Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

security guard 2012


  • Please log in to reply
8 replies to this topic

#1 GayleW

GayleW

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 05 October 2011 - 09:47 AM

last week this computer had open cloud. i booted into safe mode, ran rkill, malwarebytes, and superantispyware. it found things and cleaned them. i rebooted to windows, and had no more problems with the computer until yesterday, when security guard 2012 showed up.

i checked to see if proxy server was checked, and it was not. i rebooted into safe mode, ran current rkill, malwarebytes, and superantispyware. it found things and cleaned them. i rebooted after malwarebytes, then booted back to safe mode to run superantispyware, then booted to windows. reran both malwarebytes and superantispyware and both come up clean. the problem now is that i have no network connection. cannot hit the network or the internet. i've included the latest logs in this post. any help would be appreciated.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2011 at 08:51 AM

Application Version : 5.0.1128

Core Rules Database Version : 7757
Trace Rules Database Version: 5569

Scan type : Complete Scan
Total Scan Time : 00:17:21

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 271
Memory threats detected : 0
Registry items scanned : 35920
Registry threats detected : 0
File items scanned : 89794
File threats detected : 0


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7820

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/5/2011 9:13:43 AM
mbam-log-2011-10-05 (09-13-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 195727
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 05 October 2011 - 01:41 PM

Hello and welcome. Lets look at these logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Now boot to safe mode and run Rkill and MBAM again,post that new log also.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 GayleW

GayleW
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 05 October 2011 - 02:42 PM

okay, i downloaded and ran mini toolbox and tdsskiller, then booted to safe mode and ran rkill and mbam. here are the log files.

MiniToolBox by Farbar
Ran by Owner (administrator) on 05-10-2011 at 13:54:48
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2011 00:09:36 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/05/2011 00:01:40 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/05/2011 11:53:18 AM) (Source: Application Error) (User: )
Description: Faulting application sscan2io.exe, version 2.9.3.23, faulting module nets2io.dll, version 1.0.0.6, fault address 0x00003994.
Processing media-specific event for [sscan2io.exe!ws!]

Error: (10/05/2011 11:53:06 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10047)

Error: (10/05/2011 11:50:19 AM) (Source: Application Error) (User: )
Description: Faulting application sscan2io.exe, version 2.9.3.23, faulting module nets2io.dll, version 1.0.0.6, fault address 0x00003994.
Processing media-specific event for [sscan2io.exe!ws!]

Error: (10/05/2011 11:49:57 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10047)

Error: (10/05/2011 09:44:05 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/05/2011 09:36:10 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/05/2011 09:30:48 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/04/2011 04:33:05 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (10/05/2011 00:09:36 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.113.815.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2011 00:01:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (10/05/2011 00:01:52 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (10/05/2011 00:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (10/05/2011 00:01:51 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (10/05/2011 00:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (10/05/2011 00:01:51 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (10/05/2011 00:01:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (10/05/2011 00:01:43 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (10/05/2011 00:01:43 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/05/2011 00:09:36 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (10/05/2011 00:01:40 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/05/2011 11:53:18 AM) (Source: Application Error)(User: )
Description: sscan2io.exe2.9.3.23nets2io.dll1.0.0.600003994

Error: (10/05/2011 11:53:06 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10047)

Error: (10/05/2011 11:50:19 AM) (Source: Application Error)(User: )
Description: sscan2io.exe2.9.3.23nets2io.dll1.0.0.600003994

Error: (10/05/2011 11:49:57 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10047)

Error: (10/05/2011 09:44:05 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (10/05/2011 09:36:10 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/05/2011 09:30:48 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (10/04/2011 04:33:05 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player Plugin (Version: 9.0.124.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Apple Software Update (Version: 2.0.0.21)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.1.2)
Java™ 6 Update 18 (Version: 6.0.180)
LightScribe System Software (Version: 1.18.3.2)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Thunderbird (7.0.1) (Version: 7.0.1 (en-US))
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nero 8 Essentials (Version: 8.3.582)
neroxml (Version: 1.0.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (Version: 3.2.9483)
QuickTime (Version: 7.2.0.240)
Readiris Pro 10
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5943)
RLPrintPlugin (Version: 1.0.5)
Samsung SCX-5835_5935 Series
SmarThru Office (Version: 2.0)
SmarThru Office PC Fax
SUPERAntiSpyware (Version: 5.0.1128)
User Profile Hive Cleanup Service (Version: 1.6.30)
VCRedistSetup (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows PowerShell™ 1.0 MUI pack (Version: 2)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2038.17 MB
Available physical RAM: 1559.72 MB
Total Pagefile: 3934.87 MB
Available Pagefile: 3474.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.99 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:187.82 GB) NTFS
3 Drive e: (UDISK) (Removable) (Total:7.58 GB) (Free:7.36 GB) FAT32

========================= Users: ========================================

User accounts for \\ILLENE

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini041911-01.dmp

**** End of log ****


13:55:55.0078 3120 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
13:55:55.0078 3120 ============================================================
13:55:55.0078 3120 Current date / time: 2011/10/05 13:55:55.0078
13:55:55.0078 3120 SystemInfo:
13:55:55.0078 3120
13:55:55.0078 3120 OS Version: 5.1.2600 ServicePack: 3.0
13:55:55.0078 3120 Product type: Workstation
13:55:55.0078 3120 ComputerName: ILLENE
13:55:55.0078 3120 UserName: Owner
13:55:55.0078 3120 Windows directory: C:\WINDOWS
13:55:55.0078 3120 System windows directory: C:\WINDOWS
13:55:55.0078 3120 Processor architecture: Intel x86
13:55:55.0078 3120 Number of processors: 2
13:55:55.0078 3120 Page size: 0x1000
13:55:55.0078 3120 Boot type: Normal boot
13:55:55.0078 3120 ============================================================
13:55:56.0484 3120 Initialize success
13:55:58.0781 1372 ============================================================
13:55:58.0781 1372 Scan started
13:55:58.0781 1372 Mode: Manual;
13:55:58.0781 1372 ============================================================
13:55:59.0484 1372 .ipsec - ok
13:55:59.0531 1372 Abiosdsk - ok
13:55:59.0531 1372 abp480n5 - ok
13:55:59.0593 1372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:55:59.0593 1372 ACPI - ok
13:55:59.0625 1372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:55:59.0625 1372 ACPIEC - ok
13:55:59.0640 1372 adpu160m - ok
13:55:59.0687 1372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:55:59.0687 1372 aec - ok
13:55:59.0734 1372 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
13:55:59.0765 1372 AFD - ok
13:55:59.0765 1372 Aha154x - ok
13:55:59.0765 1372 aic78u2 - ok
13:55:59.0781 1372 aic78xx - ok
13:55:59.0796 1372 AliIde - ok
13:55:59.0875 1372 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:55:59.0906 1372 Ambfilt - ok
13:55:59.0906 1372 amsint - ok
13:55:59.0921 1372 asc - ok
13:55:59.0937 1372 asc3350p - ok
13:55:59.0937 1372 asc3550 - ok
13:55:59.0984 1372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:55:59.0984 1372 AsyncMac - ok
13:56:00.0015 1372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:56:00.0015 1372 atapi - ok
13:56:00.0015 1372 Atdisk - ok
13:56:00.0031 1372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:56:00.0031 1372 Atmarpc - ok
13:56:00.0078 1372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:56:00.0078 1372 audstub - ok
13:56:00.0125 1372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:56:00.0125 1372 Beep - ok
13:56:00.0171 1372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:56:00.0171 1372 cbidf2k - ok
13:56:00.0171 1372 cd20xrnt - ok
13:56:00.0218 1372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:56:00.0218 1372 Cdaudio - ok
13:56:00.0265 1372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:56:00.0265 1372 Cdfs - ok
13:56:00.0312 1372 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:56:00.0359 1372 Cdrom - ok
13:56:00.0359 1372 Changer - ok
13:56:00.0375 1372 CmdIde - ok
13:56:00.0390 1372 Cpqarray - ok
13:56:00.0406 1372 dac2w2k - ok
13:56:00.0406 1372 dac960nt - ok
13:56:00.0453 1372 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
13:56:00.0453 1372 DgiVecp - ok
13:56:00.0484 1372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:56:00.0484 1372 Disk - ok
13:56:00.0500 1372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:56:00.0515 1372 dmboot - ok
13:56:00.0531 1372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:56:00.0531 1372 dmio - ok
13:56:00.0531 1372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:56:00.0546 1372 dmload - ok
13:56:00.0562 1372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:56:00.0578 1372 DMusic - ok
13:56:00.0578 1372 dpti2o - ok
13:56:00.0593 1372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:56:00.0593 1372 drmkaud - ok
13:56:00.0656 1372 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys
13:56:00.0656 1372 exFat - ok
13:56:00.0671 1372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:56:00.0671 1372 Fastfat - ok
13:56:00.0687 1372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:56:00.0687 1372 Fdc - ok
13:56:00.0703 1372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:56:00.0703 1372 Fips - ok
13:56:00.0718 1372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:56:00.0718 1372 Flpydisk - ok
13:56:00.0765 1372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:56:00.0765 1372 FltMgr - ok
13:56:00.0796 1372 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:56:00.0796 1372 Fs_Rec - ok
13:56:00.0812 1372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:56:00.0812 1372 Ftdisk - ok
13:56:00.0843 1372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:56:00.0843 1372 Gpc - ok
13:56:00.0906 1372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:56:00.0906 1372 HDAudBus - ok
13:56:00.0953 1372 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:56:00.0953 1372 HidUsb - ok
13:56:00.0953 1372 hpn - ok
13:56:01.0000 1372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:56:01.0015 1372 HTTP - ok
13:56:01.0015 1372 i2omgmt - ok
13:56:01.0031 1372 i2omp - ok
13:56:01.0078 1372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:56:01.0078 1372 i8042prt - ok
13:56:01.0250 1372 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:56:01.0703 1372 ialm - ok
13:56:01.0796 1372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:56:01.0796 1372 Imapi - ok
13:56:01.0812 1372 ini910u - ok
13:56:02.0000 1372 IntcAzAudAddService (60d33814c478ad436082a05d7e50a0b6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:56:02.0062 1372 IntcAzAudAddService - ok
13:56:02.0062 1372 IntelIde - ok
13:56:02.0125 1372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:56:02.0125 1372 intelppm - ok
13:56:02.0140 1372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:56:02.0140 1372 Ip6Fw - ok
13:56:02.0171 1372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:56:02.0171 1372 IpFilterDriver - ok
13:56:02.0171 1372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:56:02.0171 1372 IpInIp - ok
13:56:02.0187 1372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:56:02.0187 1372 IpNat - ok
13:56:02.0203 1372 IPSec (b23a10f3b8e7c709aede131ff3603466) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:56:02.0390 1372 IPSec - ok
13:56:02.0406 1372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:56:02.0406 1372 IRENUM - ok
13:56:02.0437 1372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:56:02.0437 1372 isapnp - ok
13:56:02.0484 1372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:56:02.0484 1372 Kbdclass - ok
13:56:02.0515 1372 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:56:02.0515 1372 kbdhid - ok
13:56:02.0546 1372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:56:02.0546 1372 kmixer - ok
13:56:02.0578 1372 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
13:56:02.0578 1372 KSecDD - ok
13:56:02.0578 1372 lbrtfdc - ok
13:56:02.0609 1372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:56:02.0609 1372 mnmdd - ok
13:56:02.0625 1372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:56:02.0625 1372 Modem - ok
13:56:02.0656 1372 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
13:56:02.0687 1372 Monfilt - ok
13:56:02.0734 1372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:56:02.0734 1372 Mouclass - ok
13:56:02.0750 1372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:56:02.0765 1372 mouhid - ok
13:56:02.0781 1372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:56:02.0781 1372 MountMgr - ok
13:56:02.0812 1372 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:56:02.0828 1372 MpFilter - ok
13:56:02.0890 1372 MpKsl27397741 - ok
13:56:02.0890 1372 MpKsl408c788e - ok
13:56:02.0921 1372 MpKsle1207445 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5B5D1E7-F335-4D54-9D35-46EBE4C66617}\MpKsle1207445.sys
13:56:02.0921 1372 MpKsle1207445 - ok
13:56:02.0921 1372 mraid35x - ok
13:56:02.0937 1372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:56:02.0937 1372 MRxDAV - ok
13:56:02.0984 1372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:56:02.0984 1372 MRxSmb - ok
13:56:03.0000 1372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:56:03.0000 1372 Msfs - ok
13:56:03.0046 1372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:56:03.0046 1372 MSKSSRV - ok
13:56:03.0062 1372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:56:03.0078 1372 MSPCLOCK - ok
13:56:03.0078 1372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:56:03.0078 1372 MSPQM - ok
13:56:03.0109 1372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:56:03.0109 1372 mssmbios - ok
13:56:03.0125 1372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:56:03.0140 1372 Mup - ok
13:56:03.0171 1372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:56:03.0171 1372 NDIS - ok
13:56:03.0218 1372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:56:03.0234 1372 NdisTapi - ok
13:56:03.0265 1372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:56:03.0265 1372 Ndisuio - ok
13:56:03.0281 1372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:56:03.0281 1372 NdisWan - ok
13:56:03.0312 1372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:56:03.0312 1372 NDProxy - ok
13:56:03.0328 1372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:56:03.0328 1372 NetBIOS - ok
13:56:03.0343 1372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:56:03.0390 1372 NetBT - ok
13:56:03.0421 1372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:56:03.0421 1372 Npfs - ok
13:56:03.0468 1372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:56:03.0484 1372 Ntfs - ok
13:56:03.0515 1372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:56:03.0515 1372 Null - ok
13:56:03.0562 1372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:56:03.0562 1372 NwlnkFlt - ok
13:56:03.0578 1372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:56:03.0578 1372 NwlnkFwd - ok
13:56:03.0625 1372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:56:03.0625 1372 Parport - ok
13:56:03.0656 1372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:56:03.0656 1372 PartMgr - ok
13:56:03.0671 1372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:56:03.0687 1372 ParVdm - ok
13:56:03.0703 1372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:56:03.0703 1372 PCI - ok
13:56:03.0718 1372 PCIDump - ok
13:56:03.0734 1372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:56:03.0734 1372 PCIIde - ok
13:56:03.0765 1372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:56:03.0781 1372 Pcmcia - ok
13:56:03.0781 1372 PDCOMP - ok
13:56:03.0796 1372 PDFRAME - ok
13:56:03.0796 1372 PDRELI - ok
13:56:03.0812 1372 PDRFRAME - ok
13:56:03.0812 1372 perc2 - ok
13:56:03.0828 1372 perc2hib - ok
13:56:03.0859 1372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:56:03.0859 1372 PptpMiniport - ok
13:56:03.0875 1372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:56:03.0875 1372 PSched - ok
13:56:03.0890 1372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:56:03.0890 1372 Ptilink - ok
13:56:03.0906 1372 ql1080 - ok
13:56:03.0921 1372 Ql10wnt - ok
13:56:03.0921 1372 ql12160 - ok
13:56:03.0937 1372 ql1240 - ok
13:56:03.0937 1372 ql1280 - ok
13:56:03.0968 1372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:56:03.0968 1372 RasAcd - ok
13:56:03.0984 1372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:56:03.0984 1372 Rasl2tp - ok
13:56:04.0000 1372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:56:04.0000 1372 RasPppoe - ok
13:56:04.0015 1372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:56:04.0015 1372 Raspti - ok
13:56:04.0015 1372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:56:04.0031 1372 Rdbss - ok
13:56:04.0031 1372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:56:04.0031 1372 RDPCDD - ok
13:56:04.0078 1372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:56:04.0078 1372 rdpdr - ok
13:56:04.0109 1372 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:56:04.0109 1372 RDPWD - ok
13:56:04.0140 1372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:56:04.0187 1372 redbook - ok
13:56:04.0250 1372 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:56:04.0250 1372 RTLE8023xp - ok
13:56:04.0328 1372 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:56:04.0328 1372 SASDIFSV - ok
13:56:04.0343 1372 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:56:04.0343 1372 SASKUTIL - ok
13:56:04.0390 1372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:56:04.0390 1372 Secdrv - ok
13:56:04.0406 1372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:56:04.0406 1372 serenum - ok
13:56:04.0406 1372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:56:04.0468 1372 Serial - ok
13:56:04.0500 1372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:56:04.0500 1372 Sfloppy - ok
13:56:04.0515 1372 Simbad - ok
13:56:04.0531 1372 Sparrow - ok
13:56:04.0578 1372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:56:04.0578 1372 splitter - ok
13:56:04.0625 1372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:56:04.0625 1372 sr - ok
13:56:04.0687 1372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:56:04.0687 1372 Srv - ok
13:56:04.0703 1372 SSPORT - ok
13:56:04.0750 1372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:56:04.0750 1372 swenum - ok
13:56:04.0765 1372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:56:04.0765 1372 swmidi - ok
13:56:04.0781 1372 symc810 - ok
13:56:04.0796 1372 symc8xx - ok
13:56:04.0796 1372 sym_hi - ok
13:56:04.0812 1372 sym_u3 - ok
13:56:04.0843 1372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:56:04.0843 1372 sysaudio - ok
13:56:04.0906 1372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:56:04.0937 1372 Tcpip - ok
13:56:04.0984 1372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:56:04.0984 1372 TDPIPE - ok
13:56:05.0000 1372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:56:05.0000 1372 TDTCP - ok
13:56:05.0031 1372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:56:05.0031 1372 TermDD - ok
13:56:05.0046 1372 TosIde - ok
13:56:05.0093 1372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:56:05.0093 1372 Udfs - ok
13:56:05.0093 1372 ultra - ok
13:56:05.0125 1372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:56:05.0140 1372 Update - ok
13:56:05.0171 1372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:56:05.0171 1372 usbccgp - ok
13:56:05.0218 1372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:56:05.0218 1372 usbehci - ok
13:56:05.0265 1372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:56:05.0265 1372 usbhub - ok
13:56:05.0281 1372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:56:05.0281 1372 USBSTOR - ok
13:56:05.0312 1372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:56:05.0328 1372 usbuhci - ok
13:56:05.0343 1372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:56:05.0343 1372 VgaSave - ok
13:56:05.0359 1372 ViaIde - ok
13:56:05.0390 1372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:56:05.0390 1372 VolSnap - ok
13:56:05.0437 1372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:56:05.0437 1372 Wanarp - ok
13:56:05.0437 1372 WDICA - ok
13:56:05.0484 1372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:56:05.0500 1372 wdmaud - ok
13:56:05.0562 1372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:56:05.0562 1372 WudfPf - ok
13:56:05.0578 1372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:56:05.0578 1372 WudfRd - ok
13:56:05.0593 1372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:56:05.0703 1372 \Device\Harddisk0\DR0 - ok
13:56:05.0703 1372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:56:06.0359 1372 \Device\Harddisk1\DR2 - ok
13:56:06.0375 1372 Boot (0x1200) (589aaca56f951fb3e1e25d191d76f423) \Device\Harddisk0\DR0\Partition0
13:56:06.0375 1372 \Device\Harddisk0\DR0\Partition0 - ok
13:56:06.0375 1372 Boot (0x1200) (697110718edb2a8e4e48a9dc46f6234c) \Device\Harddisk1\DR2\Partition0
13:56:06.0375 1372 \Device\Harddisk1\DR2\Partition0 - ok
13:56:06.0375 1372 ============================================================
13:56:06.0375 1372 Scan finished
13:56:06.0375 1372 ============================================================
13:56:06.0375 2576 Detected object count: 0
13:56:06.0375 2576 Actual detected object count: 0
13:57:25.0921 3032 Deinitialize success


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7820

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/5/2011 2:33:51 PM
mbam-log-2011-10-05 (14-33-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 195696
Time elapsed: 31 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 05 October 2011 - 03:32 PM

Ok, it may be exploiting your old Java and we should reset the Hosts file and see if the reirects stop.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 GayleW

GayleW
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 05 October 2011 - 04:03 PM

i reset the host file, and uninstalled the old java and installed the new version,jre-7-windows-i586.exe.

i'm not getting redirects, i can't connect to my network or to the internet since i ran mbam to clean security guard 2012 yesterday. in looking at the minitoolbox log, it doesn't look like the tcpip stuff is loading. could security guard 2012 have screwed that up?

Edited by GayleW, 05 October 2011 - 04:07 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 05 October 2011 - 10:47 PM

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 GayleW

GayleW
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 06 October 2011 - 08:36 AM

okay. checked again and use a proxy is not checked. was succcessful at the winsock reset but it did not fix the issue. the ipv6 reset was successful, but did not fix the issue. the ipv4 reset gave me the error "command was not found". the flushdns gave me "an internal error occurred. the request is not supported. unable to query host name."

i did notice something odd. the network connection, which is an onboard connection, is now network connection 2. i wouldn't swear to it, but i think that before this virus hit, it was just connection. just for grins i went into bios, disabled the onboard lan, rebooted a couple of times, re-enabled the onboard lan, rebooted, and now it is showing as connection 3. it says it is connected, but it really isn't. this virus has done something somewhere to screw up the network. any clue where? this is a computer of one of our sales people where i work, and i'd like to get it fixed without having to format and reinstall.

#8 GayleW

GayleW
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 06 October 2011 - 11:34 AM

ended up having to run system file checker. after running sfc and rebooting, was able to hit the net again. updated mbam and ran a full scan. it found nothing. ran microsoft security essentials, and it found one thing and removed it.

seems to be working right now. i'll let you know if anything changes. thanks for all your help.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 06 October 2011 - 11:56 AM

Ok, that sounds good.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users