Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Beeping Sounds in the Background

This is a discussion on Beeping Sounds in the Background within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I went to a site today and immediately realized it was a "bad" site, but was on a browser without


 
 
Thread Tools Search this Thread
Old 11-14-2012, 08:49 PM   #1
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP


EEK!

I went to a site today and immediately realized it was a "bad" site, but was on a browser without WoT. (I was searching for the difference between a wet and a dry cappuccinno and ended up at some file server.) Anyway, shortly after, I could hear background sounds that sounded like a virus was found, but nothing popped up. I cleared my cache and went to eventvwr, and it showed Avira found an infection in the C:\Recycler folder. I mistakenly shut my computer off (pulled the cord out without realizing my battery was not in). Anyway, when it started back up, there were all sorts of sounds, so I held down SHIFT and turned off my network card. I ran Avira, but it was not getting it, so I went into Safe Mode and Malwarebytes found 5 infections. Deleted them. Rebooted, but still heard background "beeps", even with nothing open. Ran Malwarebytes again, and it found two more files-did away with them. How can I be sure this is clear? (And if it is, what is beeping in the background?)

I could probably get the exact url from my history of the site that seemingly started it, if it would help. I do not have a Boot CD (or a CD Drive). I did not run the 32-bit file, as I am not sure if my system is 32-bit or not. Thank you for any help.

Also, I have both Avira and Malwarebytes on my system, because as I understood it, one finds certain things the other does not look for and vice versa, but have also been told they should not both be there. Can someone clarify this for me? For example, Avira in this case seemingly found it by the event viewer, but did not alert me and nothing showed up in Luke Filewalker, whereas Malwarebytes found a total of 7 dangerous thingies.

DDS text contents:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by flourcollie at 23:09:04 on 2012-11-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.130 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 2010\office14\URLREDIR.DLL
BHO: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [APN] rundll32.exe "c:\documents and settings\flourcollie\local settings\application data\apple\apn\gocqf.dll",DllRegisterServer
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108855
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi7967~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi7967~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.31/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{0C5BBBFF-F5E5-4524-A890-91311819F412} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15083
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko9.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitfound\components\NavitFoundXPCOM.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitloader\components\NavitLoaderXPCOM.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\progra~1\mi7967~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi7967~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - ExtSQL: !HIDDEN! 2010-01-21 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-02-19 05:27; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R? CSHelper;CopySafe Helper Service
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate1c9695861665b0a;Google Update Service (gupdate1c9695861665b0a)
R? JMCR;JMCR
R? MatSvc;Microsoft Automated Troubleshooting Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? ServicepointService;ServicepointService
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDMService;WD SmartWare Drive Manager
R? WDSmartWareBackgroundService;WD SmartWare Background Service
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? Lbd;Lbd
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2018-04-14 10:25:57 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-15 03:28:01 54016 ----a-w- c:\windows\system32\drivers\gjcbonla.sys
2012-11-15 02:34:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-12 23:26:49 -------- d-----w- c:\documents and settings\flourcollie\application data\System
2012-10-30 01:12:59 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:12:49.43 ===============


(edit to upload attach.zip)
Attached Files
File Type: zip attach.zip (5.4 KB, 17 views)

__________________
flourcollie is offline  
Old 11-14-2012, 11:27 PM   #2
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

__________________
TB-PsYcHoTiC is offline  
Old 11-15-2012, 06:13 PM   #3
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



Thank you, TB. I wanted to clarify, but could no longer edit my first post, that the "beeping" is not a hardware thing-it is a sound effect. I went into my sound profile to narrow it down, changed what I thought it was to confirm, and found it is the sound that signifies a program closing. I can not really find a pattern with the sounds, except there are always several right in a row when starting up.
__________________
flourcollie is offline  
Old 11-15-2012, 10:13 PM   #4
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



MBAM is a so called on demand scanner and will only search for malware when it is run by the user. Antivir is an antivirus program with an active guard, supervising all read and write actions within the file system.


Some infections have the ability to hide itself from the scan routines of security software so it is possible that one program finds something and others don´t.




Step 1: Spybot - Search & destroy: TeaTimer

I see Spybot - Search & destroy installed on your computer. This program is end of life and cannot protect you from today´s harms. In addition, it may block our fixes.

Please deactivate the TeaTimer-Protection of Spybot to ensure we can work efficient.


Step 2: Post MBAM logs

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.




Schritt 3: aswMBR


Scan with aswMBR


Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).





Schritt 4: Scan with TDSS-Killer




Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.
__________________
TB-PsYcHoTiC is offline  
Old 11-15-2012, 10:51 PM   #5
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



Hi, Marius. Thank you for helping me.
TeaTimer is already disabled.
MBAM logs are attached. The earlier ones I think might have been detected in Avira.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 01:39:58
-----------------------------
01:39:58.281 OS Version: Windows 5.1.2600 Service Pack 3
01:39:58.281 Number of processors: 2 586 0x1C02
01:39:58.281 ComputerName: MYLAP UserName:
01:40:11.046 Initialize success
01:40:28.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:40:28.640 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
01:40:28.687 Disk 0 MBR read successfully
01:40:28.687 Disk 0 MBR scan
01:40:28.703 Disk 0 unknown MBR code
01:40:28.703 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
01:40:28.718 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147628 MB offset 10233405
01:40:28.734 Disk 0 scanning sectors +312576705
01:40:28.828 Disk 0 scanning C:\WINDOWS\system32\drivers
01:40:57.359 Service scanning
01:41:51.218 Modules scanning
01:42:20.578 Disk 0 trace - called modules:
01:42:20.593
01:42:20.593 Scan finished successfully
01:43:10.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\flourcollie\Desktop\MBR.dat"
01:43:10.656 The log file has been saved successfully to "C:\Documents and Settings\flourcollie\Desktop\aswMBR.txt"


01:47:25.0375 4004 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:47:25.0968 4004 ============================================================
01:47:25.0968 4004 Current date / time: 2012/11/16 01:47:25.0968
01:47:25.0968 4004 SystemInfo:
01:47:25.0968 4004
01:47:25.0968 4004 OS Version: 5.1.2600 ServicePack: 3.0
01:47:25.0968 4004 Product type: Workstation
01:47:25.0968 4004 ComputerName: MYLAP
01:47:25.0968 4004 UserName: flourcollie
01:47:25.0968 4004 Windows directory: C:\WINDOWS
01:47:25.0968 4004 System windows directory: C:\WINDOWS
01:47:25.0968 4004 Processor architecture: Intel x86
01:47:25.0968 4004 Number of processors: 2
01:47:25.0968 4004 Page size: 0x1000
01:47:25.0968 4004 Boot type: Normal boot
01:47:25.0968 4004 ============================================================
01:47:32.0687 4004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:47:32.0703 4004 ============================================================
01:47:32.0718 4004 \Device\Harddisk0\DR0:
01:47:32.0718 4004 MBR partitions:
01:47:32.0718 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x12056484
01:47:32.0718 4004 ============================================================
01:47:32.0765 4004 C: <-> \Device\Harddisk0\DR0\Partition1
01:47:32.0765 4004 ============================================================
01:47:32.0765 4004 Initialize success
01:47:32.0765 4004 ============================================================
01:47:36.0093 4176 ============================================================
01:47:36.0093 4176 Scan started
01:47:36.0093 4176 Mode: Manual;
01:47:36.0093 4176 ============================================================
01:47:39.0875 4176 ================ Scan system memory ========================
01:47:39.0875 4176 System memory - ok
01:47:39.0890 4176 ================ Scan services =============================
01:47:40.0468 4176 Abiosdsk - ok
01:47:40.0515 4176 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:47:40.0515 4176 abp480n5 - ok
01:47:40.0546 4176 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:47:40.0546 4176 ACPI - ok
01:47:40.0562 4176 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:47:40.0562 4176 ACPIEC - ok
01:47:40.0734 4176 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:47:40.0796 4176 AdobeFlashPlayerUpdateSvc - ok
01:47:40.0812 4176 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:47:40.0812 4176 adpu160m - ok
01:47:41.0000 4176 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
01:47:41.0046 4176 ADVService - ok
01:47:41.0109 4176 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:47:41.0109 4176 aec - ok
01:47:41.0156 4176 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:47:41.0156 4176 AFD - ok
01:47:41.0203 4176 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
01:47:41.0203 4176 agp440 - ok
01:47:41.0234 4176 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:47:41.0234 4176 agpCPQ - ok
01:47:41.0250 4176 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:47:41.0250 4176 Aha154x - ok
01:47:41.0281 4176 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:47:41.0296 4176 aic78u2 - ok
01:47:41.0312 4176 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:47:41.0312 4176 aic78xx - ok
01:47:41.0359 4176 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:47:41.0500 4176 Alerter - ok
01:47:41.0531 4176 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:47:41.0609 4176 ALG - ok
01:47:41.0625 4176 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
01:47:41.0640 4176 AliIde - ok
01:47:41.0703 4176 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:47:41.0703 4176 alim1541 - ok
01:47:41.0734 4176 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:47:41.0734 4176 amdagp - ok
01:47:41.0765 4176 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
01:47:41.0765 4176 amsint - ok
01:47:42.0093 4176 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:47:42.0250 4176 AntiVirSchedulerService - ok
01:47:42.0328 4176 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:47:42.0390 4176 AntiVirService - ok
01:47:42.0515 4176 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:47:42.0578 4176 Apple Mobile Device - ok
01:47:42.0593 4176 AppMgmt - ok
01:47:42.0718 4176 [ 7CAE93FE5511D0C0688CFA56CF241E31 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
01:47:42.0812 4176 AR5416 - ok
01:47:42.0859 4176 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
01:47:42.0859 4176 asc - ok
01:47:42.0875 4176 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:47:42.0875 4176 asc3350p - ok
01:47:42.0890 4176 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:47:42.0890 4176 asc3550 - ok
01:47:43.0203 4176 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:47:43.0296 4176 aspnet_state - ok
01:47:43.0343 4176 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:47:43.0343 4176 AsyncMac - ok
01:47:43.0390 4176 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:47:43.0390 4176 atapi - ok
01:47:43.0421 4176 Atdisk - ok
01:47:43.0484 4176 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:47:43.0484 4176 Atmarpc - ok
01:47:43.0546 4176 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:47:43.0593 4176 AudioSrv - ok
01:47:43.0625 4176 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:47:43.0625 4176 audstub - ok
01:47:43.0687 4176 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
01:47:43.0687 4176 avgio - ok
01:47:43.0734 4176 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
01:47:43.0734 4176 avgntflt - ok
01:47:43.0796 4176 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
01:47:43.0796 4176 avipbb - ok
01:47:43.0828 4176 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:47:43.0828 4176 Beep - ok
01:47:43.0921 4176 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
01:47:44.0093 4176 BITS - ok
01:47:44.0187 4176 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:47:44.0265 4176 Bonjour Service - ok
01:47:44.0359 4176 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
01:47:44.0390 4176 Browser - ok
01:47:44.0437 4176 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
01:47:44.0437 4176 BthEnum - ok
01:47:44.0500 4176 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
01:47:44.0500 4176 BTHMODEM - ok
01:47:44.0531 4176 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
01:47:44.0531 4176 BthPan - ok
01:47:44.0640 4176 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
01:47:44.0671 4176 BTHPORT - ok
01:47:44.0718 4176 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
01:47:44.0796 4176 BthServ - ok
01:47:44.0859 4176 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
01:47:44.0859 4176 BTHUSB - ok
01:47:45.0750 4176 [ ED92EF9E3ADB953B20C334E0FE23E712 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
01:47:46.0593 4176 CarboniteService - ok
01:47:46.0640 4176 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:47:46.0656 4176 cbidf - ok
01:47:46.0687 4176 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:47:46.0687 4176 cbidf2k - ok
01:47:46.0750 4176 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:47:46.0750 4176 CCDECODE - ok
01:47:46.0765 4176 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:47:46.0765 4176 cd20xrnt - ok
01:47:46.0812 4176 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:47:46.0812 4176 Cdaudio - ok
01:47:46.0859 4176 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:47:46.0859 4176 Cdfs - ok
01:47:46.0906 4176 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:47:46.0921 4176 Cdrom - ok
01:47:46.0937 4176 Changer - ok
01:47:46.0984 4176 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:47:47.0015 4176 CiSvc - ok
01:47:47.0078 4176 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:47:47.0125 4176 ClipSrv - ok
01:47:47.0328 4176 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:47:47.0406 4176 clr_optimization_v2.0.50727_32 - ok
01:47:47.0468 4176 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:47:47.0468 4176 CmBatt - ok
01:47:47.0500 4176 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:47:47.0500 4176 CmdIde - ok
01:47:47.0515 4176 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:47:47.0531 4176 Compbatt - ok
01:47:47.0546 4176 COMSysApp - ok
01:47:47.0625 4176 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:47:47.0625 4176 Cpqarray - ok
01:47:47.0671 4176 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:47:47.0750 4176 CryptSvc - ok
01:47:47.0843 4176 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\WINDOWS\system32\CSHelper.exe
01:47:47.0921 4176 CSHelper - ok
01:47:48.0015 4176 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:47:48.0031 4176 dac2w2k - ok
01:47:48.0046 4176 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:47:48.0046 4176 dac960nt - ok
01:47:48.0125 4176 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:47:48.0203 4176 DcomLaunch - ok
01:47:48.0250 4176 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:47:48.0265 4176 Dhcp - ok
01:47:48.0281 4176 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:47:48.0296 4176 Disk - ok
01:47:48.0343 4176 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
01:47:48.0343 4176 DKbFltr - ok
01:47:48.0375 4176 dmadmin - ok
01:47:48.0421 4176 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:47:48.0453 4176 dmboot - ok
01:47:48.0515 4176 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:47:48.0515 4176 dmio - ok
01:47:48.0546 4176 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:47:48.0546 4176 dmload - ok
01:47:48.0593 4176 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:47:48.0671 4176 dmserver - ok
01:47:48.0718 4176 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:47:48.0718 4176 DMusic - ok
01:47:48.0765 4176 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:47:48.0812 4176 Dnscache - ok
01:47:48.0875 4176 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:47:48.0937 4176 Dot3svc - ok
01:47:49.0015 4176 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:47:49.0015 4176 dpti2o - ok
01:47:49.0062 4176 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:47:49.0078 4176 drmkaud - ok
01:47:49.0109 4176 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:47:49.0171 4176 EapHost - ok
01:47:49.0234 4176 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:47:49.0265 4176 ERSvc - ok
01:47:49.0312 4176 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:47:49.0390 4176 Eventlog - ok
01:47:49.0468 4176 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
01:47:49.0546 4176 EventSystem - ok
01:47:49.0640 4176 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:47:49.0640 4176 Fastfat - ok
01:47:49.0734 4176 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:47:49.0890 4176 FastUserSwitchingCompatibility - ok
01:47:50.0015 4176 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
01:47:50.0093 4176 Fax - ok
01:47:50.0109 4176 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
01:47:50.0109 4176 Fdc - ok
01:47:50.0140 4176 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:47:50.0156 4176 Fips - ok
01:47:50.0171 4176 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
01:47:50.0171 4176 Flpydisk - ok
01:47:50.0234 4176 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:47:50.0234 4176 FltMgr - ok
01:47:50.0359 4176 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:47:50.0437 4176 FontCache3.0.0.0 - ok
01:47:50.0484 4176 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:47:50.0484 4176 Fs_Rec - ok
01:47:50.0500 4176 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:47:50.0500 4176 Ftdisk - ok
01:47:50.0562 4176 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:47:50.0578 4176 GEARAspiWDM - ok
01:47:50.0718 4176 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
01:47:50.0718 4176 GoogleDesktopManager-051210-111108 - ok
01:47:50.0765 4176 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:47:50.0765 4176 Gpc - ok
01:47:50.0890 4176 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9695861665b0a C:\Program Files\Google\Update\GoogleUpdate.exe
01:47:51.0000 4176 gupdate1c9695861665b0a - ok
01:47:51.0031 4176 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:47:51.0046 4176 gupdatem - ok
01:47:51.0125 4176 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:47:51.0218 4176 gusvc - ok
01:47:51.0312 4176 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:47:51.0312 4176 HDAudBus - ok
01:47:51.0375 4176 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:47:51.0437 4176 helpsvc - ok
01:47:51.0500 4176 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
01:47:51.0562 4176 HidServ - ok
01:47:51.0625 4176 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:47:51.0625 4176 HidUsb - ok
01:47:51.0703 4176 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:47:51.0765 4176 hkmsvc - ok
01:47:51.0812 4176 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
01:47:51.0812 4176 hpn - ok
01:47:52.0062 4176 [ A30E97371E38EF45B0757561B2796733 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:47:52.0156 4176 hpqcxs08 - ok
01:47:52.0359 4176 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:47:52.0375 4176 HPZid412 - ok
01:47:52.0421 4176 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:47:52.0421 4176 HPZipr12 - ok
01:47:52.0453 4176 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:47:52.0453 4176 HPZius12 - ok
01:47:52.0500 4176 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:47:52.0515 4176 HTTP - ok
01:47:52.0562 4176 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:47:52.0593 4176 HTTPFilter - ok
01:47:52.0625 4176 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
01:47:52.0625 4176 i2omgmt - ok
01:47:52.0671 4176 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:47:52.0671 4176 i2omp - ok
01:47:52.0687 4176 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:47:52.0687 4176 i8042prt - ok
01:47:52.0968 4176 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:47:53.0343 4176 ialm - ok
01:47:53.0484 4176 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:47:53.0703 4176 idsvc - ok
01:47:53.0750 4176 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:47:53.0750 4176 Imapi - ok
01:47:53.0843 4176 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:47:53.0921 4176 ImapiService - ok
01:47:54.0000 4176 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:47:54.0000 4176 ini910u - ok
01:47:54.0093 4176 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys
01:47:54.0093 4176 int15.sys - ok
01:47:54.0437 4176 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:47:54.0890 4176 IntcAzAudAddService - ok
01:47:54.0937 4176 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
01:47:54.0937 4176 IntelIde - ok
01:47:54.0984 4176 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:47:54.0984 4176 intelppm - ok
01:47:55.0062 4176 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:47:55.0062 4176 Ip6Fw - ok
01:47:55.0109 4176 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:47:55.0203 4176 IpFilterDriver - ok
01:47:55.0343 4176 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:47:55.0343 4176 IpInIp - ok
01:47:55.0375 4176 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:47:55.0375 4176 IpNat - ok
01:47:55.0593 4176 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:47:55.0875 4176 iPod Service - ok
01:47:55.0906 4176 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:47:55.0984 4176 IPSec - ok
01:47:56.0046 4176 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:47:56.0046 4176 IRENUM - ok
01:47:56.0093 4176 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:47:56.0093 4176 isapnp - ok
01:47:56.0156 4176 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
01:47:56.0250 4176 IviRegMgr - ok
01:47:56.0468 4176 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
01:47:56.0625 4176 JavaQuickStarterService - ok
01:47:56.0687 4176 [ DA971CFC625D13636E04C405948E9D62 ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
01:47:56.0687 4176 JMCR - ok
01:47:56.0718 4176 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:47:56.0718 4176 Kbdclass - ok
01:47:56.0796 4176 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:47:56.0796 4176 kmixer - ok
01:47:56.0859 4176 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:47:56.0859 4176 KSecDD - ok
01:47:56.0921 4176 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
01:47:56.0984 4176 LanmanServer - ok
01:47:57.0046 4176 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:47:57.0296 4176 lanmanworkstation - ok
01:47:57.0343 4176 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
01:47:57.0343 4176 Lbd - ok
01:47:57.0359 4176 lbrtfdc - ok
01:47:57.0468 4176 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:47:57.0531 4176 LmHosts - ok
01:47:57.0703 4176 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
01:47:57.0812 4176 MatSvc - ok
01:47:57.0859 4176 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
01:47:57.0875 4176 MBAMProtector - ok
01:47:57.0968 4176 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:47:58.0015 4176 MBAMScheduler - ok
01:47:58.0140 4176 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:47:58.0156 4176 MBAMService - ok
01:47:58.0312 4176 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
01:47:58.0640 4176 McComponentHostService - ok
01:47:58.0703 4176 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:47:58.0734 4176 Messenger - ok
01:47:58.0796 4176 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:47:58.0796 4176 mnmdd - ok
01:47:58.0906 4176 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:47:59.0062 4176 mnmsrvc - ok
01:47:59.0140 4176 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:47:59.0140 4176 Modem - ok
01:47:59.0203 4176 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:47:59.0203 4176 Mouclass - ok
01:47:59.0234 4176 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:47:59.0234 4176 mouhid - ok
01:47:59.0312 4176 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:47:59.0312 4176 MountMgr - ok
01:47:59.0468 4176 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:47:59.0468 4176 MozillaMaintenance - ok
01:47:59.0562 4176 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:47:59.0562 4176 mraid35x - ok
01:47:59.0718 4176 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
01:47:59.0734 4176 MREMP50 - ok
01:47:59.0750 4176 MREMP50a64 - ok
01:47:59.0765 4176 MREMPR5 - ok
01:47:59.0781 4176 MRENDIS5 - ok
01:47:59.0828 4176 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
01:47:59.0828 4176 MRESP50 - ok
01:47:59.0843 4176 MRESP50a64 - ok
01:47:59.0875 4176 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:47:59.0875 4176 MRxDAV - ok
01:47:59.0968 4176 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:47:59.0968 4176 MRxSmb - ok
01:48:00.0015 4176 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:48:00.0062 4176 MSDTC - ok
01:48:00.0078 4176 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:48:00.0093 4176 Msfs - ok
01:48:00.0109 4176 MSIServer - ok
01:48:00.0187 4176 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:48:00.0187 4176 MSKSSRV - ok
01:48:00.0218 4176 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:48:00.0218 4176 MSPCLOCK - ok
01:48:00.0281 4176 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:48:00.0281 4176 MSPQM - ok
01:48:00.0296 4176 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:48:00.0296 4176 mssmbios - ok
01:48:00.0421 4176 MSSQL$MSSMLBIZ - ok
01:48:00.0500 4176 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
01:48:00.0578 4176 MSSQLServerADHelper - ok
01:48:00.0718 4176 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:48:00.0718 4176 MSTEE - ok
01:48:00.0765 4176 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:48:00.0765 4176 Mup - ok
01:48:00.0796 4176 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:48:00.0796 4176 NABTSFEC - ok
01:48:00.0890 4176 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:48:01.0015 4176 napagent - ok
01:48:01.0093 4176 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:48:01.0093 4176 NDIS - ok
01:48:01.0125 4176 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:48:01.0125 4176 NdisIP - ok
01:48:01.0187 4176 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:48:01.0187 4176 NdisTapi - ok
01:48:01.0218 4176 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:48:01.0218 4176 Ndisuio - ok
01:48:01.0234 4176 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:48:01.0234 4176 NdisWan - ok
01:48:01.0296 4176 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:48:01.0296 4176 NDProxy - ok
01:48:01.0375 4176 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
01:48:01.0406 4176 Net Driver HPZ12 - ok
01:48:01.0484 4176 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:48:01.0484 4176 NetBIOS - ok
01:48:01.0515 4176 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:48:01.0515 4176 NetBT - ok
01:48:01.0578 4176 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:48:01.0656 4176 NetDDE - ok
01:48:01.0656 4176 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:48:01.0671 4176 NetDDEdsdm - ok
01:48:01.0750 4176 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:48:01.0812 4176 Netlogon - ok
01:48:01.0875 4176 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:48:01.0890 4176 Netman - ok
01:48:02.0000 4176 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:48:02.0125 4176 NetTcpPortSharing - ok
01:48:02.0281 4176 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:48:02.0281 4176 Nla - ok
01:48:02.0437 4176 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
01:48:02.0531 4176 NMIndexingService - ok
01:48:02.0593 4176 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:48:02.0593 4176 Npfs - ok
01:48:02.0640 4176 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:48:02.0656 4176 Ntfs - ok
01:48:02.0671 4176 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:48:02.0687 4176 NtLmSsp - ok
01:48:02.0765 4176 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:48:02.0859 4176 NtmsSvc - ok
01:48:02.0921 4176 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:48:02.0921 4176 Null - ok
01:48:02.0968 4176 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:48:02.0968 4176 NwlnkFlt - ok
01:48:03.0000 4176 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:48:03.0000 4176 NwlnkFwd - ok
01:48:03.0156 4176 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:48:03.0328 4176 odserv - ok
01:48:03.0468 4176 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:48:03.0531 4176 ose - ok
01:48:04.0531 4176 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:48:06.0015 4176 osppsvc - ok
01:48:06.0078 4176 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
01:48:06.0093 4176 Parport - ok
01:48:06.0109 4176 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:48:06.0125 4176 PartMgr - ok
01:48:06.0140 4176 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:48:06.0140 4176 ParVdm - ok
01:48:06.0156 4176 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:48:06.0156 4176 PCI - ok
01:48:06.0187 4176 PCIDump - ok
01:48:06.0218 4176 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:48:06.0218 4176 PCIIde - ok
01:48:06.0265 4176 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:48:06.0265 4176 Pcmcia - ok
01:48:06.0281 4176 PDCOMP - ok
01:48:06.0296 4176 PDFRAME - ok
01:48:06.0328 4176 PDRELI - ok
01:48:06.0343 4176 PDRFRAME - ok
01:48:06.0375 4176 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
01:48:06.0375 4176 perc2 - ok
01:48:06.0390 4176 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:48:06.0390 4176 perc2hib - ok
01:48:06.0500 4176 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:48:06.0515 4176 PlugPlay - ok
01:48:06.0531 4176 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
01:48:06.0593 4176 Pml Driver HPZ12 - ok
01:48:06.0656 4176 [ E552D6598670B1E7655CB73D562E0CD9 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
01:48:06.0656 4176 Point32 - ok
01:48:06.0671 4176 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:48:06.0687 4176 PolicyAgent - ok
01:48:06.0765 4176 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:48:06.0765 4176 PptpMiniport - ok
01:48:06.0781 4176 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:48:06.0781 4176 ProtectedStorage - ok
01:48:06.0812 4176 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:48:06.0812 4176 PSched - ok
01:48:06.0859 4176 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:48:06.0859 4176 Ptilink - ok
01:48:06.0906 4176 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:48:06.0906 4176 PxHelp20 - ok
01:48:06.0937 4176 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:48:06.0937 4176 ql1080 - ok
01:48:06.0968 4176 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:48:06.0968 4176 Ql10wnt - ok
01:48:07.0000 4176 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:48:07.0000 4176 ql12160 - ok
01:48:07.0031 4176 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:48:07.0031 4176 ql1240 - ok
01:48:07.0062 4176 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:48:07.0062 4176 ql1280 - ok
01:48:07.0203 4176 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:48:07.0218 4176 RasAcd - ok
01:48:07.0281 4176 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:48:07.0343 4176 RasAuto - ok
01:48:07.0359 4176 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:48:07.0359 4176 Rasl2tp - ok
01:48:07.0406 4176 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:48:07.0531 4176 RasMan - ok
01:48:07.0546 4176 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:48:07.0546 4176 RasPppoe - ok
01:48:07.0578 4176 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:48:07.0578 4176 Raspti - ok
01:48:07.0625 4176 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:48:07.0625 4176 Rdbss - ok
01:48:07.0656 4176 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:48:07.0656 4176 RDPCDD - ok
01:48:07.0718 4176 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:48:07.0718 4176 rdpdr - ok
01:48:07.0781 4176 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:48:07.0781 4176 RDPWD - ok
01:48:07.0859 4176 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:48:07.0953 4176 RDSessMgr - ok
01:48:08.0000 4176 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:48:08.0000 4176 redbook - ok
01:48:08.0078 4176 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:48:08.0140 4176 RemoteAccess - ok
01:48:08.0203 4176 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
01:48:08.0203 4176 RFCOMM - ok
01:48:08.0281 4176 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
01:48:08.0375 4176 RichVideo - ok
01:48:08.0453 4176 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
01:48:08.0515 4176 RpcLocator - ok
01:48:08.0562 4176 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:48:08.0578 4176 RpcSs - ok
01:48:08.0640 4176 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:48:08.0750 4176 RSVP - ok
01:48:08.0781 4176 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
01:48:08.0781 4176 RTLE8023xp - ok
01:48:08.0812 4176 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:48:08.0828 4176 SamSs - ok
01:48:08.0859 4176 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:48:08.0953 4176 SCardSvr - ok
01:48:08.0984 4176 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:48:09.0078 4176 Schedule - ok
01:48:09.0140 4176 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
01:48:09.0140 4176 sdbus - ok
01:48:09.0171 4176 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:48:09.0187 4176 Secdrv - ok
01:48:09.0234 4176 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:48:09.0281 4176 seclogon - ok
01:48:09.0312 4176 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:48:09.0328 4176 SENS - ok
01:48:09.0359 4176 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
01:48:09.0359 4176 Serial - ok
01:48:09.0421 4176 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:48:09.0421 4176 Sfloppy - ok
01:48:09.0468 4176 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:48:09.0484 4176 ShellHWDetection - ok
01:48:09.0500 4176 Simbad - ok
01:48:09.0546 4176 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:48:09.0562 4176 sisagp - ok
01:48:09.0609 4176 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:48:09.0609 4176 SLIP - ok
01:48:09.0781 4176 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
01:48:09.0906 4176 SNP2UVC - ok
01:48:09.0937 4176 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:48:09.0937 4176 Sparrow - ok
01:48:10.0000 4176 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:48:10.0000 4176 splitter - ok
01:48:10.0046 4176 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:48:10.0109 4176 Spooler - ok
01:48:10.0187 4176 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:48:10.0281 4176 SQLBrowser - ok
01:48:10.0343 4176 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:48:10.0406 4176 SQLWriter - ok
01:48:10.0453 4176 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:48:10.0453 4176 sr - ok
01:48:10.0562 4176 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:48:10.0640 4176 srservice - ok
01:48:10.0703 4176 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:48:10.0718 4176 Srv - ok
01:48:10.0750 4176 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:48:10.0828 4176 SSDPSRV - ok
01:48:10.0921 4176 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
01:48:10.0921 4176 ssmdrv - ok
01:48:10.0968 4176 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
01:48:10.0968 4176 StillCam - ok
01:48:11.0062 4176 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:48:11.0156 4176 stisvc - ok
01:48:11.0203 4176 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:48:11.0218 4176 streamip - ok
01:48:11.0265 4176 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:48:11.0265 4176 swenum - ok
01:48:11.0281 4176 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:48:11.0281 4176 swmidi - ok
01:48:11.0312 4176 SwPrv - ok
01:48:11.0343 4176 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
01:48:11.0343 4176 symc810 - ok
01:48:11.0359 4176 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:48:11.0359 4176 symc8xx - ok
01:48:11.0406 4176 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:48:11.0406 4176 sym_hi - ok
01:48:11.0437 4176 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:48:11.0453 4176 sym_u3 - ok
01:48:11.0484 4176 [ 409F7EEB079D6154CCB26A02E6E27844 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:48:11.0484 4176 SynTP - ok
01:48:11.0515 4176 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:48:11.0515 4176 sysaudio - ok
01:48:11.0593 4176 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:48:11.0656 4176 SysmonLog - ok
01:48:11.0718 4176 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
01:48:11.0718 4176 taphss - ok
01:48:11.0765 4176 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:48:11.0828 4176 TapiSrv - ok
01:48:11.0906 4176 [ 74D4299CDC4CF748EFEF725C2206E135 ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
01:48:11.0906 4176 tbhsd - ok
01:48:11.0953 4176 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:48:11.0968 4176 Tcpip - ok
01:48:12.0015 4176 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:48:12.0015 4176 TDPIPE - ok
01:48:12.0109 4176 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:48:12.0109 4176 TDTCP - ok
01:48:12.0156 4176 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:48:12.0156 4176 TermDD - ok
01:48:12.0265 4176 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:48:12.0515 4176 TermService - ok
01:48:12.0578 4176 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
01:48:12.0593 4176 Themes - ok
01:48:12.0671 4176 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
01:48:12.0671 4176 TosIde - ok
01:48:12.0734 4176 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:48:12.0812 4176 TrkWks - ok
01:48:12.0906 4176 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:48:12.0921 4176 Udfs - ok
01:48:12.0953 4176 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
01:48:12.0953 4176 ultra - ok
01:48:13.0046 4176 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:48:13.0062 4176 Update - ok
01:48:13.0187 4176 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:48:13.0343 4176 upnphost - ok
01:48:13.0375 4176 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:48:13.0468 4176 UPS - ok
01:48:13.0515 4176 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:48:13.0515 4176 usbccgp - ok
01:48:13.0562 4176 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:48:13.0562 4176 usbehci - ok
01:48:13.0593 4176 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:48:13.0593 4176 usbhub - ok
01:48:13.0671 4176 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:48:13.0671 4176 usbprint - ok
01:48:13.0718 4176 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:48:13.0718 4176 usbscan - ok
01:48:13.0750 4176 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:48:13.0750 4176 USBSTOR - ok
01:48:13.0765 4176 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:48:13.0765 4176 usbuhci - ok
01:48:13.0828 4176 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:48:13.0828 4176 VgaSave - ok
01:48:13.0875 4176 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:48:13.0875 4176 viaagp - ok
01:48:13.0921 4176 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
01:48:13.0921 4176 ViaIde - ok
01:48:13.0953 4176 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:48:13.0953 4176 VolSnap - ok
01:48:14.0015 4176 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:48:14.0109 4176 VSS - ok
01:48:14.0171 4176 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:48:14.0234 4176 W32Time - ok
01:48:14.0296 4176 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:48:14.0296 4176 Wanarp - ok
01:48:14.0343 4176 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
01:48:14.0343 4176 WDC_SAM - ok
01:48:14.0468 4176 [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
01:48:14.0531 4176 WDDMService - ok
01:48:14.0546 4176 WDICA - ok
01:48:14.0609 4176 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:48:14.0609 4176 wdmaud - ok
01:48:14.0671 4176 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
01:48:14.0703 4176 WDSmartWareBackgroundService - ok
01:48:14.0765 4176 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:48:14.0828 4176 WebClient - ok
01:48:14.0953 4176 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:48:15.0031 4176 winmgmt - ok
01:48:15.0125 4176 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:48:15.0156 4176 WmdmPmSN - ok
01:48:15.0203 4176 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
01:48:15.0203 4176 WmiAcpi - ok
01:48:15.0296 4176 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:48:15.0421 4176 WmiApSrv - ok
01:48:15.0546 4176 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:48:15.0703 4176 WMPNetworkSvc - ok
01:48:15.0750 4176 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:48:15.0750 4176 WSTCODEC - ok
01:48:15.0828 4176 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:48:15.0906 4176 wuauserv - ok
01:48:15.0968 4176 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:48:15.0968 4176 WudfPf - ok
01:48:16.0031 4176 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:48:16.0031 4176 WudfRd - ok
01:48:16.0062 4176 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:48:16.0218 4176 WudfSvc - ok
01:48:16.0296 4176 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:48:16.0328 4176 WZCSVC - ok
01:48:16.0375 4176 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:48:16.0500 4176 xmlprov - ok
01:48:16.0562 4176 ================ Scan global ===============================
01:48:16.0625 4176 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:48:16.0703 4176 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
01:48:16.0890 4176 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
01:48:16.0937 4176 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:48:16.0937 4176 [Global] - ok
01:48:16.0937 4176 ================ Scan MBR ==================================
01:48:16.0968 4176 [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
01:48:30.0796 4176 \Device\Harddisk0\DR0 - ok
01:48:30.0796 4176 ================ Scan VBR ==================================
01:48:30.0828 4176 [ 09025C6FBD7EA79D9C346B9B8B6E02D4 ] \Device\Harddisk0\DR0\Partition1
01:48:30.0828 4176 \Device\Harddisk0\DR0\Partition1 - ok
01:48:30.0828 4176 ============================================================
01:48:30.0828 4176 Scan finished
01:48:30.0828 4176 ============================================================
01:48:30.0937 5172 Detected object count: 0
01:48:30.0937 5172 Actual detected object count: 0
Attached Files
File Type: zip mbam-log-2012-11-14 (22-46-04).zip (1.7 KB, 11 views)
__________________
flourcollie is offline  
Old 11-16-2012, 04:35 PM   #6
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



My search results are also redirecting, but only in Google Chrome.
__________________
flourcollie is offline  
Old 11-17-2012, 09:56 AM   #7
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

Double click the mbar.zip file to open it, then 'Extract all files'.
Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

•If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt .

Please post the contents of that log in your next reply.
__________________
TB-PsYcHoTiC is offline  
Old 11-17-2012, 12:10 PM   #8
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



After double-clicking mbar.exe, I receive this error message:
The application or DLL C:\Documents and Settings\flourcollie\mbar\mbar\QTGui4.dll is not a valid Windows image. Please check this against your installation diskette.
__________________
flourcollie is offline  
Old 11-17-2012, 03:16 PM   #9
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



I redownloaded an extracted it and it worked this time.
This came up first:
Registry value "AppInit_Dlls" has been found, which may be cause by rootkit activity.

Note: Press "No" button if you're not sure. It the tool crashed or terminates unepectedly during a system scan, restart the tool and press "Yes" should this message appear again.

Do you want to remove this value and restart the tool?


(I clicked No.)



I did not see a log with mbar and the date, but this showed up as system-log:




---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1061031936, free: 274964480

------------ Kernel report ------------
11/17/2012 18:03:11
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f6b9c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff86f70d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1061031936, free: 273420288

------------ Kernel report ------------
11/17/2012 1802
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f6b9c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff86f70d98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff82967c58
Downloaded database version: v2012.11.17.06
MBAMFileIO::WriteFile
Downloaded database version: v2012.11.15.02
Initializing...
Could not initialize database
Done!
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f6b9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f6b738, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86f6b9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86fde1c0, DeviceName: \Device\00000092\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86f70d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe4021948, 0xffffffff86f6b9c0, 0xffffffff82782460
Lower DeviceData: 0xffffffffe2a57dc0, 0xffffffff86f70d98, 0xffffffff82967c58
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\1025_ACER_AOA150.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\BANTExt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\BthEnum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\BTHUSB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\CCDECODE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\GEARAspiWDM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hitmanpro35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HPZid412.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HPZipr12.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HPZius12.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ikfilesec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\iksysflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\iksyssec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\kcom.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSKSSRV.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSPCLOCK.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSPQM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSTEE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NABTSFEC.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NdisIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\point32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\RTEQEX0.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\RTEQEX1.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SBREDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\serscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SLIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\StreamIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\taphss.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tbhsd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbccgp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wdcsam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WSTCODEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 11A8BA38

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 10233342

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 10233405 Numsec = 302343300
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Cannot scan MBR because MBAM is not initialized!
Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
__________________
flourcollie is offline  
Old 11-18-2012, 07:55 AM   #10
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Hi there,

you´ve posted the system-log.txt.

The MBAR-log-<date and time>txt is in that same folder where you found the system-log.txt. Contents of that mbar folder are listed alphabetically, the mbar-log should be in that folder just beneath mbar.exe

Please post the MBAR-log-<date and time>txt.
__________________
TB-PsYcHoTiC is offline  
Old 11-18-2012, 03:41 PM   #11
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



Not sure what happened the first time, but I reran it and it created the log. It also found 9 items. :( I appreciate the help to get these off as soon as possible. For now, I clicked Exit and not cleanup.


Malwarebytes Anti-Rootkit 1.1.0.1009
Malwarebytes : Free anti-malware download

Database version: v2012.11.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
flourcollie :: MYLAP [administrator]

11/18/2012 5:28:46 PM
mbar-log-2012-11-18 (17-28-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27982
Time elapsed: 2 hour(s), 38 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [6f828a2d2b3260d6c0f56997f60a15eb]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\U (Trojan.Siredef.C) -> Delete on reboot. [43ae8235ed702d094c4da35d1be538c8]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\U (Trojan.Siredef.C) -> Delete on reboot. [69886354ea7396a03d5c718f88783fc1]
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\L (Trojan.Siredef.C) -> Delete on reboot. [36bbe9ceb8a5db5b663545bb56aae51b]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\L (Trojan.Siredef.C) -> Delete on reboot. [e70a62559cc14bebc3d8f40c69973dc3]
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d (Trojan.Siredef.C) -> Delete on reboot. [ca27cfe89ebff4426438aa56946c18e8]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d (Trojan.Siredef.C) -> Delete on reboot. [06eb9522520b44f23c601ce4d42c0af6]

Files Detected: 2
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\@ (Trojan.Siredef.C) -> Delete on reboot. [589909aefe5f14224056b54b7c8432ce]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\@ (Trojan.Siredef.C) -> Delete on reboot. [c92813a41e3f0333346213edab55d12f]

(end)
__________________
flourcollie is offline  
Old 11-19-2012, 05:04 AM   #12
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Hi there,

Please run mbar.exe again
  • Check for Updates, then Scan your system for malware.
  • When the scan is finished, the tool will show up its findings.
  • Mark all of them and ensure the "Create restore point" box is checked.
  • Hit Cleanup - The tool will prompt you for a reboot, accept that.
  • After the reboot, start the tool againg and scan your computer. If anything ist found, do not hit clean. Just exit the tool.
  • You´ll find new mbar-log-year-month-day (hour-minute-second).txt fileswithin the directory you unzipped mbar to.
  • Please post up the two files from the last scans. You may identify them via the date and time within the file name.
  • Inside the directory you unzipped mbar to, you´ll find a fixdamage.exe. Run the file and press y on your keyboard - the tool will run some necessary fixes. When finished, hit any key to close the programm.
  • Restart your computer manually.
__________________
TB-PsYcHoTiC is offline  
Old 11-19-2012, 07:14 PM   #13
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



When I did the second run of mbar, it did not bring anything up. Should I still run the fixdamage?



mbar-log-2012-11-19 (20-00-50) Log:

Malwarebytes Anti-Rootkit 1.1.0.1009
Malwarebytes : Free anti-malware download

Database version: v2012.11.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
flourcollie :: MYLAP [administrator]

11/19/2012 8:00:50 PM
mbar-log-2012-11-19 (20-00-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28069
Time elapsed: 1 hour(s), 8 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [03ee6e49d08db185d7deb24ec0409769]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\U (Trojan.Siredef.C) -> Delete on reboot. [3bb69b1c3429b97d960305fb11efc040]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\U (Trojan.Siredef.C) -> Delete on reboot. [20d1eec9b3aa4cea6336ac541ee203fd]
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\L (Trojan.Siredef.C) -> Delete on reboot. [e50ca90edb828da9168559a730d06898]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\L (Trojan.Siredef.C) -> Delete on reboot. [38b9bcfbe677270ffba0fc04f20eee12]
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d (Trojan.Siredef.C) -> Delete on reboot. [f4fd546355084fe7bae22ed26e9222de]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d (Trojan.Siredef.C) -> Delete on reboot. [c829fbbc4a13181e26764cb4b14f7888]

Files Detected: 2
C:\RECYCLER\S-1-5-18\$b8c86ffbc2624110ed8cc193202b8e7d\@ (Trojan.Siredef.C) -> Delete on reboot. [89681e99184558de078f50b056aa19e7]
C:\RECYCLER\S-1-5-21-739173265-2850380248-3793294217-1006\$b8c86ffbc2624110ed8cc193202b8e7d\@ (Trojan.Siredef.C) -> Delete on reboot. [678a952217463afcd5c1da265da355ab]

(end)




mbar-log-2012-11-19 (21-05-40) log:
Malwarebytes Anti-Rootkit 1.1.0.1009
Malwarebytes : Free anti-malware download

Database version: v2012.11.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
flourcollie :: MYLAP [administrator]

11/19/2012 9:05:40 PM
mbar-log-2012-11-19 (21-05-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27938
Time elapsed: 53 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
flourcollie is offline  
Old 11-20-2012, 04:02 AM   #14
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.




Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
__________________
TB-PsYcHoTiC is offline  
Old 11-20-2012, 03:21 PM   #15
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



I had a blue screen with an error on it about IRQL when I got home, but I manually restarted the computer and it has not come up again.

The first scan had no threats found.

Here is the FSS log:

Farbar Service Scanner Version: 09-11-2012
Ran by flourcollie (administrator) on 20-11-2012 at 18:18:36
Running from "C:\Documents and Settings\flourcollie\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2011-08-15 17:09] - [2008-10-16 09:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
__________________
flourcollie is offline  
Old 11-21-2012, 05:27 AM   #16
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



Please run fixdamage.exe and do a new FSS scan afterwards.
Post the result here.
__________________
TB-PsYcHoTiC is offline  
Old 11-21-2012, 03:33 PM   #17
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



Farbar Service Scanner Version: 09-11-2012
Ran by flourcollie (administrator) on 21-11-2012 at 18:32:28
Running from "C:\Documents and Settings\flourcollie\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2011-08-15 17:09] - [2008-10-16 09:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
__________________
flourcollie is offline  
Old 11-21-2012, 03:56 PM   #18
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



While browsing the Internet (bk.com), I heard a virus sound effect but nothing popped up. I checked my eventvwr, and it showed this: AntiVir has detected 'HTML/IFrame.aeu' in the file C:\Documents and Settings\flourcollie\Local Settings\Temporary Internet Files\Content.IE5\V5QI7TJ5\activityi;src=2567623;type=burge876;cat=homep065;ord=5750388652132.234;~oref=http___www.bk[1].htm
__________________
flourcollie is offline  
Old 11-22-2012, 11:41 PM   #19
Security Team
Analyst
 
TB-PsYcHoTiC's Avatar
 
Join Date: Nov 2011
Posts: 754
OS: Win7 SP 1



  • Please download TFC ( by Oldtimer ) to your desktop.
  • Close all windows and disconnect from the internet, then run TFC.exe by double click.
  • Hit start.
  • Sometimes the tool needs a restart - please allow that.
__________________
TB-PsYcHoTiC is offline  
Old 11-23-2012, 05:20 PM   #20
Registered Member
 
Join Date: Apr 2010
Posts: 53
OS: Windows XP



I ran TFC and it did require a restart. Is there a log for this one?

__________________
flourcollie is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Background sounds
I went to a site today and immediately realized it was a "bad" site, but was on a browser without WoT. (I was searching for the difference between a wet and a dry cappuccinno and ended up at some file server.) Anyway, shortly after, I could hear background sounds that sounded like a virus was...
flourcollie General Computer Security 3 11-14-2012 08:01 PM
A few Questions
Hey guys I have a few more questions, I have been slowly working on my site and looking for stuff to do it like the software to set up a social site kinda like fb or myspace. well any ways I also wanted to set up a message board for the site for people to get help or talk about stuff, for now it...
Dblanchard1278 Web Design & Development 27 07-25-2011 01:47 AM
Background sounds but no voice...
Hi everyone, i have a problem with my computer its got Win 7 on it and i have a Muse XL sound card i got given in it, it was working fine till one day i got on my comp and clicked on a tv show i downloaded thru VUZE ... well then the probs started, i got background sound but no voice, sometimes ...
emmap Sound Cards 9 03-16-2011 03:51 PM
IE Clicking sounds in background, mebroot variant?
This actually started a while ago when i would lose window focus to internet explorer. I found out it was IE thanks to Media player classic which would display what program it lost focus to if it were say, kicked out of fullscreen by something else. I didn't think much of it at the time since there...
nirv Virus/Trojan/Spyware Help 3 01-27-2011 05:45 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:48 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts