:29.0125 3844 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:49:29.0187 3844 ialm - ok
13:49:29.0218 3844 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:49:29.0296 3844 Imapi - ok
13:49:29.0359 3844 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:49:29.0406 3844 ImapiService - ok
13:49:29.0421 3844 ini910u - ok
13:49:29.0562 3844 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:49:29.0593 3844 IntelIde - ok
13:49:29.0625 3844 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:49:29.0640 3844 intelppm - ok
13:49:29.0671 3844 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:49:29.0718 3844 Ip6Fw - ok
13:49:29.0796 3844 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:49:29.0859 3844 IpFilterDriver - ok
13:49:29.0953 3844 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:49:29.0984 3844 IpInIp - ok
13:49:30.0000 3844 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:49:30.0062 3844 IpNat - ok
13:49:30.0234 3844 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:49:30.0437 3844 iPod Service - ok
13:49:30.0468 3844 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:49:30.0546 3844 IPSec - ok
13:49:30.0578 3844 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:49:30.0593 3844 IRENUM - ok
13:49:30.0625 3844 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:49:30.0656 3844 isapnp - ok
13:49:30.0718 3844 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
13:49:30.0734 3844 Iviaspi - ok
13:49:30.0937 3844 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:49:31.0093 3844 JavaQuickStarterService - ok
13:49:31.0140 3844 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:49:31.0187 3844 Kbdclass - ok
13:49:31.0281 3844 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:49:31.0343 3844 kmixer - ok
13:49:31.0390 3844 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:49:31.0421 3844 KSecDD - ok
13:49:31.0468 3844 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:49:31.0484 3844 lanmanserver - ok
13:49:31.0515 3844 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:49:31.0625 3844 lanmanworkstation - ok
13:49:31.0625 3844 lbrtfdc - ok
13:49:31.0968 3844 [ 2EE3508E453CC0B1BEE47B3514EBB97A ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:49:34.0234 3844 LiveUpdate - ok
13:49:34.0312 3844 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:49:34.0343 3844 LmHosts - ok
13:49:34.0781 3844 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:49:34.0968 3844 MDM - ok
13:49:35.0015 3844 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
13:49:35.0078 3844 meiudf - ok
13:49:35.0140 3844 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:49:35.0187 3844 Messenger - ok
13:49:35.0250 3844 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:49:35.0250 3844 mnmdd - ok
13:49:35.0390 3844 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:49:35.0437 3844 mnmsrvc - ok
13:49:35.0484 3844 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:49:35.0531 3844 Modem - ok
13:49:35.0609 3844 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:49:35.0656 3844 Mouclass - ok
13:49:35.0703 3844 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:49:35.0750 3844 mouhid - ok
13:49:35.0765 3844 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:49:35.0796 3844 MountMgr - ok
13:49:35.0890 3844 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:49:36.0015 3844 MozillaMaintenance - ok
13:49:36.0015 3844 mraid35x - ok
13:49:36.0093 3844 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:49:36.0125 3844 MRxDAV - ok
13:49:36.0203 3844 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:49:36.0328 3844 MRxSmb - ok
13:49:36.0375 3844 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:49:36.0390 3844 MSDTC - ok
13:49:36.0453 3844 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:49:36.0500 3844 Msfs - ok
13:49:36.0500 3844 MSIServer - ok
13:49:36.0531 3844 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:49:36.0546 3844 MSKSSRV - ok
13:49:36.0593 3844 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:49:36.0640 3844 MSPCLOCK - ok
13:49:36.0656 3844 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:49:36.0671 3844 MSPQM - ok
13:49:36.0750 3844 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:49:36.0781 3844 mssmbios - ok
13:49:36.0859 3844 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:49:36.0859 3844 MSTEE - ok
13:49:36.0921 3844 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:49:37.0000 3844 Mup - ok
13:49:37.0046 3844 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:49:37.0156 3844 NABTSFEC - ok
13:49:37.0218 3844 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:49:37.0312 3844 napagent - ok
13:49:37.0421 3844 [ 8FC8458BCB585617AAC9E17A558D9155 ] navapsvc C:\Program Files\Norton AntiVirus\navapsvc.exe
13:49:37.0453 3844 navapsvc - ok
13:49:37.0609 3844 [ C34E2A884CCCA8B5567D0C2752527073 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\NAVENG.Sys
13:49:37.0609 3844 NAVENG - ok
13:49:37.0812 3844 [ B3916EEEC738DD4178F4FD6A44A32E36 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\NavEx15.Sys
13:49:37.0921 3844 NAVEX15 - ok
13:49:38.0000 3844 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:49:38.0140 3844 NDIS - ok
13:49:38.0187 3844 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:49:38.0203 3844 NdisIP - ok
13:49:38.0234 3844 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:49:38.0281 3844 NdisTapi - ok
13:49:38.0312 3844 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:49:38.0375 3844 Ndisuio - ok
13:49:38.0406 3844 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:49:38.0515 3844 NdisWan - ok
13:49:38.0531 3844 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:49:38.0578 3844 NDProxy - ok
13:49:38.0593 3844 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:49:38.0625 3844 NetBIOS - ok
13:49:38.0703 3844 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:49:38.0937 3844 NetBT - ok
13:49:39.0062 3844 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:49:39.0250 3844 NetDDE - ok
13:49:39.0265 3844 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:49:39.0265 3844 NetDDEdsdm - ok
13:49:39.0328 3844 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
13:49:39.0375 3844 Netdevio - ok
13:49:39.0437 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:49:39.0484 3844 Netlogon - ok
13:49:39.0546 3844 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:49:39.0765 3844 Netman - ok
13:49:39.0859 3844 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:49:39.0937 3844 NIC1394 - ok
13:49:40.0015 3844 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
13:49:40.0062 3844 Nla - ok
13:49:40.0234 3844 [ 96DB6F2D69F787C61A46CC86D6CFE69F ] NPFMntor C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
13:49:40.0484 3844 NPFMntor - ok
13:49:40.0515 3844 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:49:40.0625 3844 Npfs - ok
13:49:40.0812 3844 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:49:41.0234 3844 Ntfs - ok
13:49:41.0265 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:49:41.0265 3844 NtLmSsp - ok
13:49:41.0343 3844 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:49:41.0437 3844 NtmsSvc - ok
13:49:41.0500 3844 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:49:41.0515 3844 Null - ok
13:49:41.0593 3844 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:49:41.0609 3844 NwlnkFlt - ok
13:49:41.0625 3844 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:49:41.0656 3844 NwlnkFwd - ok
13:49:41.0734 3844 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:49:41.0953 3844 ohci1394 - ok
13:49:42.0296 3844 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:49:42.0484 3844 ose - ok
13:49:42.0531 3844 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:49:42.0765 3844 Parport - ok
13:49:42.0859 3844 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:49:43.0046 3844 PartMgr - ok
13:49:43.0156 3844 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:49:43.0218 3844 ParVdm - ok
13:49:43.0250 3844 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:49:43.0359 3844 PCI - ok
13:49:43.0375 3844 PCIDump - ok
13:49:43.0421 3844 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
13:49:43.0515 3844 PCIIde - ok
13:49:43.0562 3844 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:49:44.0031 3844 Pcmcia - ok
13:49:44.0046 3844 PDCOMP - ok
13:49:44.0046 3844 PDFRAME - ok
13:49:44.0062 3844 PDRELI - ok
13:49:44.0078 3844 PDRFRAME - ok
13:49:44.0078 3844 perc2 - ok
13:49:44.0093 3844 perc2hib - ok
13:49:44.0109 3844 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
13:49:44.0125 3844 Pfc - ok
13:49:44.0140 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
13:49:44.0140 3844 PlugPlay - ok
13:49:44.0203 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:49:44.0203 3844 PolicyAgent - ok
13:49:44.0250 3844 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:49:44.0312 3844 PptpMiniport - ok
13:49:44.0343 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:49:44.0343 3844 ProtectedStorage - ok
13:49:44.0406 3844 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:49:44.0765 3844 PSched - ok
13:49:44.0812 3844 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:49:45.0000 3844 Ptilink - ok
13:49:45.0062 3844 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:49:45.0171 3844 PxHelp20 - ok
13:49:45.0171 3844 ql1080 - ok
13:49:45.0187 3844 Ql10wnt - ok
13:49:45.0187 3844 ql12160 - ok
13:49:45.0203 3844 ql1240 - ok
13:49:45.0203 3844 ql1280 - ok
13:49:45.0250 3844 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:49:45.0265 3844 RasAcd - ok
13:49:45.0343 3844 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:49:45.0390 3844 RasAuto - ok
13:49:45.0421 3844 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:49:45.0437 3844 Rasl2tp - ok
13:49:45.0500 3844 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:49:45.0531 3844 RasMan - ok
13:49:45.0531 3844 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:49:45.0546 3844 RasPppoe - ok
13:49:45.0578 3844 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:49:45.0593 3844 Raspti - ok
13:49:45.0625 3844 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:49:45.0640 3844 Rdbss - ok
13:49:45.0687 3844 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:49:45.0703 3844 RDPCDD - ok
13:49:45.0796 3844 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:49:45.0828 3844 RDPWD - ok
13:49:45.0875 3844 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:49:45.0906 3844 RDSessMgr - ok
13:49:45.0937 3844 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:49:45.0953 3844 redbook - ok
13:49:46.0000 3844 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:49:46.0015 3844 RemoteAccess - ok
13:49:46.0031 3844 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:49:46.0062 3844 RpcLocator - ok
13:49:46.0109 3844 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:49:46.0109 3844 RpcSs - ok
13:49:46.0140 3844 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:49:46.0203 3844 RSVP - ok
13:49:46.0250 3844 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
13:49:46.0281 3844 RTL8023xp - ok
13:49:46.0312 3844 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:49:46.0328 3844 rtl8139 - ok
13:49:46.0359 3844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:49:46.0359 3844 SamSs - ok
13:49:46.0437 3844 [ 3D2EB85B0A130CBA0CD08BCDD2B2E485 ] SAVRT C:\Program Files\Norton AntiVirus\SAVRT.SYS
13:49:46.0484 3844 SAVRT - ok
13:49:46.0515 3844 [ A5D09F85B8717BBF67520B1CC71D641F ] SAVRTPEL C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
13:49:46.0531 3844 SAVRTPEL - ok
13:49:46.0562 3844 [ 63EE66B5229A14809E5D89A9275325AD ] SAVScan C:\Program Files\Norton AntiVirus\SAVScan.exe
13:49:46.0562 3844 SAVScan - ok
13:49:46.0625 3844 [ 2B4730E2E359FA0CDA5B1B1D362380EC ] SBService C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
13:49:46.0656 3844 SBService - ok
13:49:46.0734 3844 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:49:46.0765 3844 SCardSvr - ok
13:49:46.0859 3844 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:49:46.0890 3844 Schedule - ok
13:49:46.0937 3844 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:49:47.0062 3844 sdbus - ok
13:49:47.0156 3844 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:49:47.0250 3844 Secdrv - ok
13:49:47.0296 3844 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:49:47.0312 3844 seclogon - ok
13:49:47.0468 3844 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:49:47.0484 3844 SENS - ok
13:49:47.0531 3844 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:49:47.0593 3844 Serial - ok
13:49:47.0625 3844 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:49:47.0656 3844 sffdisk - ok
13:49:48.0000 3844 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:49:48.0031 3844 sffp_sd - ok
13:49:48.0062 3844 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:49:48.0109 3844 Sfloppy - ok
13:49:56.0484 3844 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:49:57.0656 3844 SharedAccess - ok
13:50:00.0906 3844 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:50:00.0921 3844 ShellHWDetection - ok
13:50:00.0921 3844 Simbad - ok
13:50:06.0125 3844 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:50:06.0656 3844 SLIP - ok
13:50:06.0906 3844 [ 5815052B868B96CAE6CE3D4C53E971EB ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
13:50:07.0750 3844 SNDSrvc - ok
13:50:08.0609 3844 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:50:08.0703 3844 SONYPVU1 - ok
13:50:08.0718 3844 Sparrow - ok
13:50:09.0343 3844 [ 924E82D6DEC26F82036E69B8D3F04216 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:50:09.0703 3844 SPBBCDrv - ok
13:50:09.0781 3844 [ 08FA56B7C13B4CBF0E5D351AECAD92B1 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
13:50:10.0265 3844 SPBBCSvc - ok
13:50:10.0421 3844 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:50:10.0484 3844 splitter - ok
13:50:10.0625 3844 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:50:11.0000 3844 Spooler - ok
13:50:14.0703 3844 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:50:15.0203 3844 sr - ok
13:50:15.0484 3844 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:50:16.0187 3844 srservice - ok
13:50:16.0406 3844 [ 4F8A43ADEF66F135564085A9DCA96A26 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:50:16.0750 3844 Srv - ok
13:50:16.0812 3844 [ 79B7AF340D55861DF1D69E7BAC975FCC ] SrvcSSIOMngr C:\WINDOWS\system32\Drivers\SSIoMngr.sys
13:50:16.0843 3844 SrvcSSIOMngr - ok
13:50:18.0421 3844 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:50:18.0453 3844 sscdbhk5 - ok
13:50:18.0593 3844 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:50:18.0968 3844 SSDPSRV - ok
13:50:19.0437 3844 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
13:50:19.0562 3844 ssrtln - ok
13:50:19.0984 3844 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:50:20.0953 3844 stisvc - ok
13:50:21.0015 3844 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:50:21.0109 3844 streamip - ok
13:50:21.0500 3844 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:50:21.0562 3844 swenum - ok
13:50:21.0609 3844 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:50:21.0703 3844 swmidi - ok
13:50:21.0718 3844 SwPrv - ok
13:50:21.0718 3844 symc810 - ok
13:50:21.0734 3844 symc8xx - ok
13:50:21.0843 3844 [ EE912E097AEECE377574A6237AEE8BF0 ] SYMDNS C:\WINDOWS\System32\Drivers\SYMDNS.SYS
13:50:21.0968 3844 SYMDNS - ok
13:50:22.0015 3844 [ C9B8F325B2A22CDA1BDA7B25181B1389 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
13:50:22.0281 3844 SymEvent - ok
13:50:22.0375 3844 [ C8054D5C05251B0878817E72E0A410F9 ] SYMFW C:\WINDOWS\System32\Drivers\SYMFW.SYS
13:50:22.0468 3844 SYMFW - ok
13:50:22.0546 3844 [ E6104E41EA83BAE13F305441B171162D ] SYMIDS C:\WINDOWS\System32\Drivers\SYMIDS.SYS
13:50:22.0671 3844 SYMIDS - ok
13:50:22.0937 3844 [ 2133D1F879B280121B0E6A7D34B24A02 ] SYMIDSCO C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20120315.001\symidsco.sys
13:50:23.0218 3844 SYMIDSCO - ok
13:50:23.0296 3844 [ 9E46285FDFA4CF9C2DB45DA570796B55 ] SYMNDIS C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
13:50:23.0406 3844 SYMNDIS - ok
13:50:23.0453 3844 [ ED5F0C723C496D7FE3A5008377BE41A9 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:50:23.0640 3844 SYMREDRV - ok
13:50:23.0781 3844 [ 6557F9879548F1D7A9A059E037820408 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:50:24.0062 3844 SYMTDI - ok
13:50:24.0078 3844 sym_hi - ok
13:50:24.0078 3844 sym_u3 - ok
13:50:24.0156 3844 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:50:24.0281 3844 sysaudio - ok
13:50:24.0359 3844 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:50:24.0515 3844 SysmonLog - ok
13:50:24.0625 3844 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
13:50:24.0734 3844 taphss - ok
13:50:24.0812 3844 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:50:25.0046 3844 TapiSrv - ok
13:50:25.0125 3844 [ 1F26D86828039C0B594399F7F2FFEF09 ] TBiosDrv C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
13:50:25.0171 3844 TBiosDrv - ok
13:50:25.0250 3844 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:50:25.0546 3844 Tcpip - ok
13:50:25.0609 3844 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:50:25.0656 3844 TDPIPE - ok
13:50:25.0703 3844 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:50:25.0765 3844 TDTCP - ok
13:50:25.0796 3844 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:50:25.0843 3844 TermDD - ok
13:50:25.0937 3844 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:50:26.0140 3844 TermService - ok
13:50:26.0234 3844 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
13:50:26.0265 3844 tfsnboio - ok
13:50:26.0312 3844 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
13:50:26.0359 3844 tfsncofs - ok
13:50:26.0390 3844 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
13:50:26.0406 3844 tfsndrct - ok
13:50:26.0468 3844 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
13:50:26.0468 3844 tfsndres - ok
13:50:26.0500 3844 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
13:50:26.0546 3844 tfsnifs - ok
13:50:26.0578 3844 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
13:50:26.0593 3844 tfsnopio - ok
13:50:26.0625 3844 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
13:50:26.0640 3844 tfsnpool - ok
13:50:26.0671 3844 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
13:50:26.0812 3844 tfsnudf - ok
13:50:26.0843 3844 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
13:50:26.0968 3844 tfsnudfa - ok
13:50:27.0046 3844 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:50:27.0046 3844 Themes - ok
13:50:27.0156 3844 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
13:50:27.0312 3844 tifm21 - ok
13:50:27.0328 3844 TosIde - ok
13:50:27.0390 3844 [ F163E994D26C2B17FEE748FA84FBDBA5 ] TPwSav C:\WINDOWS\system32\Drivers\TPwSav.sys
13:50:27.0437 3844 TPwSav - ok
13:50:27.0500 3844 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:50:27.0578 3844 TrkWks - ok
13:50:27.0656 3844 [ 925B851B10EEFECE7ED6B9A1C8873135 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
13:50:27.0734 3844 Tvs - ok
13:50:27.0828 3844 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:50:28.0031 3844 Udfs - ok
13:50:28.0078 3844 ultra - ok
13:50:28.0140 3844 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
13:50:28.0234 3844 UMWdf - ok
13:50:28.0359 3844 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:50:28.0625 3844 Update - ok
13:50:28.0796 3844 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:50:28.0953 3844 upnphost - ok
13:50:29.0000 3844 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:50:29.0031 3844 UPS - ok
13:50:29.0125 3844 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:50:29.0171 3844 usbccgp - ok
13:50:29.0218 3844 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:50:29.0265 3844 usbehci - ok
13:50:29.0359 3844 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:50:29.0531 3844 usbhub - ok
13:50:29.0562 3844 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:50:29.0671 3844 usbprint - ok
13:50:29.0718 3844 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:50:29.0796 3844 usbscan - ok
13:50:29.0875 3844 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:50:29.0937 3844 USBSTOR - ok
13:50:29.0968 3844 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:50:30.0140 3844 usbuhci - ok
13:50:30.0187 3844 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:50:30.0250 3844 VgaSave - ok
13:50:30.0250 3844 ViaIde - ok
13:50:30.0453 3844 [ 233509E1AD024A3E451D8DF6795EEED5 ] vmfilter303 C:\WINDOWS\system32\drivers\vmfilter303.sys
13:50:30.0843 3844 vmfilter303 - ok
13:50:30.0890 3844 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:50:31.0031 3844 VolSnap - ok
13:50:31.0296 3844 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:50:31.0765 3844 VSS - ok
13:50:33.0796 3844 [ 67CAA926EF06E07F2D31056B39F51C54 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
13:50:38.0484 3844 w29n51 - ok
13:50:38.0656 3844 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:50:39.0578 3844 W32Time - ok
13:50:39.0640 3844 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:50:39.0875 3844 Wanarp - ok
13:50:39.0890 3844 WDICA - ok
13:50:39.0968 3844 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:50:40.0828 3844 wdmaud - ok
13:50:40.0968 3844 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:50:41.0562 3844 WebClient - ok
13:50:42.0031 3844 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:50:42.0093 3844 winmgmt - ok
13:50:42.0187 3844 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:50:42.0390 3844 WmdmPmSN - ok
13:50:42.0703 3844 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:50:43.0390 3844 WmiApSrv - ok
13:50:45.0578 3844 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
13:50:45.0953 3844 WpdUsb - ok
13:50:47.0812 3844 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:50:48.0781 3844 wscsvc - ok
13:50:49.0406 3844 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:50:49.0687 3844 WSTCODEC - ok
13:51:04.0421 3844 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:51:04.0609 3844 wuauserv - ok
13:51:22.0453 3844 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:51:25.0453 3844 WZCSVC - ok
13:51:28.0531 3844 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:51:30.0453 3844 xmlprov - ok
13:51:36.0281 3844 [ 3DE80BAA4AF21883CF938197D508B848 ] ZSMC303 C:\WINDOWS\system32\Drivers\usbVM303.sys
13:51:39.0203 3844 ZSMC303 - ok
13:51:39.0218 3844 ================ Scan global ===============================
13:51:43.0453 3844 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:51:48.0578 3844 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
13:51:54.0375 3844 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
13:51:54.0718 3844 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
13:51:56.0531 3844 [Global] - ok
13:51:56.0531 3844 ================ Scan MBR ==================================
13:51:58.0156 3844 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
13:53:49.0609 3844 \Device\Harddisk0\DR0 - ok
13:53:49.0625 3844 ================ Scan VBR ==================================
13:53:49.0640 3844 [ 08914390813B4FB1D48FDAE6C0633812 ] \Device\Harddisk0\DR0\Partition1
13:53:49.0703 3844 \Device\Harddisk0\DR0\Partition1 - ok
13:53:49.0750 3844 ============================================================
13:53:49.0750 3844 Scan finished
13:53:49.0750 3844 ============================================================
13:53:50.0953 3836 Detected object count: 0
13:53:50.0953 3836 Actual detected object count: 0
13:55:05.0359 3544 Deinitialize success


aswMBR Log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 13:56:20
-----------------------------
13:56:20.546 OS Version: Windows 5.1.2600 Service Pack 3
13:56:20.546 Number of processors: 1 586 0xD08
13:56:20.546 ComputerName: TEST UserName:
13:56:22.343 Initialize success
14:02:50.718 AVAST engine defs: 12101500
14:07:32.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:07:32.468 Disk 0 Vendor: TOSHIBA_MK1032GSX AS021G Size: 95396MB BusType: 3
14:07:32.468 Disk 0 MBR read successfully
14:07:32.468 Disk 0 MBR scan
14:07:33.671 Disk 0 unknown MBR code
14:07:33.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95189 MB offset 63
14:07:34.906 Disk 0 Partition 2 00 88 Linux plaintext A Kárň'ó 203 MB offset 194948775
14:07:35.843 Disk 0 scanning sectors +195366465
14:07:36.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:13:00.656 Service scanning
14:21:59.828 Modules scanning
14:23:58.781 Disk 0 trace - called modules:
14:23:58.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:23:59.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcb030]
14:23:59.156 3 CLASSPNP.SYS[f8623fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82fcd880]
14:24:12.218 AVAST engine scan C:\WINDOWS
14:28:28.531 AVAST engine scan C:\WINDOWS\system32
14:34:19.218 AVAST engine scan C:\WINDOWS\system32\drivers
14:34:52.312 AVAST engine scan C:\Documents and Settings\mycomp
14:41:14.484 AVAST engine scan C:\Documents and Settings\All Users
14:42:00.531 Scan finished successfully
14:42:29.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mycomp\Desktop\MBR.dat"
14:42:29.921 The log file has been saved successfully to "C:\Documents and Settings\mycomp\Desktop\aswMBR.txt"


ESET online scanner Log
Didn't find LIST of found threats option.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 AM

Posted 15 October 2012 - 09:49 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 17 October 2012 - 08:57 PM

Question
Has my computer ever hacked at any point? Anyway to find out if it was hacked previously?


Malwarebytes Log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.17.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mycomp :: TEST [administrator]

10/17/2012 8:00:59 PM
mbam-log-2012-10-17 (20-00-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273587
Time elapsed: 1 hour(s), 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


mini toolbox Log
MiniToolBox by Farbar Version: 23-07-2012
Ran by mycomp (administrator) on 17-10-2012 at 21:05:28
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 jL.chura.pl

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Disconnected)
Intel® PRO/Wireless 2915ABG Network Connection = Wireless Network Connection (Disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/14/2012 02:07:18 PM) (Source: Application Hang) (User: )
Description: Hanging application wsInspector.exe, version 2.0.11.51, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/09/2012 09:41:21 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 16.0.0.4661, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/09/2012 09:41:20 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 16.0.0.4661, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/09/2012 09:38:38 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1103623453.

Error: (10/09/2012 09:37:40 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 16.0.0.4661, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8501281

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8501281

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2012 00:35:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8499265

Error: (10/09/2012 00:35:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8499265


System errors:
=============
Error: (10/17/2012 04:05:00 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0013CE8A45A4. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (10/17/2012 00:21:37 PM) (Source: PlugPlayManager) (User: )
Description: The device 'MATbleepA DVD-RAM UJ-841S' (IDE\CdRomMATbleepA_DVD-RAM_UJ-841S________________1.50____\5&2241209e&0&0.0.0) disappeared from the system without first being prepared for removal.

Error: (10/17/2012 00:21:35 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/17/2012 02:58:37 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/16/2012 09:57:51 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/16/2012 08:13:44 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/16/2012 00:49:26 PM) (Source: PlugPlayManager) (User: )
Description: The device 'MATbleepA DVD-RAM UJ-841S' (IDE\CdRomMATbleepA_DVD-RAM_UJ-841S________________1.50____\5&2241209e&0&0.0.0) disappeared from the system without first being prepared for removal.

Error: (10/16/2012 00:49:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/16/2012 00:49:20 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/16/2012 00:49:15 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (10/14/2012 02:07:18 PM) (Source: Application Hang)(User: )
Description: wsInspector.exe2.0.11.51hungapp0.0.0.000000000

Error: (10/09/2012 09:41:21 PM) (Source: Application Hang)(User: )
Description: firefox.exe16.0.0.4661hungapp0.0.0.000000000

Error: (10/09/2012 09:41:20 PM) (Source: Application Hang)(User: )
Description: firefox.exe16.0.0.4661hungapp0.0.0.000000000

Error: (10/09/2012 09:38:38 PM) (Source: Application Hang)(User: )
Description: -1103623453

Error: (10/09/2012 09:37:40 PM) (Source: Application Hang)(User: )
Description: firefox.exe16.0.0.4661hungapp0.0.0.000000000

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8501281

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8501281

Error: (10/09/2012 00:35:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2012 00:35:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8499265

Error: (10/09/2012 00:35:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8499265


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader Extended Language Support Font Pack (Version: 10.0.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Athan Basic 4.2
AutoUpdate (Version: 1.1)
ccCommon (Version: 103.0.1.26)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
DivX (Version: 6.1)
DivX Player (Version: 6.0)
DVD-RAM Driver (Version: 5.0.1.8)
FLVPlayer4Free Free FLV Player 3.0.0.0
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4363)
Internet Worm Protection (Version: 11.0.1)
InterVideo WinDVD Creator 2 (Version: 2.0.14.368)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.475)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
LiveReg (Symantec Corporation) (Version: 3.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office OneNote 2003 (Version: 11.0.6360.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSVCRT (Version: 14.0.1468.721)
Nimbuzz 1.6.0 (Version: 1.6.0)
Norton AntiVirus 2005 (Symantec Corporation) (Version: 11.0.1)
Norton AntiVirus 2005 (Version: 11.0.1)
Norton AntiVirus Help (Version: 11.00.00)
Norton AntiVirus Parent MSI (Version: 11.0.1)
Norton WMI Update (Version: 2005.1.0.111)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.72.80.56)
RealPlayer
Realtek AC'97 Audio (Version: 5.12)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.70)
SD Secure Module (Version: 1.0.2)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.3 (Version: 5.3.120)
Sonic DLA (Version: 4.98)
Sonic RecordNow! (Version: 7.31)
SPBBC (Version: 1.00.0000)
Symantec (Version: 11.0.1)
Symantec Network Drivers Update (Version: 5.5.6.604)
Symantec Script Blocking Installer (Version: 11.0.1)
SymNet (Version: 5.4.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.23.0000)
TIxx21/x515 (Version: 1.23.0000)
TOSHIBA Accessibility (Version: 1.36.0.10C)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.70.09)
TOSHIBA Controls (Version: 1.36.0.4C)
TOSHIBA Fn-esse (Version: 1.0.2.924C)
TOSHIBA Hardware Setup (Version: 1.36.0.6C)
TOSHIBA Hotkey Utility (Version: 1.36.0.6C)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 1.36.0.1C)
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem (Version: 2.1.51 (SM2151ALD05))
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.36.0.1C)
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility (Version: 1.36.0.2C)
Touch and Launch
TouchPad On/Off Utility (Version: 1.36.0.4C)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955839) (Version: 1)
Utility Common Driver (Version: 0.0.0.1C)
VLC media player 2.0.3 (Version: 2.0.3)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Messenger
Zain e-GO (Version: 11.030.01.10.186)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 502.42 MB
Available physical RAM: 202.51 MB
Total Pagefile: 1228.5 MB
Available Pagefile: 838.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.73 MB

========================= Partitions: =====================================

1 Drive c: (S3A3305D001) (Fixed) (Total:92.96 GB) (Free:1.04 GB) NTFS

========================= Users: ========================================

User accounts for \\TEST

Administrator Guest HelpAssistant
mycomp SUPPORT_388945a0

========================= Restore Points ==================================

16-10-2012 04:34:09 System Checkpoint

**** End of log ****


Farbar service scanner Log
Farbar Service Scanner Version: 07-10-2012
Ran by mycomp (administrator) on 17-10-2012 at 21:09:54
Running from "C:\Documents and Settings\mycomp\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x0C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****


adware cleaner Log
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 21:11:13
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mycomp - TEST
# Boot Mode : Normal
# Running from : C:\Documents and Settings\mycomp\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\mycomp\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\mycomp\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\mycomp\Application Data\Mozilla\Firefox\Profiles\obng2qqp.default\prefs.js

C:\Documents and Settings\mycomp\Application Data\Mozilla\Firefox\Profiles\obng2qqp.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108973");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 15);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "14eeeb5a0000000000000013ce8a45a4");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15353");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 15);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:41:38");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "5.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 65186937);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:41:38");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108973");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "14eeeb5a0000000000000013ce8a45a4");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "14eeeb5a0000000000000013ce8a45a4");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15353");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:41:38");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\mycomp\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5970 octets] - [17/10/2012 21:11:13]

########## EOF - C:\AdwCleaner[S1].txt - [6030 octets] ##########


Junkware removal tool Log
Junkware Removal Tool (JRT) by Thisisu
Version: 1.7.2 (10.17.2012)
OS: Microsoft Windows XP x86
Ran by mycomp on Wed 10/17/2012 at 21:35:48.48
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/17/2012 at 21:45:50.28
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 AM

Posted 17 October 2012 - 09:24 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 18 October 2012 - 01:57 AM

Rkill Log
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/18/2012 02:49:15 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\DVDRAMSV.exe (PID: 1592) [WD-HEUR]
* C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 2216) [WD-HEUR]
* C:\WINDOWS\AGRSMMSG.exe (PID: 2252) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\userinit.exe [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\userinit.exe : 24,576 : 08/04/2004 00:00 AM : 39b1ffb03c2296323832acbae50d2aff [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\userinit.exe : 26,112 : 04/14/2008 00:42 AM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]

* C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe : 218,112 : 08/04/2004 00:00 AM : 075ea6c849ab0fe416a3d6dd65c3cf41 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 218,112 : 04/14/2008 00:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 jL.chura.pl

Program finished at: 10/18/2012 02:51:02 AM
Execution time: 0 hours(s), 1 minute(s), and 46 seconds(s)



Autoruns Log
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AGRSMMSG" "SoftModem Messaging Applet" "Agere Systems" "c:\windows\agrsmmsg.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "dla" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfswctrl.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\system32\rundl32.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton AntiVirusNAVShellExt Module" "Symantec Corporation" "c:\program files\norton antivirus\navshext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton AntiVirusNAVShellExt Module" "Symantec Corporation" "c:\program files\norton antivirus\navshext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CNavExtBho Class" "Norton AntiVirusNAVShellExt Module" "Symantec Corporation" "c:\program files\norton antivirus\navshext.dll"
+ "DriveLetterAccess" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfswshx.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Norton AntiVirus" "Norton AntiVirusNAVShellExt Module" "Symantec Corporation" "c:\program files\norton antivirus\navshext.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "Yahoo! Messenger" "Yahoo! Messenger" "Yahoo! Inc." "c:\program files\yahoo!\messenger\yahoomessenger.exe"
"Task Scheduler" "" "" ""
+ "Norton AntiVirus - Scan my computer - mycomp.job" "Norton AntiVirus Scanner Module" "Symantec Corporation" "c:\program files\norton antivirus\navw32.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "Automatic LiveUpdate Scheduler" "Manages the scheduling of Automatic LiveUpdate sessions" "Symantec Corporation" "c:\program files\symantec\liveupdate\aluschedulersvc.exe"
+ "ccEvtMgr" "Symantec Event Manager" "Symantec Corporation" "c:\program files\common files\symantec shared\ccevtmgr.exe"
+ "ccPwdSvc" "Symantec Password Validation Service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccpwdsvc.exe"
+ "ccSetMgr" "Symantec Settings Manager" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsetmgr.exe"
+ "CFSvcs" "Service of ConfigFree." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "DVD-RAM_Service" "DVD-RAM Utility Helper Service" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\system32\dvdramsv.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_0.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "navapsvc" "Handles Norton AntiVirus Auto-Protect events." "Symantec Corporation" "c:\program files\norton antivirus\navapsvc.exe"
+ "NPFMntor" "Detects installation of Symantec Firewall clients" "Symantec Corporation" "c:\program files\norton antivirus\iwp\npfmntor.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SAVScan" "Handles Norton AntiVirus Auto-Protect Archive Scanning" "Symantec Corporation" "c:\program files\norton antivirus\savscan.exe"
+ "SBService" "Norton AntiVirus ScripBlocking Service" "Symantec Corporation" "c:\program files\common files\symantec shared\script blocking\sbserv.exe"
+ "SNDSrvc" "Symantec Network Drivers Service" "Symantec Corporation" "c:\program files\common files\symantec shared\sndsrvc.exe"
+ "SPBBCSvc" "Symantec SPBBC" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "ApfiltrService" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\MEHMOO~1\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "drvmcdb" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "drvnddm" "Device Driver Manager" "Sonic Solutions" "c:\windows\system32\drivers\drvnddm.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "hwdatacard" "USB Modem/Serial Device Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ewusbmdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "Iviaspi" "InterVideo ASPI Shell" "InterVideo, Inc." "c:\windows\system32\drivers\iviaspi.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "meiudf" "DVD-RAM UDF File System Driver" "Matsubleepa Electric Industrial Co.,Ltd." "c:\windows\system32\drivers\meiudf.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20110504.002\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20110504.002\navex15.sys"
+ "Netdevio" "TOSHIBA Network Device Usermode I/O Protocol" "TOSHIBA Corporation." "c:\windows\system32\drivers\netdevio.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Pfc" "Padus® ASPI Shell" "Padus, Inc." "c:\windows\system32\drivers\pfc.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtlnicxp.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "SAVRT" "AutoProtect" "Symantec Corporation" "c:\program files\norton antivirus\savrt.sys"
+ "SAVRTPEL" "SAVRTPEL" "Symantec Corporation" "c:\program files\norton antivirus\savrtpel.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SrvcSSIOMngr" "IoManager Application" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\ssiomngr.sys"
+ "sscdbhk5" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\sscdbhk5.sys"
+ "ssrtln" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\ssrtln.sys"
+ "SYMDNS" "DNS Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symdns.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\program files\symantec\symevent.sys"
+ "SYMFW" "Firewall Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symfw.sys"
+ "SYMIDS" "IDS Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symids.sys"
+ "SYMIDSCO" "IDS Core Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\symcdata\ids-diskless\20120315.001\symidsco.sys"
+ "SYMNDIS" "NDIS Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symndis.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "taphss" "TAP-Win32 Virtual Network Driver" "AnchorFree Inc" "c:\windows\system32\drivers\taphss.sys"
+ "TBiosDrv" "" "" "c:\windows\system32\drivers\tbiosdrv.sys"
+ "tfsnboio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnboio.sys"
+ "tfsncofs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsncofs.sys"
+ "tfsndrct" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndrct.sys"
+ "tfsndres" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndres.sys"
+ "tfsnifs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnifs.sys"
+ "tfsnopio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnopio.sys"
+ "tfsnpool" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnpool.sys"
+ "tfsnudf" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudf.sys"
+ "tfsnudfa" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudfa.sys"
+ "tifm21" "tifm21.sys" "Texas Instruments" "c:\windows\system32\drivers\tifm21.sys"
+ "TPwSav" "IO Driver For TOSHIBA Power Saver" "TOSHIBA " "c:\windows\system32\drivers\tpwsav.sys"
+ "Tvs" "TOSHIBA Audio Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvs.sys"
+ "vmfilter303" "Filter for VM303 with Face Tracking, no photoframe" "Vimicro Corporation" "c:\windows\system32\drivers\vmfilter303.sys"
+ "w29n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w29n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "ZSMC303" "Video streaming and Capture Device Driver" "Vimicro Corporation" "c:\windows\system32\drivers\usbvm303.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX Demux" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "DivX Subtitle Decoder" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Encoder" "InterVideo?Audio Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaenc.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "InterVideo Demultiplexer" "InterVideo® MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemux.ax"
+ "InterVideo Demux" "InterVideo® MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemxx.ax"
+ "Intervideo Disc Read2 Filter" "" "" "c:\program files\intervideo\common\bin\discread.ax"
+ "InterVideo Disc Write2 Filter" "DiscRite" "InterVideo Inc." "c:\program files\intervideo\common\bin\discrite.ax"
+ "InterVideo Down Scale Filter" "InterVideo® Down Scale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividowns.ax"
+ "InterVideo DV Pre-Process" "InterVideo DV Pre-Process Filter" "InterVideo" "c:\program files\intervideo\common\bin\dvprocs.ax"
+ "InterVideo File Writer" "InterVideo® File Writer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwrite.ax"
+ "InterVideo Multiplexer" "InterVideo® MPEG System Multiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivimux.ax"
+ "InterVideo Navigator" "IVINAV" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Pre-scaling Filter" "InterVideo® PreScale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscale.ax"
+ "Intervideo SmartRender" "Intervideo SmartRender Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\smartrnd.ax"
+ "InterVideo Still Capture" "InterVideo® Still Capture Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscapt.ax"
+ "InterVideo Stream Buffer Filter" "InterVideo Stream Buffer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\smbuffer.ax"
+ "InterVideo Stream Renderer" "IinterVideo Stream Renderer Filter " "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivistreamrenderer.ax"
+ "InterVideo Subpicture Source" "Subpicture Source Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivispic.ax"
+ "InterVideo Video Decoder" "IVIVIDEO" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "InterVideo Video Encoder" "InterVideo® MPEG Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivivenc.ax"
+ "InterVideo Wave Wrapper" "InterVideo Wave Wrapper Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwavex.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "RealAudio Decoder" "" "" "File not found: C:\WINDOWS\system32\RealMediaSplitter.ax"
+ "RealMedia Source" "" "" "File not found: C:\WINDOWS\system32\RealMediaSplitter.ax"
+ "RealMedia Splitter" "" "" "File not found: C:\WINDOWS\system32\RealMediaSplitter.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "" "" "File not found: C:\WINDOWS\system32\RealMediaSplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Roxio MPEG Splitter" "" "" "File not found: C:\DOCUME~1\MEHMOO~1\LOCALS~1\Temp\RX_21.tmp"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PDFConverter" "" "" "c:\windows\system32\pdfmonnt.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 AM

Posted 18 October 2012 - 03:50 AM

Go to https://www.virustotal.com/

Click on CHOOSE FILE,browse to C:\WINDOWS\System32\userinit.exe

Click on SCAN IT option

Post the generated log result here

#9 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 18 October 2012 - 01:09 PM

virustotal Log
https://www.virustotal.com/file/6282a4ff70afaee1b522757b913ae50c77f46ea635772c17444ea77638189e60/analysis/1350583304/

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 AM

Posted 18 October 2012 - 04:14 PM

USERINIT.EXE is infected.Lets take a deeper look

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here with logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#11 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 18 October 2012 - 08:51 PM

Thank you very much for your help. I really appreciate your help. I have posted the logs in the mentioned forum. Thanks once again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users