Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horses keeps respawning?


  • Please log in to reply
7 replies to this topic

#1 wolf_unknown

wolf_unknown

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 28 January 2013 - 10:56 PM

Running Windows XP, with Symantec factory installed. When I turn on my computer, Symantec pops up several times with found threats. Sometimes the list is blank; sometimes it shows one or several threats, all of which are Trojan horses. They have names such as APQ8.tmp and such.

I ran Malwarebytes Anti-Malware, but it won't finish a scan unless in safe mode. When in safe mode, it says it has found and eliminated all threats, and gives me a list of removed threats that lists the Trojan(s). It then says to restart to finishing the cleaning process. I reboot, but once in normal mode, Symantec starts popping up with what appears to be the same threats. Lather, rinse, repeat.

When I try to continue using the computer despite the threats, it eventually freezes. Well, it doesn't quite freeze--I can still move the mouse, but no mouse clicks or keyboard commands work. I have to manually shut down the computer in order to get it to function again.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:51 PM

Posted 28 January 2013 - 11:43 PM

Hi, wolf_unknown! I'm going to try to help you out. :)

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 January 2013 - 12:18 AM

Thanks for your quick response, Gunto.

Since running the scans, I have yet to get any Symantec threat alerts or computer issues, though I'm not sure if it's because the scans caught something or if it's just a matter of time. Symantec did try to start up something when my computer was shutting down after the AdwCleaner scan, but because my computer was shutting down I didn't see what it was, and it hasn't acted up since rebooting.



TDSSKiller log
:


20:49:10.0640 2576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:49:11.0250 2576 ============================================================
20:49:11.0250 2576 Current date / time: 2013/01/28 20:49:11.0250
20:49:11.0250 2576 SystemInfo:
20:49:11.0250 2576
20:49:11.0250 2576 OS Version: 5.1.2600 ServicePack: 3.0
20:49:11.0250 2576 Product type: Workstation
20:49:11.0250 2576 ComputerName: P_COMPUTER
20:49:11.0250 2576 UserName: Administrator
20:49:11.0250 2576 Windows directory: C:\WINDOWS
20:49:11.0250 2576 System windows directory: C:\WINDOWS
20:49:11.0250 2576 Processor architecture: Intel x86
20:49:11.0250 2576 Number of processors: 2
20:49:11.0250 2576 Page size: 0x1000
20:49:11.0250 2576 Boot type: Normal boot
20:49:11.0250 2576 ============================================================
20:49:14.0656 2576 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200,

Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:49:14.0671 2576 Drive \Device\Harddisk1\DR2 - Size: 0x1E8BE000 (0.48 Gb), SectorSize: 0x200,

Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:49:14.0671 2576 ============================================================
20:49:14.0671 2576 \Device\Harddisk0\DR0:
20:49:14.0671 2576 MBR partitions:
20:49:14.0671 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum

0xBA50E02
20:49:14.0671 2576 \Device\Harddisk1\DR2:
20:49:14.0671 2576 MBR partitions:
20:49:14.0671 2576 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0xE9, BlocksNum 0xF4507
20:49:14.0671 2576 ============================================================
20:49:14.0703 2576 C: <-> \Device\Harddisk0\DR0\Partition1
20:49:14.0703 2576 ============================================================
20:49:14.0703 2576 Initialize success
20:49:14.0703 2576 ============================================================
20:49:28.0312 2832 ============================================================
20:49:28.0312 2832 Scan started
20:49:28.0312 2832 Mode: Manual;
20:49:28.0328 2832 ============================================================
20:49:29.0437 2832 ================ Scan system memory ========================
20:49:31.0562 2832 System memory - ok
20:49:31.0562 2832 ================ Scan services =============================
20:49:31.0734 2832 Abiosdsk - ok
20:49:31.0750 2832 abp480n5 - ok
20:49:31.0796 2832 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32

\DRIVERS\ACPI.sys
20:49:31.0796 2832 ACPI - ok
20:49:31.0859 2832 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32

\DRIVERS\ACPIEC.sys
20:49:31.0875 2832 ACPIEC - ok
20:49:31.0953 2832 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:49:32.0031 2832 AdobeFlashPlayerUpdateSvc - ok
20:49:32.0031 2832 adpu160m - ok
20:49:32.0078 2832 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32

\drivers\aec.sys
20:49:32.0078 2832 aec - ok
20:49:32.0125 2832 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32

\drivers\afd.sys
20:49:32.0125 2832 AFD - ok
20:49:32.0140 2832 Aha154x - ok
20:49:32.0156 2832 aic78u2 - ok
20:49:32.0156 2832 aic78xx - ok
20:49:32.0187 2832 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32

\alrsvc.dll
20:49:32.0203 2832 Alerter - ok
20:49:32.0218 2832 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32

\alg.exe
20:49:32.0218 2832 ALG - ok
20:49:32.0218 2832 AliIde - ok
20:49:32.0281 2832 [ 15DA079FF09BE5FA6602041EE286DE80 ] amd_ahci C:\WINDOWS\system32

\Drivers\ahcix86.sys
20:49:32.0296 2832 amd_ahci - ok
20:49:32.0312 2832 amsint - ok
20:49:32.0328 2832 ApfiltrService - ok
20:49:32.0453 2832 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program

Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:49:32.0468 2832 Apple Mobile Device - ok
20:49:32.0515 2832 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32

\appmgmts.dll
20:49:32.0531 2832 AppMgmt - ok
20:49:32.0640 2832 [ 2774B0607ACDAD6E76F577AC85FA077D ] AR5416 C:\WINDOWS\system32

\DRIVERS\athw.sys
20:49:32.0671 2832 AR5416 - ok
20:49:32.0687 2832 asc - ok
20:49:32.0703 2832 asc3350p - ok
20:49:32.0703 2832 asc3550 - ok
20:49:32.0843 2832 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:49:32.0906 2832 aspnet_state - ok
20:49:32.0953 2832 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32

\DRIVERS\asyncmac.sys
20:49:32.0968 2832 AsyncMac - ok
20:49:33.0015 2832 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32

\DRIVERS\atapi.sys
20:49:33.0015 2832 atapi - ok
20:49:33.0031 2832 Atdisk - ok
20:49:33.0046 2832 [ 1842B56B3D3F195C36F62708D266B95E ] atiide C:\WINDOWS\system32

\Drivers\atiide.sys
20:49:33.0062 2832 atiide - ok
20:49:33.0093 2832 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32

\DRIVERS\atmarpc.sys
20:49:33.0109 2832 Atmarpc - ok
20:49:33.0125 2832 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32

\audiosrv.dll
20:49:33.0125 2832 AudioSrv - ok
20:49:33.0171 2832 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32

\DRIVERS\audstub.sys
20:49:33.0187 2832 audstub - ok
20:49:33.0234 2832 [ 58911390115465BF6D8048F21F48655A ] b57w2k C:\WINDOWS\system32

\DRIVERS\b57xp32.sys
20:49:33.0312 2832 b57w2k - ok
20:49:33.0375 2832 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX

C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:49:33.0375 2832 BCM43XX - ok
20:49:33.0437 2832 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32

\drivers\Beep.sys
20:49:33.0437 2832 Beep - ok
20:49:33.0500 2832 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32

\qmgr.dll
20:49:33.0609 2832 BITS - ok
20:49:33.0703 2832 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program

Files\Bonjour\mDNSResponder.exe
20:49:33.0703 2832 Bonjour Service - ok
20:49:33.0765 2832 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32

\browser.dll
20:49:33.0765 2832 Browser - ok
20:49:33.0812 2832 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32

\drivers\cbidf2k.sys
20:49:33.0828 2832 cbidf2k - ok
20:49:33.0906 2832 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
20:49:33.0921 2832 ccEvtMgr - ok
20:49:33.0921 2832 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
20:49:33.0921 2832 ccSetMgr - ok
20:49:33.0937 2832 cd20xrnt - ok
20:49:33.0968 2832 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32

\drivers\Cdaudio.sys
20:49:33.0968 2832 Cdaudio - ok
20:49:34.0015 2832 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32

\drivers\Cdfs.sys
20:49:34.0031 2832 Cdfs - ok
20:49:34.0031 2832 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32

\DRIVERS\cdrom.sys
20:49:34.0140 2832 Cdrom - ok
20:49:34.0140 2832 Changer - ok
20:49:34.0171 2832 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32

\cisvc.exe
20:49:34.0187 2832 CiSvc - ok
20:49:34.0203 2832 CiSvc32 - ok
20:49:34.0218 2832 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32

\clipsrv.exe
20:49:34.0250 2832 ClipSrv - ok
20:49:34.0296 2832 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:34.0359 2832 clr_optimization_v2.0.50727_32 - ok
20:49:34.0390 2832 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32

\DRIVERS\CmBatt.sys
20:49:34.0421 2832 CmBatt - ok
20:49:34.0421 2832 CmdIde - ok
20:49:34.0468 2832 [ 86A22DFF16E8CA67601044EFE6825537 ] COH_Mon C:\WINDOWS\system32

\Drivers\COH_Mon.sys
20:49:34.0484 2832 COH_Mon - ok
20:49:34.0500 2832 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32

\DRIVERS\compbatt.sys
20:49:34.0515 2832 Compbatt - ok
20:49:34.0531 2832 COMSysApp - ok
20:49:34.0546 2832 Cpqarray - ok
20:49:34.0593 2832 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32

\cryptsvc.dll
20:49:34.0609 2832 CryptSvc - ok
20:49:34.0656 2832 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32

\DRIVERS\ctxusbm.sys
20:49:34.0656 2832 ctxusbm - ok
20:49:34.0671 2832 dac2w2k - ok
20:49:34.0671 2832 dac960nt - ok
20:49:34.0750 2832 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32

\rpcss.dll
20:49:34.0750 2832 DcomLaunch - ok
20:49:34.0812 2832 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32

\dhcpcsvc.dll
20:49:34.0812 2832 Dhcp - ok
20:49:34.0828 2832 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32

\DRIVERS\disk.sys
20:49:34.0843 2832 Disk - ok
20:49:34.0843 2832 dmadmin - ok
20:49:34.0906 2832 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32

\drivers\dmboot.sys
20:49:34.0953 2832 dmboot - ok
20:49:34.0968 2832 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32

\drivers\dmio.sys
20:49:35.0062 2832 dmio - ok
20:49:35.0093 2832 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32

\drivers\dmload.sys
20:49:35.0109 2832 dmload - ok
20:49:35.0140 2832 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32

\dmserver.dll
20:49:35.0218 2832 dmserver - ok
20:49:35.0250 2832 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32

\drivers\DMusic.sys
20:49:35.0250 2832 DMusic - ok
20:49:35.0312 2832 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32

\dnsrslvr.dll
20:49:35.0312 2832 Dnscache - ok
20:49:35.0328 2832 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32

\dot3svc.dll
20:49:35.0359 2832 Dot3svc - ok
20:49:35.0359 2832 dpti2o - ok
20:49:35.0390 2832 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32

\drivers\drmkaud.sys
20:49:35.0390 2832 drmkaud - ok
20:49:35.0437 2832 [ 4823163C246868863D41A2F5EE06A21E ] dsNcAdpt C:\WINDOWS\system32

\DRIVERS\dsNcAdpt.sys
20:49:35.0453 2832 dsNcAdpt - ok
20:49:35.0500 2832 [ B44176D29E2E6BC2D840B64BF51D1B48 ] dsNcService C:\Program Files\Juniper

Networks\Common Files\dsNcService.exe
20:49:35.0515 2832 dsNcService - ok
20:49:35.0546 2832 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32

\eapsvc.dll
20:49:35.0562 2832 EapHost - ok
20:49:35.0640 2832 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common

Files\Symantec Shared\EENGINE\eeCtrl.sys
20:49:35.0640 2832 eeCtrl - ok
20:49:35.0687 2832 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program

Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:49:35.0687 2832 EraserUtilRebootDrv - ok
20:49:35.0718 2832 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32

\ersvc.dll
20:49:35.0718 2832 ERSvc - ok
20:49:35.0765 2832 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32

\services.exe
20:49:35.0781 2832 Eventlog - ok
20:49:35.0890 2832 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem

C:\WINDOWS\system32\es.dll
20:49:35.0890 2832 EventSystem - ok
20:49:35.0921 2832 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32

\drivers\Fastfat.sys
20:49:35.0921 2832 Fastfat - ok
20:49:35.0984 2832 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility

C:\WINDOWS\System32\shsvcs.dll
20:49:35.0984 2832 FastUserSwitchingCompatibility - ok
20:49:36.0000 2832 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32

\drivers\Fdc.sys
20:49:36.0015 2832 Fdc - ok
20:49:36.0062 2832 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32

\drivers\Fips.sys
20:49:36.0062 2832 Fips - ok
20:49:36.0078 2832 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32

\drivers\Flpydisk.sys
20:49:36.0093 2832 Flpydisk - ok
20:49:36.0125 2832 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32

\DRIVERS\fltMgr.sys
20:49:36.0140 2832 FltMgr - ok
20:49:36.0203 2832 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:49:36.0218 2832 FontCache3.0.0.0 - ok
20:49:36.0265 2832 [ 455F778EE14368468560BD7CB8C854D0 ] FsVga C:\WINDOWS\system32

\DRIVERS\fsvga.sys
20:49:36.0281 2832 FsVga - ok
20:49:36.0312 2832 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32

\drivers\Fs_Rec.sys
20:49:36.0312 2832 Fs_Rec - ok
20:49:36.0343 2832 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32

\DRIVERS\ftdisk.sys
20:49:36.0359 2832 Ftdisk - ok
20:49:36.0406 2832 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM

C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:49:36.0421 2832 GEARAspiWDM - ok
20:49:36.0468 2832 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32

\DRIVERS\msgpc.sys
20:49:36.0484 2832 Gpc - ok
20:49:36.0546 2832 [ 0E1FD1EA2837D6B7A1D7B6C928014D05 ] guardian2 C:\WINDOWS\system32

\Drivers\oz776.sys
20:49:36.0562 2832 guardian2 - ok
20:49:36.0609 2832 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32

\DRIVERS\HDAudBus.sys
20:49:36.0625 2832 HDAudBus - ok
20:49:36.0718 2832 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:49:36.0718 2832 helpsvc - ok
20:49:36.0734 2832 HidServ - ok
20:49:36.0750 2832 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32

\DRIVERS\hidusb.sys
20:49:36.0765 2832 HidUsb - ok
20:49:36.0828 2832 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32

\kmsvc.dll
20:49:36.0843 2832 hkmsvc - ok
20:49:36.0859 2832 hpn - ok
20:49:36.0968 2832 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32

\DRIVERS\HSX_DPV.sys
20:49:37.0000 2832 HSF_DPV - ok
20:49:37.0062 2832 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL

C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
20:49:37.0078 2832 HSXHWAZL - ok
20:49:37.0125 2832 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32

\Drivers\HTTP.sys
20:49:37.0125 2832 HTTP - ok
20:49:37.0171 2832 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32

\w3ssl.dll
20:49:37.0187 2832 HTTPFilter - ok
20:49:37.0187 2832 i2omgmt - ok
20:49:37.0203 2832 i2omp - ok
20:49:37.0250 2832 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32

\DRIVERS\i8042prt.sys
20:49:37.0296 2832 i8042prt - ok
20:49:37.0390 2832 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32

\DRIVERS\ialmnt5.sys
20:49:37.0453 2832 ialm - ok
20:49:37.0500 2832 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\WINDOWS\system32

\Drivers\iaStor.sys
20:49:37.0531 2832 iaStor - ok
20:49:37.0593 2832 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio

MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:49:37.0625 2832 IDriverT - ok
20:49:37.0750 2832 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:49:37.0812 2832 idsvc - ok
20:49:37.0843 2832 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32

\DRIVERS\imapi.sys
20:49:37.0859 2832 Imapi - ok
20:49:37.0906 2832 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32

\imapi.exe
20:49:37.0906 2832 ImapiService - ok
20:49:37.0921 2832 ini910u - ok
20:49:37.0968 2832 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32

\drivers\IntelIde.sys
20:49:37.0984 2832 IntelIde - ok
20:49:38.0031 2832 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32

\DRIVERS\intelppm.sys
20:49:38.0031 2832 intelppm - ok
20:49:38.0046 2832 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32

\DRIVERS\Ip6Fw.sys
20:49:38.0062 2832 Ip6Fw - ok
20:49:38.0109 2832 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32

\DRIVERS\ipfltdrv.sys
20:49:38.0125 2832 IpFilterDriver - ok
20:49:38.0156 2832 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32

\DRIVERS\ipinip.sys
20:49:38.0171 2832 IpInIp - ok
20:49:38.0187 2832 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32

\DRIVERS\ipnat.sys
20:49:38.0187 2832 IpNat - ok
20:49:38.0265 2832 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program

Files\iPod\bin\iPodService.exe
20:49:38.0265 2832 iPod Service - ok
20:49:38.0328 2832 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32

\DRIVERS\ipsec.sys
20:49:38.0328 2832 IPSec - ok
20:49:38.0375 2832 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32

\DRIVERS\irenum.sys
20:49:38.0390 2832 IRENUM - ok
20:49:38.0437 2832 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32

\DRIVERS\isapnp.sys
20:49:38.0453 2832 isapnp - ok
20:49:38.0609 2832 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program

Files\Java\jre7\bin\jqs.exe
20:49:38.0609 2832 JavaQuickStarterService - ok
20:49:38.0656 2832 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32

\DRIVERS\kbdclass.sys
20:49:38.0671 2832 Kbdclass - ok
20:49:38.0718 2832 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32

\drivers\kmixer.sys
20:49:38.0734 2832 kmixer - ok
20:49:38.0750 2832 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32

\drivers\KSecDD.sys
20:49:38.0765 2832 KSecDD - ok
20:49:38.0812 2832 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer

C:\WINDOWS\System32\srvsvc.dll
20:49:38.0812 2832 LanmanServer - ok
20:49:38.0875 2832 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation

C:\WINDOWS\System32\wkssvc.dll
20:49:38.0875 2832 lanmanworkstation - ok
20:49:38.0937 2832 Lavasoft Kernexplorer - ok
20:49:38.0937 2832 Lbd - ok
20:49:38.0953 2832 lbrtfdc - ok
20:49:39.0171 2832 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
20:49:39.0265 2832 LiveUpdate - ok
20:49:39.0312 2832 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32

\lmhsvc.dll
20:49:39.0312 2832 LmHosts - ok
20:49:39.0390 2832 mchInjDrv - ok
20:49:39.0500 2832 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common

Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:49:39.0500 2832 MDM - ok
20:49:39.0531 2832 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32

\DRIVERS\mdmxsdk.sys
20:49:39.0531 2832 mdmxsdk - ok
20:49:39.0578 2832 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32

\msgsvc.dll
20:49:39.0593 2832 Messenger - ok
20:49:39.0625 2832 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32

\drivers\mnmdd.sys
20:49:39.0625 2832 mnmdd - ok
20:49:39.0671 2832 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32

\mnmsrvc.exe
20:49:39.0703 2832 mnmsrvc - ok
20:49:39.0750 2832 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32

\drivers\Modem.sys
20:49:39.0750 2832 Modem - ok
20:49:39.0796 2832 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32

\DRIVERS\mouclass.sys
20:49:39.0812 2832 Mouclass - ok
20:49:39.0859 2832 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32

\DRIVERS\mouhid.sys
20:49:39.0859 2832 mouhid - ok
20:49:39.0906 2832 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32

\drivers\MountMgr.sys
20:49:39.0921 2832 MountMgr - ok
20:49:40.0000 2832 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program

Files\Mozilla Maintenance Service\maintenanceservice.exe
20:49:40.0031 2832 MozillaMaintenance - ok
20:49:40.0109 2832 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32

\DRIVERS\MpFilter.sys
20:49:40.0109 2832 MpFilter - ok
20:49:40.0281 2832 [ A69630D039C38018689190234F866D77 ] MpKsl0a88531d c:\Documents and

Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E9B642D-4D01-

4DD3-B5A9-8800B0298C4C}\MpKsl0a88531d.sys
20:49:40.0281 2832 MpKsl0a88531d - ok
20:49:40.0281 2832 mraid35x - ok
20:49:40.0343 2832 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32

\DRIVERS\mrxdav.sys
20:49:40.0343 2832 MRxDAV - ok
20:49:40.0421 2832 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32

\DRIVERS\mrxsmb.sys
20:49:40.0437 2832 MRxSmb - ok
20:49:40.0468 2832 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32

\msdtc.exe
20:49:40.0484 2832 MSDTC - ok
20:49:40.0500 2832 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32

\drivers\Msfs.sys
20:49:40.0515 2832 Msfs - ok
20:49:40.0515 2832 MSIServer - ok
20:49:40.0578 2832 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32

\drivers\MSKSSRV.sys
20:49:40.0593 2832 MSKSSRV - ok
20:49:40.0671 2832 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program

Files\Microsoft Security Client\MsMpEng.exe
20:49:40.0671 2832 MsMpSvc - ok
20:49:40.0687 2832 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:49:40.0703 2832 MSPCLOCK - ok
20:49:40.0750 2832 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32

\drivers\MSPQM.sys
20:49:40.0750 2832 MSPQM - ok
20:49:40.0812 2832 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32

\DRIVERS\mssmbios.sys
20:49:40.0812 2832 mssmbios - ok
20:49:40.0828 2832 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32

\drivers\Mup.sys
20:49:40.0843 2832 Mup - ok
20:49:40.0890 2832 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32

\qagentrt.dll
20:49:40.0921 2832 napagent - ok
20:49:41.0000 2832 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1

\COMMON~1\SYMANT~1\VIRUSD~1\20130128.017\NAVENG.SYS
20:49:41.0015 2832 NAVENG - ok
20:49:41.0125 2832 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1

\COMMON~1\SYMANT~1\VIRUSD~1\20130128.017\NAVEX15.SYS
20:49:41.0171 2832 NAVEX15 - ok
20:49:41.0234 2832 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32

\drivers\NDIS.sys
20:49:41.0328 2832 NDIS - ok
20:49:41.0375 2832 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32

\DRIVERS\ndistapi.sys
20:49:41.0375 2832 NdisTapi - ok
20:49:41.0390 2832 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32

\DRIVERS\ndisuio.sys
20:49:41.0406 2832 Ndisuio - ok
20:49:41.0421 2832 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32

\DRIVERS\ndiswan.sys
20:49:41.0484 2832 NdisWan - ok
20:49:41.0515 2832 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32

\drivers\NDProxy.sys
20:49:41.0515 2832 NDProxy - ok
20:49:41.0562 2832 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32

\DRIVERS\netbios.sys
20:49:41.0562 2832 NetBIOS - ok
20:49:41.0578 2832 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32

\DRIVERS\netbt.sys
20:49:41.0578 2832 NetBT - ok
20:49:41.0609 2832 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32

\netdde.exe
20:49:41.0703 2832 NetDDE - ok
20:49:41.0703 2832 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32

\netdde.exe
20:49:41.0718 2832 NetDDEdsdm - ok
20:49:41.0734 2832 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32

\lsass.exe
20:49:41.0750 2832 Netlogon - ok
20:49:41.0765 2832 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32

\netman.dll
20:49:41.0765 2832 Netman - ok
20:49:41.0828 2832 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:41.0843 2832 NetTcpPortSharing - ok
20:49:41.0875 2832 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32

\mswsock.dll
20:49:41.0875 2832 Nla - ok
20:49:41.0937 2832 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32

\drivers\Npfs.sys
20:49:41.0937 2832 Npfs - ok
20:49:41.0984 2832 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32

\drivers\Ntfs.sys
20:49:42.0015 2832 Ntfs - ok
20:49:42.0031 2832 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32

\lsass.exe
20:49:42.0031 2832 NtLmSsp - ok
20:49:42.0062 2832 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32

\ntmssvc.dll
20:49:42.0093 2832 NtmsSvc - ok
20:49:42.0140 2832 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32

\drivers\Null.sys
20:49:42.0140 2832 Null - ok
20:49:42.0156 2832 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32

\DRIVERS\nwlnkflt.sys
20:49:42.0171 2832 NwlnkFlt - ok
20:49:42.0187 2832 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32

\DRIVERS\nwlnkfwd.sys
20:49:42.0203 2832 NwlnkFwd - ok
20:49:42.0281 2832 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common

Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:49:42.0343 2832 odserv - ok
20:49:42.0390 2832 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common

Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:42.0484 2832 ose - ok
20:49:42.0531 2832 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32

\drivers\Parport.sys
20:49:42.0546 2832 Parport - ok
20:49:42.0578 2832 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32

\drivers\PartMgr.sys
20:49:42.0593 2832 PartMgr - ok
20:49:42.0625 2832 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32

\drivers\ParVdm.sys
20:49:42.0640 2832 ParVdm - ok
20:49:42.0671 2832 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32

\DRIVERS\pci.sys
20:49:42.0687 2832 PCI - ok
20:49:42.0703 2832 PCIDump - ok
20:49:42.0750 2832 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32

\DRIVERS\pciide.sys
20:49:42.0765 2832 PCIIde - ok
20:49:42.0781 2832 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32

\DRIVERS\pcmcia.sys
20:49:42.0796 2832 Pcmcia - ok
20:49:42.0812 2832 PDCOMP - ok
20:49:42.0812 2832 PDFRAME - ok
20:49:42.0828 2832 PDRELI - ok
20:49:42.0843 2832 PDRFRAME - ok
20:49:42.0859 2832 perc2 - ok
20:49:42.0859 2832 perc2hib - ok
20:49:42.0968 2832 [ 35045CA2AB16A08330450FC0C1BC5C54 ] Pharos Systems ComTaskMaster

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
20:49:42.0984 2832 Pharos Systems ComTaskMaster - ok
20:49:43.0015 2832 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32

\services.exe
20:49:43.0015 2832 PlugPlay - ok
20:49:43.0031 2832 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32

\lsass.exe
20:49:43.0031 2832 PolicyAgent - ok
20:49:43.0093 2832 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport

C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:49:43.0140 2832 PptpMiniport - ok
20:49:43.0156 2832 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage

C:\WINDOWS\system32\lsass.exe
20:49:43.0156 2832 ProtectedStorage - ok
20:49:43.0187 2832 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32

\DRIVERS\psched.sys
20:49:43.0203 2832 PSched - ok
20:49:43.0218 2832 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32

\DRIVERS\ptilink.sys
20:49:43.0218 2832 Ptilink - ok
20:49:43.0281 2832 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32

\Drivers\PxHelp20.sys
20:49:43.0296 2832 PxHelp20 - ok
20:49:43.0312 2832 ql1080 - ok
20:49:43.0312 2832 Ql10wnt - ok
20:49:43.0328 2832 ql12160 - ok
20:49:43.0343 2832 ql1240 - ok
20:49:43.0343 2832 ql1280 - ok
20:49:43.0359 2832 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32

\DRIVERS\rasacd.sys
20:49:43.0359 2832 RasAcd - ok
20:49:43.0390 2832 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32

\rasauto.dll
20:49:43.0406 2832 RasAuto - ok
20:49:43.0421 2832 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32

\DRIVERS\rasl2tp.sys
20:49:43.0437 2832 Rasl2tp - ok
20:49:43.0468 2832 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32

\rasmans.dll
20:49:43.0468 2832 RasMan - ok
20:49:43.0484 2832 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32

\DRIVERS\raspppoe.sys
20:49:43.0515 2832 RasPppoe - ok
20:49:43.0515 2832 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32

\DRIVERS\raspti.sys
20:49:43.0593 2832 Raspti - ok
20:49:43.0656 2832 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32

\DRIVERS\rdbss.sys
20:49:43.0656 2832 Rdbss - ok
20:49:43.0671 2832 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32

\DRIVERS\RDPCDD.sys
20:49:43.0671 2832 RDPCDD - ok
20:49:43.0734 2832 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32

\DRIVERS\rdpdr.sys
20:49:43.0812 2832 rdpdr - ok
20:49:43.0859 2832 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32

\drivers\RDPWD.sys
20:49:43.0875 2832 RDPWD - ok
20:49:43.0921 2832 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32

\sessmgr.exe
20:49:44.0000 2832 RDSessMgr - ok
20:49:44.0031 2832 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32

\DRIVERS\redbook.sys
20:49:44.0078 2832 redbook - ok
20:49:44.0125 2832 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess

C:\WINDOWS\System32\mprdim.dll
20:49:44.0140 2832 RemoteAccess - ok
20:49:44.0187 2832 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32

\regsvc.dll
20:49:44.0187 2832 RemoteRegistry - ok
20:49:44.0343 2832 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:49:44.0390 2832 RoxMediaDB9 - ok
20:49:44.0421 2832 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32

\locator.exe
20:49:44.0437 2832 RpcLocator - ok
20:49:44.0468 2832 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32

\rpcss.dll
20:49:44.0484 2832 RpcSs - ok
20:49:44.0500 2832 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32

\rsvp.exe
20:49:44.0546 2832 RSVP - ok
20:49:44.0562 2832 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32

\lsass.exe
20:49:44.0562 2832 SamSs - ok
20:49:44.0562 2832 SBRE - ok
20:49:44.0625 2832 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32

\SCardSvr.exe
20:49:44.0640 2832 SCardSvr - ok
20:49:44.0687 2832 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32

\schedsvc.dll
20:49:44.0703 2832 Schedule - ok
20:49:44.0765 2832 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32

\DRIVERS\secdrv.sys
20:49:44.0781 2832 Secdrv - ok
20:49:44.0796 2832 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32

\seclogon.dll
20:49:44.0796 2832 seclogon - ok
20:49:44.0812 2832 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32

\sens.dll
20:49:44.0812 2832 SENS - ok
20:49:44.0828 2832 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32

\DRIVERS\serenum.sys
20:49:44.0875 2832 serenum - ok
20:49:44.0906 2832 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32

\DRIVERS\serial.sys
20:49:44.0921 2832 Serial - ok
20:49:44.0953 2832 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32

\drivers\Sfloppy.sys
20:49:44.0968 2832 Sfloppy - ok
20:49:45.0000 2832 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess

C:\WINDOWS\System32\ipnathlp.dll
20:49:45.0000 2832 SharedAccess - ok
20:49:45.0031 2832 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection

C:\WINDOWS\System32\shsvcs.dll
20:49:45.0031 2832 ShellHWDetection - ok
20:49:45.0031 2832 Simbad - ok
20:49:45.0171 2832 [ D0375CA98569065A51504187D22C1949 ] SmcService C:\Program

Files\Symantec\Symantec Endpoint Protection\Smc.exe
20:49:45.0218 2832 SmcService - ok
20:49:45.0250 2832 [ 612D1ECBF4F7351A29B9EB0FA6E5F56A ] SNAC C:\Program

Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
20:49:45.0312 2832 SNAC - ok
20:49:45.0312 2832 Sparrow - ok
20:49:45.0421 2832 [ 77780509A16A1DF7F2D8531D21DDB9B9 ] SPBBCDrv C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:49:45.0437 2832 SPBBCDrv - ok
20:49:45.0484 2832 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32

\drivers\splitter.sys
20:49:45.0484 2832 splitter - ok
20:49:45.0531 2832 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32

\spoolsv.exe
20:49:45.0546 2832 Spooler - ok
20:49:45.0625 2832 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32

\Drivers\sptd.sys
20:49:45.0625 2832 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5:

CDDDEC541BC3C96F91ECB48759673505
20:49:45.0625 2832 sptd ( LockedFile.Multi.Generic ) - warning
20:49:45.0625 2832 sptd - detected LockedFile.Multi.Generic (1)
20:49:45.0671 2832 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32

\DRIVERS\sr.sys
20:49:45.0703 2832 sr - ok
20:49:45.0734 2832 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32

\srsvc.dll
20:49:45.0750 2832 srservice - ok
20:49:45.0796 2832 [ E217480CC878061D7603A8CDCA06C188 ] SRTSP C:\WINDOWS\system32

\Drivers\SRTSP.SYS
20:49:45.0812 2832 SRTSP - ok
20:49:45.0859 2832 [ CAE71704BADDE6B0D5818ACCE20673CA ] SRTSPL C:\WINDOWS\system32

\Drivers\SRTSPL.SYS
20:49:45.0890 2832 SRTSPL - ok
20:49:45.0906 2832 [ BE6F1DDDE2DDAB75225D83E6B03A2348 ] SRTSPX C:\WINDOWS\system32

\Drivers\SRTSPX.SYS
20:49:45.0921 2832 SRTSPX - ok
20:49:45.0968 2832 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32

\DRIVERS\srv.sys
20:49:45.0968 2832 Srv - ok
20:49:46.0015 2832 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV

C:\WINDOWS\System32\ssdpsrv.dll
20:49:46.0015 2832 SSDPSRV - ok
20:49:46.0109 2832 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32

\drivers\sthda.sys
20:49:46.0156 2832 STHDA - ok
20:49:46.0218 2832 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32

\wiaservc.dll
20:49:46.0234 2832 stisvc - ok
20:49:46.0265 2832 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32

\DRIVERS\swenum.sys
20:49:46.0265 2832 swenum - ok
20:49:46.0312 2832 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32

\drivers\swmidi.sys
20:49:46.0328 2832 swmidi - ok
20:49:46.0328 2832 SwPrv - ok
20:49:46.0484 2832 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program

Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
20:49:46.0531 2832 Symantec AntiVirus - ok
20:49:46.0546 2832 symc810 - ok
20:49:46.0562 2832 symc8xx - ok
20:49:46.0593 2832 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32

\Drivers\SYMEVENT.SYS
20:49:46.0593 2832 SymEvent - ok
20:49:46.0656 2832 [ BE3C117150C055E50A4CAF23E548C856 ] SYMREDRV

C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:49:46.0656 2832 SYMREDRV - ok
20:49:46.0687 2832 [ 7B0AF4E22B32F8C5BFBA5A5D53522160 ] SYMTDI C:\WINDOWS\System32

\Drivers\SYMTDI.SYS
20:49:46.0687 2832 SYMTDI - ok
20:49:46.0703 2832 sym_hi - ok
20:49:46.0703 2832 sym_u3 - ok
20:49:46.0734 2832 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32

\drivers\sysaudio.sys
20:49:46.0734 2832 sysaudio - ok
20:49:46.0781 2832 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32

\smlogsvc.exe
20:49:46.0812 2832 SysmonLog - ok
20:49:46.0859 2832 [ 835AC2478EDA93C43A3066A246251EDA ] SysPlant C:\WINDOWS\SYSTEM32

\Drivers\SysPlant.sys
20:49:46.0859 2832 SysPlant - ok
20:49:46.0937 2832 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32

\DRIVERS\taphss.sys
20:49:46.0953 2832 taphss - ok
20:49:47.0000 2832 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32

\tapisrv.dll
20:49:47.0015 2832 TapiSrv - ok
20:49:47.0046 2832 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32

\DRIVERS\tcpip.sys
20:49:47.0046 2832 Tcpip - ok
20:49:47.0093 2832 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32

\drivers\TDPIPE.sys
20:49:47.0109 2832 TDPIPE - ok
20:49:47.0140 2832 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32

\drivers\TDTCP.sys
20:49:47.0156 2832 TDTCP - ok
20:49:47.0171 2832 [ 0DC098CC18A974E7C1E96E6846BD06E4 ] Teefer2 C:\WINDOWS\system32

\DRIVERS\teefer2.sys
20:49:47.0171 2832 Teefer2 - ok
20:49:47.0203 2832 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32

\DRIVERS\termdd.sys
20:49:47.0218 2832 TermDD - ok
20:49:47.0234 2832 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32

\termsrv.dll
20:49:47.0265 2832 TermService - ok
20:49:47.0281 2832 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32

\shsvcs.dll
20:49:47.0281 2832 Themes - ok
20:49:47.0328 2832 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32

\tlntsvr.exe
20:49:47.0390 2832 TlntSvr - ok
20:49:47.0406 2832 TosIde - ok
20:49:47.0421 2832 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32

\trkwks.dll
20:49:47.0437 2832 TrkWks - ok
20:49:47.0453 2832 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32

\drivers\Udfs.sys
20:49:47.0468 2832 Udfs - ok
20:49:47.0484 2832 UIUSys - ok
20:49:47.0500 2832 ultra - ok
20:49:47.0562 2832 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32

\DRIVERS\update.sys
20:49:47.0593 2832 Update - ok
20:49:47.0609 2832 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32

\upnphost.dll
20:49:47.0640 2832 upnphost - ok
20:49:47.0656 2832 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32

\ups.exe
20:49:47.0671 2832 UPS - ok
20:49:47.0703 2832 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL

C:\WINDOWS\system32\Drivers\usbaapl.sys
20:49:47.0718 2832 USBAAPL - ok
20:49:47.0765 2832 [ 2825E0E294686A26506690059E1F437A ] USBCCID C:\WINDOWS\system32

\DRIVERS\usbccid.sys
20:49:47.0781 2832 USBCCID - ok
20:49:47.0828 2832 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32

\DRIVERS\usbehci.sys
20:49:47.0843 2832 usbehci - ok
20:49:47.0859 2832 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32

\DRIVERS\usbhub.sys
20:49:47.0921 2832 usbhub - ok
20:49:47.0968 2832 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32

\DRIVERS\usbscan.sys
20:49:47.0968 2832 usbscan - ok
20:49:48.0000 2832 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32

\DRIVERS\USBSTOR.SYS
20:49:48.0015 2832 USBSTOR - ok
20:49:48.0015 2832 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32

\DRIVERS\usbuhci.sys
20:49:48.0031 2832 usbuhci - ok
20:49:48.0062 2832 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32

\drivers\vga.sys
20:49:48.0062 2832 VgaSave - ok
20:49:48.0078 2832 ViaIde - ok
20:49:48.0093 2832 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32

\drivers\VolSnap.sys
20:49:48.0109 2832 VolSnap - ok
20:49:48.0140 2832 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32

\vssvc.exe
20:49:48.0171 2832 VSS - ok
20:49:48.0187 2832 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32

\w32time.dll
20:49:48.0203 2832 W32Time - ok
20:49:48.0218 2832 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32

\DRIVERS\wanarp.sys
20:49:48.0218 2832 Wanarp - ok
20:49:48.0296 2832 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32

\DRIVERS\Wdf01000.sys
20:49:48.0312 2832 Wdf01000 - ok
20:49:48.0328 2832 WDICA - ok
20:49:48.0390 2832 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32

\drivers\wdmaud.sys
20:49:48.0390 2832 wdmaud - ok
20:49:48.0437 2832 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32

\webclnt.dll
20:49:48.0437 2832 WebClient - ok
20:49:48.0484 2832 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32

\DRIVERS\HSX_CNXT.sys
20:49:48.0515 2832 winachsf - ok
20:49:48.0625 2832 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32

\wbem\WMIsvc.dll
20:49:48.0625 2832 winmgmt - ok
20:49:48.0687 2832 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN

C:\WINDOWS\system32\MsPMSNSv.dll
20:49:48.0703 2832 WmdmPmSN - ok
20:49:48.0781 2832 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32

\advapi32.dll
20:49:48.0796 2832 Wmi - ok
20:49:48.0812 2832 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32

\DRIVERS\wmiacpi.sys
20:49:48.0812 2832 WmiAcpi - ok
20:49:48.0875 2832 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32

\wbem\wmiapsrv.exe
20:49:48.0890 2832 WmiApSrv - ok
20:49:49.0015 2832 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program

Files\Windows Media Player\WMPNetwk.exe
20:49:49.0078 2832 WMPNetworkSvc - ok
20:49:49.0125 2832 [ 4017E55EA0C71AFF4F0F90FA97EB199F ] WPS C:\WINDOWS\system32

\drivers\wpsdrvnt.sys
20:49:49.0125 2832 WPS - ok
20:49:49.0156 2832 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\WINDOWS\system32

\drivers\WpsHelper.sys
20:49:49.0156 2832 WpsHelper - ok
20:49:49.0203 2832 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32

\wscsvc.dll
20:49:49.0218 2832 wscsvc - ok
20:49:49.0250 2832 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32

\wuauserv.dll
20:49:49.0265 2832 wuauserv - ok
20:49:49.0312 2832 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32

\DRIVERS\WudfPf.sys
20:49:49.0328 2832 WudfPf - ok
20:49:49.0343 2832 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32

\DRIVERS\wudfrd.sys
20:49:49.0359 2832 WudfRd - ok
20:49:49.0390 2832 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32

\WUDFSvc.dll
20:49:49.0406 2832 WudfSvc - ok
20:49:49.0437 2832 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC

C:\WINDOWS\System32\wzcsvc.dll
20:49:49.0453 2832 WZCSVC - ok
20:49:49.0515 2832 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32

\xmlprov.dll
20:49:49.0531 2832 xmlprov - ok
20:49:49.0531 2832 ================ Scan global ===============================
20:49:49.0593 2832 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:49:49.0656 2832 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:49:49.0671 2832 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:49:49.0687 2832 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:49:49.0687 2832 [Global] - ok
20:49:49.0687 2832 ================ Scan MBR ==================================
20:49:49.0718 2832 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:49:49.0953 2832 \Device\Harddisk0\DR0 - ok
20:49:49.0953 2832 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
20:49:49.0968 2832 \Device\Harddisk1\DR2 - ok
20:49:49.0968 2832 ================ Scan VBR ==================================
20:49:49.0968 2832 [ 494CF35631C9421E4F50BC4112F6780D ] \Device\Harddisk0\DR0\Partition1
20:49:49.0984 2832 \Device\Harddisk0\DR0\Partition1 - ok
20:49:49.0984 2832 [ 508284C0D0405BDF92FB630E96F9A0A4 ] \Device\Harddisk1\DR2\Partition1
20:49:49.0984 2832 \Device\Harddisk1\DR2\Partition1 - ok
20:49:49.0984 2832 ============================================================
20:49:49.0984 2832 Scan finished
20:49:49.0984 2832 ============================================================
20:49:50.0031 2740 Detected object count: 1
20:49:50.0031 2740 Actual detected object count: 1
20:50:42.0968 2740 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:50:42.0968 2740 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:51:48.0296 0212 Deinitialize success



---------------------



AdwCleaner log:



# AdwCleaner v2.109 - Logfile created 01/28/2013 at 20:54:46
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - P_COMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1g6ne0ru.default\adawaretb
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Program Files\adawaretb

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1g6ne0ru.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1581 octets] - [28/01/2013 20:54:46]

########## EOF - C:\AdwCleaner[S1].txt - [1641 octets] ##########


------------------


RogueKiller log:


RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 01/28/2013 21:07:12
| ARK || MBR |

Bad processes : 2
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\WINDOWS\KATRACK.DLL -> UNLOADED
[SUSP PATH] keyacc32.exe -- C:\WINDOWS\keyacc32.exe -> KILLED [TermProc]

Registry Entries : 3
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : KeyAccess (C:\WINDOWS\keyacc32.exe) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x86228E80)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8606F2D8)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x86237A28)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x866CD198)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x86319AD8)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x86249248)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x86194AF0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8606F7A0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x863A0A48)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8618F618)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x86217E78)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8624D9D0)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x86219148)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x862194D0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8621E620)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8618F188)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x86075620)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x860712A8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x861911A8)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x86242528)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8621E5A0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x86192680)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x861940A8)

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS721010G9SA00 +++++
--- User ---
[MBR] 5422c4a5a7be15d63a32d40a1b6461d9
[BSP] 5d131dcd62fbc75f8365c83b852252d5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer Micro USB Device +++++
--- User ---
[MBR] c48cd714c2da71e2349fcc0c70ae616c
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 233 | Size: 488 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01282013_02d2107.txt >>
RKreport[1]_S_01282013_02d2105.txt ; RKreport[2]_D_01282013_02d2107.txt

#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:51 PM

Posted 29 January 2013 - 01:32 AM

Hi,

Great to hear Symantec isn't bothering you yet! :) Let's run a few more scans to make sure things stay well.

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop to open MBAM.
  • Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Please tell me how the computer is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 January 2013 - 10:51 AM

The Symantec alerts have reappeared. Most of the time they've just listed threats in zeroes, ones and twos, but several times they displayed eight or ten Trojans, some of which appear to be repeats (same file name, same location).

I had to run both SUPERAntiSpyware and MBAM in safe mode, since both froze halfway through scanning in normal mode.

I was running ESET in normal mode, and everything seemed to be going smoothly, but it's stalled out at 99%. It hasn't frozen or anything, it's just not finishing. It says it's found no threats, but I think the file it's stuck on is one of the files flagged by Symantec.

I'm going to try ESET in safe mode. In the meanwhile, the SUPERAntiSpyware and MBAM logs:



SUPERAntiSpyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/29/2013 at 03:47 PM

Application Version : 5.6.1014

Core Rules Database Version : 9939
Trace Rules Database Version: 7751

Scan type : Complete Scan
Total Scan Time : 05:43:14

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 277
Memory threats detected : 0
Registry items scanned : 36336
Registry threats detected : 0
File items scanned : 33274
File threats detected : 15

Adware.Tracking Cookie
games.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
games.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
games.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.adultswim.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
querytracker.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
querytracker.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1G6NE0RU.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Agent
C:\PROGRAM FILES\SIGMATEL\C-MAJOR AUDIO\WDM\E1Q5132.SYS


-------------------------------


MBAM log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: P_COMPUTER [administrator]

1/29/2013 5:04:17 PM
mbam-log-2013-01-29 (17-04-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305403
Time elapsed: 3 hour(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\50FE1EAD.TMP (Trojan.Tracur) -> Quarantined and deleted successfully.

(end)

#6 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 January 2013 - 03:31 PM

ESET ran quickly and smoothly in Safe mode w/ Networking. It did not require a reboot. JRT ran successfully in normal mode.



ESET log:

C:\WINDOWS\Temp\DWHD6E2.tmp a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\DWHDE8.tmp a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\DWHE489.tmp a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\DWHEB46.tmp a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\DWHED50.tmp a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined



-----------------------


JRT log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.5 (01.30.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrator on 01/30/2013 Wed at 11:49:46.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\1g6ne0ru.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\1g6ne0ru.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/30/2013 Wed at 12:25:19.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:51 PM

Posted 30 January 2013 - 11:11 PM

Hi,

Whatever you're infected with is not giving up easily, so you'll need advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#8 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 January 2013 - 11:53 PM

I've posted in the malware removal forum according to instructions. Thanks for your help, Gunto, I really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users