Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirecting


  • Please log in to reply
5 replies to this topic

#1 SisterWicked

SisterWicked

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 01 August 2013 - 10:56 PM

My alternate laptop is running Windows XP Pro Performance Edition SP3.

It is a Dell Latitude D800,

with an older Pentium processor, 1700MHZ, with only 512mb of RAM.

 

When using google, I get a page of search results as I usually would, but when I click on one of the results, I am redirected to another page. Some of the pages I've been sent to are reply.com, alphamalesystem, and insidetotalhealth.com.

 

This happens in Avant browser, Firefoc and IE. I noticed the problem yesterday afternoon. There was also a bar at the bottom of the Firefox window that said "Firefox seems to be working...very...slowly" and a button to 'speed it up'. Not sure if this is a factor. I have run Revo uninstaller to see if my child installed anything untoward, but found nothing.

I ran MalwareBytes AntiMalware several times, but the problem persists. I checked to see if my LAN had developed a new proxy (as some infections have done on previous computers in the past), but there was nothing.

 

I need to have this laptop running because my alternate one is due to be sold fairly soon.

I would appreciate any help that you could provide.


Edited by Budapest, 02 August 2013 - 02:13 AM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 02 August 2013 - 02:47 AM

:welcome:

 

:step1:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step2:  ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 SisterWicked

SisterWicked
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 02 August 2013 - 04:35 PM

Thank you. I couldn't figure out how to attach things to a post, so these will be copy/paste.

As requested, the logs are:

 

TDSSKiller:

15:12:57.0832 1556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:12:58.0543 1556  ============================================================
15:12:58.0543 1556  Current date / time: 2013/08/02 15:12:58.0543
15:12:58.0543 1556  SystemInfo:
15:12:58.0543 1556  
15:12:58.0543 1556  OS Version: 5.1.2600 ServicePack: 3.0
15:12:58.0543 1556  Product type: Workstation
15:12:58.0543 1556  ComputerName: ARIANNA
15:12:58.0543 1556  UserName: Administrator
15:12:58.0543 1556  Windows directory: C:\WINDOWS
15:12:58.0543 1556  System windows directory: C:\WINDOWS
15:12:58.0543 1556  Processor architecture: Intel x86
15:12:58.0543 1556  Number of processors: 1
15:12:58.0543 1556  Page size: 0x1000
15:12:58.0543 1556  Boot type: Normal boot
15:12:58.0543 1556  ============================================================
15:13:01.0067 1556  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:13:01.0087 1556  ============================================================
15:13:01.0087 1556  \Device\Harddisk0\DR0:
15:13:01.0087 1556  MBR partitions:
15:13:01.0087 1556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
15:13:01.0087 1556  ============================================================
15:13:01.0127 1556  C: <-> \Device\Harddisk0\DR0\Partition1
15:13:01.0127 1556  ============================================================
15:13:01.0127 1556  Initialize success
15:13:01.0127 1556  ============================================================
15:13:35.0416 2164  ============================================================
15:13:35.0416 2164  Scan started
15:13:35.0416 2164  Mode: Manual; TDLFS;
15:13:35.0416 2164  ============================================================
15:13:38.0451 2164  ================ Scan system memory ========================
15:13:38.0451 2164  System memory - ok
15:13:38.0461 2164  ================ Scan services =============================
15:13:38.0721 2164  Abiosdsk - ok
15:13:38.0741 2164  abp480n5 - ok
15:13:38.0801 2164  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:13:38.0811 2164  ACPI - ok
15:13:38.0841 2164  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:13:38.0841 2164  ACPIEC - ok
15:13:38.0951 2164  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:38.0961 2164  AdobeFlashPlayerUpdateSvc - ok
15:13:38.0981 2164  adpu160m - ok
15:13:39.0272 2164  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:13:39.0292 2164  aec - ok
15:13:39.0382 2164  [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:13:39.0382 2164  AFD - ok
15:13:39.0422 2164  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
15:13:39.0432 2164  agp440 - ok
15:13:39.0432 2164  Aha154x - ok
15:13:39.0442 2164  aic78u2 - ok
15:13:39.0452 2164  aic78xx - ok
15:13:39.0662 2164  [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:13:39.0773 2164  ALCXWDM - ok
15:13:39.0793 2164  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:13:39.0793 2164  Alerter - ok
15:13:39.0793 2164  AliIde - ok
15:13:39.0803 2164  amsint - ok
15:13:39.0823 2164  ApfiltrService - ok
15:13:39.0843 2164  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:13:39.0863 2164  AppMgmt - ok
15:13:40.0023 2164  [ 572D2CDA0B0131CB4DBB31981EC75B49 ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
15:13:40.0113 2164  AR5416 - ok
15:13:40.0173 2164  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:13:40.0173 2164  Arp1394 - ok
15:13:40.0193 2164  asc - ok
15:13:40.0203 2164  asc3350p - ok
15:13:40.0213 2164  asc3550 - ok
15:13:40.0353 2164  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:13:40.0514 2164  aspnet_state - ok
15:13:40.0554 2164  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:13:40.0554 2164  AsyncMac - ok
15:13:40.0594 2164  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:13:40.0594 2164  atapi - ok
15:13:40.0604 2164  Atdisk - ok
15:13:40.0634 2164  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:13:40.0634 2164  AudioSrv - ok
15:13:40.0674 2164  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:13:40.0674 2164  audstub - ok
15:13:40.0714 2164  [ BF9C01A3040D75BFB95BEFFA216173DF ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:13:40.0734 2164  b57w2k - ok
15:13:40.0784 2164  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:13:40.0794 2164  Beep - ok
15:13:40.0904 2164  [ 0548F989314171901A9B8570B253C2E8 ] block_reader    C:\Program Files\Multi Password Recovery\block_reader.sys
15:13:40.0904 2164  block_reader - ok
15:13:40.0934 2164  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
15:13:40.0944 2164  Browser - ok
15:13:40.0984 2164  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:13:40.0984 2164  cbidf2k - ok
15:13:41.0034 2164  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:13:41.0044 2164  CCDECODE - ok
15:13:41.0044 2164  cd20xrnt - ok
15:13:41.0074 2164  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:13:41.0074 2164  Cdaudio - ok
15:13:41.0104 2164  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:13:41.0104 2164  Cdfs - ok
15:13:41.0135 2164  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:13:41.0145 2164  Cdrom - ok
15:13:41.0145 2164  Changer - ok
15:13:41.0215 2164  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:41.0355 2164  clr_optimization_v2.0.50727_32 - ok
15:13:41.0395 2164  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:13:41.0395 2164  CmBatt - ok
15:13:41.0405 2164  CmdIde - ok
15:13:41.0425 2164  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:13:41.0435 2164  Compbatt - ok
15:13:41.0435 2164  COMSysApp - ok
15:13:41.0455 2164  Cpqarray - ok
15:13:41.0525 2164  [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:13:41.0525 2164  cpudrv - ok
15:13:41.0816 2164  cpuz134 - ok
15:13:41.0876 2164  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:13:41.0876 2164  CryptSvc - ok
15:13:41.0886 2164  dac2w2k - ok
15:13:41.0926 2164  dac960nt - ok
15:13:42.0016 2164  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:13:42.0036 2164  DcomLaunch - ok
15:13:42.0086 2164  [ 913938A5382BFB2487AACAEA408A14D2 ] DevUpper        C:\WINDOWS\system32\DRIVERS\tiumflt.sys
15:13:42.0096 2164  DevUpper - ok
15:13:42.0146 2164  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:13:42.0156 2164  Dhcp - ok
15:13:42.0186 2164  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:13:42.0186 2164  Disk - ok
15:13:42.0196 2164  dmadmin - ok
15:13:42.0296 2164  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:13:42.0346 2164  dmboot - ok
15:13:42.0376 2164  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:13:42.0386 2164  dmio - ok
15:13:42.0436 2164  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:13:42.0436 2164  dmload - ok
15:13:42.0446 2164  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:13:42.0446 2164  dmserver - ok
15:13:42.0486 2164  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:13:42.0486 2164  DMusic - ok
15:13:42.0517 2164  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:13:42.0527 2164  Dnscache - ok
15:13:42.0557 2164  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:13:42.0567 2164  Dot3svc - ok
15:13:42.0577 2164  dpti2o - ok
15:13:42.0607 2164  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:13:42.0607 2164  drmkaud - ok
15:13:42.0667 2164  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:13:42.0677 2164  EapHost - ok
15:13:42.0767 2164  [ D57F1811D8258D8D277CD9F53657EEF9 ] epmntdrv        C:\WINDOWS\system32\epmntdrv.sys
15:13:42.0777 2164  epmntdrv - ok
15:13:42.0797 2164  [ F1DE3EEF501DDA7DDF99F2EDF0C5540E ] EuGdiDrv        C:\WINDOWS\system32\EuGdiDrv.sys
15:13:42.0807 2164  EuGdiDrv - ok
15:13:42.0847 2164  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
15:13:42.0857 2164  Eventlog - ok
15:13:42.0907 2164  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
15:13:42.0917 2164  EventSystem - ok
15:13:42.0957 2164  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:13:42.0967 2164  Fastfat - ok
15:13:43.0027 2164  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:13:43.0047 2164  FastUserSwitchingCompatibility - ok
15:13:43.0097 2164  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:13:43.0117 2164  Fdc - ok
15:13:43.0137 2164  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:13:43.0137 2164  Fips - ok
15:13:43.0157 2164  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:13:43.0157 2164  Flpydisk - ok
15:13:43.0187 2164  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:13:43.0187 2164  FltMgr - ok
15:13:43.0278 2164  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:13:43.0278 2164  FontCache3.0.0.0 - ok
15:13:43.0368 2164  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:13:43.0368 2164  Fs_Rec - ok
15:13:43.0378 2164  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:13:43.0388 2164  Ftdisk - ok
15:13:43.0418 2164  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:13:43.0418 2164  Gpc - ok
15:13:43.0468 2164  [ 5CCB2F5CD9F8B6A7DFD57E5346EE5796 ] GTICARD         C:\WINDOWS\system32\DRIVERS\gticard.sys
15:13:43.0468 2164  GTICARD - ok
15:13:43.0498 2164  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:13:43.0508 2164  HidServ - ok
15:13:43.0528 2164  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:13:43.0538 2164  HidUsb - ok
15:13:43.0558 2164  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:13:43.0568 2164  hkmsvc - ok
15:13:43.0578 2164  hpn - ok
15:13:43.0628 2164  [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH        C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
15:13:43.0648 2164  HSFHWICH - ok
15:13:43.0758 2164  [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
15:13:43.0788 2164  HSF_DPV - ok
15:13:43.0828 2164  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:13:43.0828 2164  HTTP - ok
15:13:43.0888 2164  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:13:43.0909 2164  HTTPFilter - ok
15:13:43.0929 2164  i2omgmt - ok
15:13:43.0959 2164  i2omp - ok
15:13:44.0009 2164  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:13:44.0009 2164  i8042prt - ok
15:13:44.0169 2164  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:13:44.0199 2164  idsvc - ok
15:13:44.0239 2164  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:13:44.0239 2164  Imapi - ok
15:13:44.0279 2164  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:13:44.0289 2164  ImapiService - ok
15:13:44.0309 2164  ini910u - ok
15:13:44.0359 2164  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:13:44.0359 2164  IntelIde - ok
15:13:44.0389 2164  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:13:44.0389 2164  intelppm - ok
15:13:44.0409 2164  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:13:44.0419 2164  Ip6Fw - ok
15:13:44.0449 2164  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:13:44.0449 2164  IpFilterDriver - ok
15:13:44.0489 2164  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:13:44.0499 2164  IpInIp - ok
15:13:44.0539 2164  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:13:44.0539 2164  IpNat - ok
15:13:44.0589 2164  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:13:44.0600 2164  IPSec - ok
15:13:44.0630 2164  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:13:44.0640 2164  IRENUM - ok
15:13:44.0670 2164  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:13:44.0670 2164  isapnp - ok
15:13:44.0890 2164  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:13:44.0900 2164  JavaQuickStarterService - ok
15:13:44.0950 2164  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:13:44.0950 2164  Kbdclass - ok
15:13:44.0970 2164  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:13:44.0970 2164  kbdhid - ok
15:13:45.0010 2164  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:13:45.0020 2164  kmixer - ok
15:13:45.0080 2164  [ 4635935FC972C582632BF45C26BFCB0E ] KMService       C:\WINDOWS\System32\srvany.exe
15:13:45.0090 2164  KMService - ok
15:13:45.0120 2164  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:13:45.0130 2164  KSecDD - ok
15:13:45.0140 2164  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:13:45.0140 2164  L8042Kbd - ok
15:13:45.0170 2164  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:13:45.0180 2164  LanmanServer - ok
15:13:45.0240 2164  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:13:45.0250 2164  lanmanworkstation - ok
15:13:45.0250 2164  lbrtfdc - ok
15:13:45.0291 2164  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:13:45.0301 2164  LmHosts - ok
15:13:45.0371 2164  [ BA1347822D01B2D29C14CF09663A6457 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:13:45.0381 2164  LVRS - ok
15:13:45.0401 2164  lxdi_device - ok
15:13:45.0461 2164  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:13:45.0461 2164  MBAMProtector - ok
15:13:45.0551 2164  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:13:45.0571 2164  MBAMScheduler - ok
15:13:45.0641 2164  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:13:45.0671 2164  MBAMService - ok
15:13:45.0701 2164  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:13:45.0701 2164  mdmxsdk - ok
15:13:45.0731 2164  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:13:45.0731 2164  Modem - ok
15:13:45.0751 2164  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:13:45.0761 2164  Mouclass - ok
15:13:45.0771 2164  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:13:45.0781 2164  mouhid - ok
15:13:45.0801 2164  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:13:45.0801 2164  MountMgr - ok
15:13:45.0861 2164  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:13:45.0861 2164  MozillaMaintenance - ok
15:13:45.0871 2164  mraid35x - ok
15:13:45.0941 2164  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:13:45.0941 2164  MRxDAV - ok
15:13:46.0002 2164  [ CC25FB221A33D34D21CDAAE4FFF15471 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:13:46.0022 2164  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: CC25FB221A33D34D21CDAAE4FFF15471, Fake md5: F3AEFB11ABC521122B67095044169E98
15:13:46.0042 2164  MRxSmb ( Virus.Win32.ZAccess.aml ) - infected
15:13:46.0042 2164  MRxSmb - detected Virus.Win32.ZAccess.aml (0)
15:13:46.0082 2164  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:13:46.0092 2164  MSDTC - ok
15:13:46.0132 2164  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:13:46.0132 2164  Msfs - ok
15:13:46.0142 2164  MSIServer - ok
15:13:46.0172 2164  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:13:46.0182 2164  MSKSSRV - ok
15:13:46.0202 2164  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:13:46.0202 2164  MSPCLOCK - ok
15:13:46.0232 2164  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:13:46.0232 2164  MSPQM - ok
15:13:46.0282 2164  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:13:46.0282 2164  mssmbios - ok
15:13:46.0372 2164  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:13:46.0372 2164  MSTEE - ok
15:13:46.0392 2164  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:13:46.0412 2164  Mup - ok
15:13:46.0462 2164  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:13:46.0472 2164  NABTSFEC - ok
15:13:46.0512 2164  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:13:46.0532 2164  napagent - ok
15:13:46.0572 2164  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:13:46.0572 2164  NDIS - ok
15:13:46.0622 2164  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:13:46.0622 2164  NdisIP - ok
15:13:46.0652 2164  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:13:46.0652 2164  NdisTapi - ok
15:13:46.0683 2164  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:13:46.0683 2164  Ndisuio - ok
15:13:46.0713 2164  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:13:46.0713 2164  NdisWan - ok
15:13:46.0743 2164  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:13:46.0743 2164  NDProxy - ok
15:13:46.0753 2164  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:13:46.0763 2164  NetBIOS - ok
15:13:46.0803 2164  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:13:46.0813 2164  NetBT - ok
15:13:46.0853 2164  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:13:46.0853 2164  Netlogon - ok
15:13:46.0903 2164  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:13:46.0913 2164  Netman - ok
15:13:46.0963 2164  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:13:46.0963 2164  NetTcpPortSharing - ok
15:13:46.0983 2164  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:13:46.0993 2164  NIC1394 - ok
15:13:47.0033 2164  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:13:47.0043 2164  Nla - ok
15:13:47.0083 2164  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:13:47.0093 2164  Npfs - ok
15:13:47.0173 2164  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:13:47.0193 2164  Ntfs - ok
15:13:47.0203 2164  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:13:47.0213 2164  NtLmSsp - ok
15:13:47.0263 2164  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:13:47.0263 2164  Null - ok
15:13:47.0624 2164  [ 9E4B052C76949DE445AD6439CD473548 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:13:47.0744 2164  nv - ok
15:13:47.0824 2164  [ 9233D25A68F320EB2361E5C383C1F31F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
15:13:47.0844 2164  NVSvc - ok
15:13:47.0874 2164  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:13:47.0874 2164  NwlnkFlt - ok
15:13:47.0894 2164  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:13:47.0894 2164  NwlnkFwd - ok
15:13:47.0914 2164  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:13:47.0914 2164  ohci1394 - ok
15:13:47.0974 2164  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:13:47.0974 2164  Parport - ok
15:13:47.0994 2164  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:13:47.0994 2164  PartMgr - ok
15:13:48.0034 2164  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:13:48.0034 2164  ParVdm - ok
15:13:48.0075 2164  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:13:48.0075 2164  PCI - ok
15:13:48.0085 2164  PCIDump - ok
15:13:48.0105 2164  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:13:48.0105 2164  PCIIde - ok
15:13:48.0125 2164  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:13:48.0135 2164  Pcmcia - ok
15:13:48.0145 2164  PDCOMP - ok
15:13:48.0165 2164  PDFRAME - ok
15:13:48.0175 2164  PDRELI - ok
15:13:48.0185 2164  PDRFRAME - ok
15:13:48.0195 2164  perc2 - ok
15:13:48.0215 2164  perc2hib - ok
15:13:48.0335 2164  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:13:48.0345 2164  PlugPlay - ok
15:13:48.0365 2164  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:13:48.0375 2164  PolicyAgent - ok
15:13:48.0405 2164  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:13:48.0415 2164  PptpMiniport - ok
15:13:48.0425 2164  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:13:48.0425 2164  ProtectedStorage - ok
15:13:48.0455 2164  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:13:48.0455 2164  PSched - ok
15:13:48.0495 2164  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:13:48.0495 2164  Ptilink - ok
15:13:48.0505 2164  ql1080 - ok
15:13:48.0515 2164  Ql10wnt - ok
15:13:48.0535 2164  ql12160 - ok
15:13:48.0555 2164  ql1240 - ok
15:13:48.0565 2164  ql1280 - ok
15:13:48.0585 2164  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:13:48.0585 2164  RasAcd - ok
15:13:48.0635 2164  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:13:48.0645 2164  RasAuto - ok
15:13:48.0675 2164  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:13:48.0685 2164  Rasl2tp - ok
15:13:48.0755 2164  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:13:48.0765 2164  RasMan - ok
15:13:48.0796 2164  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:13:48.0796 2164  RasPppoe - ok
15:13:48.0816 2164  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:13:48.0816 2164  Raspti - ok
15:13:48.0846 2164  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:13:48.0846 2164  Rdbss - ok
15:13:48.0866 2164  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:13:48.0866 2164  RDPCDD - ok
15:13:48.0926 2164  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:13:48.0936 2164  rdpdr - ok
15:13:48.0996 2164  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:13:49.0006 2164  RDPWD - ok
15:13:49.0036 2164  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:13:49.0046 2164  RDSessMgr - ok
15:13:49.0096 2164  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:13:49.0096 2164  redbook - ok
15:13:49.0126 2164  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:13:49.0136 2164  RemoteAccess - ok
15:13:49.0196 2164  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:13:49.0216 2164  RpcSs - ok
15:13:49.0266 2164  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:13:49.0276 2164  RSVP - ok
15:13:49.0296 2164  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:13:49.0296 2164  SamSs - ok
15:13:49.0356 2164  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:13:49.0376 2164  SCardSvr - ok
15:13:49.0426 2164  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:13:49.0436 2164  Schedule - ok
15:13:49.0467 2164  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:13:49.0467 2164  Secdrv - ok
15:13:49.0477 2164  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:13:49.0487 2164  seclogon - ok
15:13:49.0537 2164  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:13:49.0537 2164  SENS - ok
15:13:49.0567 2164  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:13:49.0567 2164  serenum - ok
15:13:49.0587 2164  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:13:49.0587 2164  Serial - ok
15:13:49.0627 2164  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:13:49.0637 2164  Sfloppy - ok
15:13:49.0657 2164  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:13:49.0657 2164  ShellHWDetection - ok
15:13:49.0677 2164  Simbad - ok
15:13:49.0847 2164  [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:13:49.0857 2164  SkypeUpdate - ok
15:13:49.0897 2164  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:13:49.0897 2164  SLIP - ok
15:13:49.0917 2164  Sparrow - ok
15:13:49.0947 2164  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:13:49.0957 2164  splitter - ok
15:13:49.0987 2164  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:13:49.0997 2164  Spooler - ok
15:13:50.0027 2164  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] Sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:13:50.0027 2164  Sr - ok
15:13:50.0077 2164  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:13:50.0087 2164  srservice - ok
15:13:50.0137 2164  [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:13:50.0147 2164  Srv - ok
15:13:50.0218 2164  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:13:50.0228 2164  SSDPSRV - ok
15:13:50.0278 2164  [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97          C:\WINDOWS\system32\drivers\stac97.sys
15:13:50.0288 2164  STAC97 - ok
15:13:50.0338 2164  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:13:50.0358 2164  stisvc - ok
15:13:50.0388 2164  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:13:50.0388 2164  streamip - ok
15:13:50.0408 2164  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:13:50.0408 2164  swenum - ok
15:13:50.0438 2164  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:13:50.0438 2164  swmidi - ok
15:13:50.0448 2164  SwPrv - ok
15:13:50.0458 2164  symc810 - ok
15:13:50.0478 2164  symc8xx - ok
15:13:50.0488 2164  sym_hi - ok
15:13:50.0498 2164  sym_u3 - ok
15:13:50.0538 2164  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:13:50.0548 2164  sysaudio - ok
15:13:50.0568 2164  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:13:50.0578 2164  SysmonLog - ok
15:13:50.0608 2164  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:13:50.0628 2164  TapiSrv - ok
15:13:50.0668 2164  [ A29E1209F925A0E9B330E11DA5FC7BAB ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:13:50.0688 2164  Tcpip - ok
15:13:50.0738 2164  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:13:50.0738 2164  TDPIPE - ok
15:13:50.0768 2164  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:13:50.0768 2164  TDTCP - ok
15:13:50.0788 2164  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:13:50.0788 2164  TermDD - ok
15:13:50.0859 2164  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
15:13:50.0879 2164  TermService - ok
15:13:50.0909 2164  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:13:50.0909 2164  Themes - ok
15:13:50.0959 2164  [ 7ED11F79540FF1BC2AC12D2AE489474A ] tiumfwl         C:\WINDOWS\system32\drivers\tiumfwl.sys
15:13:50.0969 2164  tiumfwl - ok
15:13:51.0009 2164  Toolbar Updater Service - ok
15:13:51.0019 2164  TosIde - ok
15:13:51.0069 2164  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:13:51.0079 2164  TrkWks - ok
15:13:51.0099 2164  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:13:51.0099 2164  Udfs - ok
15:13:51.0109 2164  ultra - ok
15:13:51.0179 2164  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:13:51.0199 2164  Update - ok
15:13:51.0229 2164  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:13:51.0249 2164  upnphost - ok
15:13:51.0269 2164  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:13:51.0279 2164  UPS - ok
15:13:51.0359 2164  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:13:51.0359 2164  usbaudio - ok
15:13:51.0409 2164  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:13:51.0409 2164  usbccgp - ok
15:13:51.0429 2164  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:13:51.0429 2164  usbehci - ok
15:13:51.0459 2164  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:13:51.0469 2164  usbhub - ok
15:13:51.0509 2164  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:13:51.0519 2164  usbprint - ok
15:13:51.0570 2164  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:13:51.0570 2164  usbscan - ok
15:13:51.0600 2164  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:13:51.0600 2164  USBSTOR - ok
15:13:51.0620 2164  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:13:51.0620 2164  usbuhci - ok
15:13:51.0670 2164  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
15:13:51.0680 2164  usbvideo - ok
15:13:51.0730 2164  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:13:51.0730 2164  VgaSave - ok
15:13:51.0750 2164  ViaIde - ok
15:13:51.0830 2164  [ FECE79A9AEF62AD5F11A3F4A14F1DEAD ] VIAudio         C:\WINDOWS\system32\drivers\vinyl97.sys
15:13:51.0850 2164  VIAudio - ok
15:13:51.0890 2164  [ 2E11190F37F0499CCA53CC1F92C5A3F7 ] vmmouse         C:\WINDOWS\system32\DRIVERS\vmmouse.sys
15:13:51.0890 2164  vmmouse - ok
15:13:51.0930 2164  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:13:51.0930 2164  VolSnap - ok
15:13:51.0970 2164  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:13:51.0980 2164  VSS - ok
15:13:52.0050 2164  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
15:13:52.0060 2164  W32Time - ok
15:13:52.0090 2164  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:13:52.0090 2164  Wanarp - ok
15:13:52.0150 2164  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
15:13:52.0170 2164  Wdf01000 - ok
15:13:52.0180 2164  WDICA - ok
15:13:52.0220 2164  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:13:52.0220 2164  wdmaud - ok
15:13:52.0251 2164  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:13:52.0271 2164  WebClient - ok
15:13:52.0411 2164  [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:13:52.0431 2164  winachsf - ok
15:13:52.0541 2164  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:13:52.0551 2164  winmgmt - ok
15:13:52.0641 2164  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:13:52.0681 2164  WmdmPmSN - ok
15:13:52.0761 2164  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:13:52.0781 2164  Wmi - ok
15:13:52.0831 2164  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:13:52.0841 2164  WmiApSrv - ok
15:13:52.0972 2164  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
15:13:53.0002 2164  WMPNetworkSvc - ok
15:13:53.0032 2164  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:13:53.0032 2164  WpdUsb - ok
15:13:53.0062 2164  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:13:53.0062 2164  WSTCODEC - ok
15:13:53.0122 2164  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:13:53.0132 2164  WudfPf - ok
15:13:53.0152 2164  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:13:53.0162 2164  WudfRd - ok
15:13:53.0182 2164  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:13:53.0192 2164  WudfSvc - ok
15:13:53.0272 2164  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:13:53.0302 2164  WZCSVC - ok
15:13:53.0342 2164  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:13:53.0362 2164  xmlprov - ok
15:13:53.0382 2164  ================ Scan global ===============================
15:13:53.0452 2164  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:13:53.0492 2164  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
15:13:53.0522 2164  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
15:13:53.0562 2164  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:13:53.0562 2164  [Global] - ok
15:13:53.0572 2164  ================ Scan MBR ==================================
15:13:53.0592 2164  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:13:53.0843 2164  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:13:53.0843 2164  \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:13:53.0853 2164  ================ Scan VBR ==================================
15:13:53.0853 2164  [ 382C063EEB0974A1C71415919E8A5095 ] \Device\Harddisk0\DR0\Partition1
15:13:53.0863 2164  \Device\Harddisk0\DR0\Partition1 - ok
15:13:53.0863 2164  ============================================================
15:13:53.0863 2164  Scan finished
15:13:53.0863 2164  ============================================================
15:13:53.0893 3696  Detected object count: 2
15:13:53.0893 3696  Actual detected object count: 2
15:14:27.0511 3696  MRxSmb ( Virus.Win32.ZAccess.aml ) - skipped by user
15:14:27.0521 3696  MRxSmb ( Virus.Win32.ZAccess.aml ) - User select action: Skip
15:14:27.0521 3696  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:14:27.0521 3696  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:14:41.0511 2904  Deinitialize success
 

 

--------------------------------------------------------------

ESET Scanner:

 

C:\AI_RecycleBin\{EA7C75A7-6426-4225-80B9-B7557F43473E}\3\Strongvault\StrongVaultApp.exe    a variant of MSIL/Adware.StrongVault.A application
C:\Documents and Settings\Administrator\Desktop\STUFF THAT WILL MELT YOUR EYEBALLS SO STAY OUT\Trillian\Trillian_Astra_4.2_Build_22_Final\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe    Win32/HackTool.Patcher.A application
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000351    a variant of Win32/Kryptik.AQUX trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\Updater26276\Updater26276.exe    a variant of Win32/Toolbar.CrossRider.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\bundlesweetimsetup.exe    probably a variant of Win32/SweetIM.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\DefaultTabSetup.exe    a variant of Win32/Toolbar.DefaultTab.B application
C:\Documents and Settings\Administrator\Local Settings\Temp\jUTsrD30.exe.part    Win32/InstalleRex.I application
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe    multiple threats
C:\Documents and Settings\Administrator\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe    probably a variant of Win32/SweetIM.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\Shortcut_sweetpacks_632013.exe    probably a variant of Win32/SweetIM.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\Strongvault.exe    a variant of MSIL/Adware.StrongVault.A application
C:\Documents and Settings\Administrator\Local Settings\Temp\WSSetup.exe    Win32/SweetIM.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\BExternal.dll    a variant of Win32/Toolbar.Babylon.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Setup.exe    a variant of Win32/Toolbar.Babylon.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Latest\BExternal.dll    a variant of Win32/Toolbar.Babylon.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Latest\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Latest\IEHelper.dll    a variant of Win32/Toolbar.Babylon.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Latest\MyBabylonTB.exe    a variant of Win32/Toolbar.Babylon application
C:\Documents and Settings\Administrator\Local Settings\Temp\6C13EF69-BAB0-7891-A017-6EA984A88C30\Latest\Setup.exe    a variant of Win32/Toolbar.Babylon.E application
C:\Documents and Settings\Administrator\Local Settings\Temp\Bunndle\BunndleOfferManager.dll    a variant of Win32/Bunndle application
C:\Documents and Settings\Administrator\Local Settings\Temp\nshA.tmp\39\sweetpacks_outbrowse_6122013.exe    probably a variant of Win32/SweetIM.C application
C:\Documents and Settings\Administrator\Local Settings\Temp\nshA.tmp\46\infoseeker_6252013.exe    a variant of Win32/ExFriendAlert.B application
C:\Documents and Settings\Administrator\Local Settings\Temp\rninst~0\ui_data\stubinst_pkg_en-us.cab    Win32/OpenCandy application
C:\Documents and Settings\Administrator\Local Settings\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll    Win32/OpenCandy application
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\674H0TM5\MyFunCards[1].exe    a variant of Win32/AdInstaller application
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\00JMJEFK\stubinst_pkg_en-us[1].cab    Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\Downloads\audioextractor.exe    Win32/InstallMonetizer.AF application
C:\Documents and Settings\Administrator\My Documents\Downloads\B.Jigsaw.7.7.keygen.zip    a variant of Win32/Kryptik.BGCI trojan
C:\Documents and Settings\Administrator\My Documents\Downloads\DRPSu13-Lite.exe    Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\Downloads\EASEUS_Partition_Master_Home_Edition_9.2.2_DC_10.05.2013.rar    Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\Downloads\epm.exe    Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\Downloads\Multi Password Recover v1.2.8 [Cracked By Mr_Perfectionist].rar    a variant of Win32/MultiPasswordRecovery.A application
C:\Documents and Settings\Administrator\My Documents\Downloads\multi-password-recovery.zip    a variant of Win32/MultiPasswordRecovery.A application
C:\Documents and Settings\Administrator\My Documents\Downloads\revouninstaller-setup.exe    Win32/DownloadAdmin.G application
C:\Documents and Settings\Administrator\My Documents\Downloads\vlcmediaplayer-setup.exe    multiple threats
C:\Documents and Settings\Administrator\My Documents\Downloads\EASEUS_Partition_Master_Home_Edition_9.2.2_DC_10.05.2013\EASEUS Partition Master Home Edition 9.2.2 DC 10.05.2013\epm.exe    Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\Downloads\Multi Password Recover v1.2.8 [Cracked By Mr_Perfectionist]\Multi Password Recover v1.2.8 [Cracked By Mr_Perfectionist]\MPRSetup.exe    a variant of Win32/MultiPasswordRecovery.A application
C:\Documents and Settings\Administrator\My Documents\Downloads\Multi Password Recover v1.2.8 [Cracked By Mr_Perfectionist]\Multi Password Recover v1.2.8 [Cracked By Mr_Perfectionist]\Crack_Serial\MPR.exe    a variant of Win32/MultiPasswordRecovery.A application
C:\Documents and Settings\Administrator\My Documents\Downloads\Windows XP Professional SP3 PRE-ACTIVATED\WXPVOL_EN.iso    multiple threats
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4XMVO1Y7\index[1].htm    JS/Kryptik.AX trojan
C:\Program Files\Multi Password Recovery\MPR.exe    a variant of Win32/MultiPasswordRecovery.A application
C:\WINDOWS\system32\ARFC\wrtc.exe    Win32/SweetIM.E application
C:\WINDOWS\system32\jmdp\SweetNT.crx    Win32/SweetIM.E application
Operating memory    multiple threats
 

 

 

 

 

------------------------------------------------------------------

Hopefully you can help.

 



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 03 August 2013 - 01:47 AM

:step1: Backdoor/Rootkit warning: TDSS

 

This computer is infected with a rootkit called TDSS. You will need to change all passwords after this and pay attention to homebanking. Don't use the machine now for other goals. 

 

:step2: Remove the it:

 

Try to Cure it. If that doesn't work 'copy to quarantine' and if that also doesn't work, 'delete' it.

 

15:14:27.0521 3696  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:14:27.0521 3696  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:14:41.0511 2904  Deinitialize success

 

:step2: Repeat scan with TDSSKiller and see if TDSS is gone.

 

:step3: Delete the infections that have been found by Eset.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 SisterWicked

SisterWicked
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 03 August 2013 - 02:06 AM

Removing those two tdss results seems to have corrected the Google problem.

The other scan detected program keygens and cracks that I know to be harmless (and over a year old with no issues)

so I left them alone and just moved them to a seperate USB drive.

Thank you for your help.



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 03 August 2013 - 02:09 AM

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users