Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rz4Xg2.exe


  • Please log in to reply
16 replies to this topic

#1 beardbuster

beardbuster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 26 October 2011 - 01:21 PM

EDIT:Moved from XP to Am I Infected forum


Hello...
When my daughter starts her system, window XP Pro, a window pops up saying the system needs to shut down due to the following RZ4XG2.exe I have searched online and can't find that anywhere... What is it? I can't use system restore because this is a home school computer and we do not have admin access...
THANKS in advance...
Clyde

Edited by boopme, 26 October 2011 - 01:43 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:39 AM

Posted 26 October 2011 - 01:26 PM

Welcome aboard Posted Image

It looks like possible infection.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 26 October 2011 - 05:51 PM

THANKS... this will take me a day or two I have to upload and burn to disk what you have asked me to download... the system will not go online as is... THANKS again....


The following link does not work:

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Edited by beardbuster, 26 October 2011 - 07:20 PM.


#4 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 27 October 2011 - 08:12 PM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java 2 Runtime Environment, SE v1.4.2_07
Adobe Flash Player ( 9.0.124.0) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
McAfee Managed VirusScan Agent myAgtTry.Exe
McAfee Managed VirusScan Agent myAgtSvc.Exe
McAfee Managed VirusScan VScan McShield.exe
``````````End of Log````````````
**********************************************************************
MiniToolBox by Farbar
Ran by Parent (administrator) on 27-10-2011 at 18:10:31
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:8075
========================= Hosts content: =================================

72.52.4.76 www.limewire.com
72.52.4.76 www.frostwire.com
72.52.4.76 www.bit-torrent.com
72.52.4.76 www.bearshare.com
72.52.4.76 www.zeropaid.com
72.52.4.76 www.felmlee.com
72.52.4.76 www.gnutelliums.com
72.52.4.76 phex.sourceforge.net
72.52.4.76 www.revolutionarystuff.com
72.52.4.76 www.xolox.nl
72.52.4.76 www.grokster.com
72.52.4.76 www.morpheus.com
72.52.4.76 www.music-e.net
72.52.4.76 www.chadsmp3s.com
72.52.4.76 www.napster.com
72.52.4.76 www.napstermp3.com
72.52.4.76 www.shareaza.com
72.52.4.76 www.neo-modus.com
72.52.4.76 www.filetopia.org
72.52.4.76 www.imesh.com
72.52.4.76 www.gnutellaforums.com
72.52.4.76 www.kazaa.com
72.52.4.76 www.torrent-finder.com
72.52.4.76 www.sharetv.org
72.52.4.76 www.btjunkie.org
72.52.4.76 www.filemp3.org
72.52.4.76 www.torrentbytes.net
72.52.4.76 www.thepiratebay.org
72.52.4.76 www.torrentz.com
72.52.4.76 www.torrents.to
72.52.4.76 www.torrentmatrix.com
72.52.4.76 www.isohunt.com
72.52.4.76 www.torrent-damage.net
72.52.4.76 www.meganova.org
72.52.4.76 www.fulldls.com
72.52.4.76 www.scrapetorrent.com
72.52.4.76 www.thinktorrent.com
72.52.4.76 www.filelist.org
72.52.4.76 www.torrentlocomotive.com
72.52.4.76 www.porn.com
72.52.4.76 www.whitehouse.com
72.52.4.76 www.xxx.com
72.52.4.76 www.Slyuser.com
72.52.4.76 www.foxyproxy.com
72.52.4.76 www.ugoplayer.com
72.52.4.76 www.rapidojeux.com
72.52.4.76 www.zango.com
72.52.4.76 www.erotic.com
72.52.4.76 www.penthouse.com
72.52.4.76 www.playboy.com
72.52.4.76 www.hustler.com
127.0.0.1 coo0lnet.net
127.0.0.1 localhost
127.0.0.1 www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : K12-73DCC087895

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : clearwire-wmx.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-24-21-7B-5D-38



Ethernet adapter Wireless Network Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Sierra Wireless Network Adapter #2

Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-85



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : clearwire-wmx.net

Description . . . . . . . . . . . : WiMAX Network Adapter

Physical Address. . . . . . . . . : 00-A0-D5-25-A6-8E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 75.94.171.118

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Default Gateway . . . . . . . . . : 75.94.160.1

DHCP Server . . . . . . . . . . . : 10.42.45.46

DNS Servers . . . . . . . . . . . : 66.233.175.12

75.94.255.12

Lease Obtained. . . . . . . . . . : Thursday, October 27, 2011 5:55:23 PM

Lease Expires . . . . . . . . . . : Friday, October 28, 2011 5:55:23 PM

Server: 75-94-255-12.gar.clearwire-wmx.net
Address: 75.94.255.12

Name: google.com
Addresses: 74.125.47.147, 74.125.47.106, 74.125.47.104, 74.125.47.103
74.125.47.105, 74.125.47.99



Pinging google.com [72.14.204.103] with 32 bytes of data:



Reply from 72.14.204.103: bytes=32 time=97ms TTL=56

Reply from 72.14.204.103: bytes=32 time=63ms TTL=56



Ping statistics for 72.14.204.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 97ms, Average = 80ms

Server: 75-94-255-12.gar.clearwire-wmx.net
Address: 75.94.255.12

Name: yahoo.com
Addresses: 72.30.2.43, 67.195.160.76, 98.137.149.56, 209.191.122.70
98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=107ms TTL=52

Reply from 98.139.180.149: bytes=32 time=92ms TTL=53



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 107ms, Average = 99ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 21 7b 5d 38 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
0x30004 ...00 a0 d5 ff ff 85 ...... Sierra Wireless Network Adapter #2 - Packet Scheduler Miniport
0x30005 ...00 a0 d5 25 a6 8e ...... WiMAX Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 75.94.160.1 75.94.171.118 20
75.94.160.0 255.255.240.0 75.94.171.118 75.94.171.118 20
75.94.171.118 255.255.255.255 127.0.0.1 127.0.0.1 20
75.255.255.255 255.255.255.255 75.94.171.118 75.94.171.118 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 75.94.171.118 75.94.171.118 20
255.255.255.255 255.255.255.255 75.94.171.118 2 1
255.255.255.255 255.255.255.255 75.94.171.118 30004 1
255.255.255.255 255.255.255.255 75.94.171.118 75.94.171.118 1
Default Gateway: 75.94.160.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/27/2011 05:16:57 PM) (Source: Application Error) (User: )
Description: Faulting application rz4xg2.exe, version 0.0.0.0, faulting module rz4xg2.exe, version 0.0.0.0, fault address 0x00001d50.
Processing media-specific event for [rz4xg2.exe!ws!]

Error: (10/27/2011 03:40:59 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module nt7ut.dll, version 0.0.0.0, fault address 0x00001bbe.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/27/2011 03:37:31 PM) (Source: Application Error) (User: )
Description: Faulting application rz4xg2.exe, version 0.0.0.0, faulting module rz4xg2.exe, version 0.0.0.0, fault address 0x00001d50.
Processing media-specific event for [rz4xg2.exe!ws!]

Error: (10/27/2011 03:37:31 PM) (Source: Application Error) (User: )
Description: Faulting application rz4xg2.exe, version 0.0.0.0, faulting module rz4xg2.exe, version 0.0.0.0, fault address 0x00001d50.
Processing media-specific event for [rz4xg2.exe!ws!]

Error: (10/27/2011 01:50:16 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module mfatinke.dll, version 1.0.0.4, fault address 0x0000511f.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/27/2011 00:14:17 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module nt7ut.dll, version 0.0.0.0, fault address 0x00001bbe.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/27/2011 11:04:03 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module mfatinke.dll, version 1.0.0.4, fault address 0x0000511f.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/27/2011 10:29:17 AM) (Source: Application Error) (User: )
Description: Faulting application rz4xg2.exe, version 0.0.0.0, faulting module rz4xg2.exe, version 0.0.0.0, fault address 0x00001d50.
Processing media-specific event for [rz4xg2.exe!ws!]

Error: (10/27/2011 10:29:16 AM) (Source: Application Error) (User: )
Description: Faulting application rz4xg2.exe, version 0.0.0.0, faulting module rz4xg2.exe, version 0.0.0.0, fault address 0x00001d50.
Processing media-specific event for [rz4xg2.exe!ws!]

Error: (10/27/2011 09:55:01 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module nt7ut.dll, version 0.0.0.0, fault address 0x00001bbe.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/27/2011 05:53:28 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference error message: The operation completed successfully.
.


Microsoft Office Sessions:
=========================
Error: (10/27/2011 05:16:57 PM) (Source: Application Error)(User: )
Description: rz4xg2.exe0.0.0.0rz4xg2.exe0.0.0.000001d50

Error: (10/27/2011 03:40:59 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156nt7ut.dll0.0.0.000001bbe

Error: (10/27/2011 03:37:31 PM) (Source: Application Error)(User: )
Description: rz4xg2.exe0.0.0.0rz4xg2.exe0.0.0.000001d50

Error: (10/27/2011 03:37:31 PM) (Source: Application Error)(User: )
Description: rz4xg2.exe0.0.0.0rz4xg2.exe0.0.0.000001d50

Error: (10/27/2011 01:50:16 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156mfatinke.dll1.0.0.40000511f

Error: (10/27/2011 00:14:17 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156nt7ut.dll0.0.0.000001bbe

Error: (10/27/2011 11:04:03 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156mfatinke.dll1.0.0.40000511f

Error: (10/27/2011 10:29:17 AM) (Source: Application Error)(User: )
Description: rz4xg2.exe0.0.0.0rz4xg2.exe0.0.0.000001d50

Error: (10/27/2011 10:29:16 AM) (Source: Application Error)(User: )
Description: rz4xg2.exe0.0.0.0rz4xg2.exe0.0.0.000001d50

Error: (10/27/2011 09:55:01 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.3156nt7ut.dll0.0.0.000001bbe


=========================== Installed Programs ============================

Ad-aware 6 Personal (Version: 6.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player Plugin (Version: 9.0.124.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
ATI Display Driver (Version: 8.533-080917a-070520C-HP)
CLEAR Connection Manager (Version: 2.01.0047.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Java 2 Runtime Environment, SE v1.4.2_07 (Version: 1.4.2_07)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Links 2003
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
QuickTime (Version: 7.4.5.67)
RealPlayer
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.7)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 1791.26 MB
Available physical RAM: 1280.89 MB
Total Pagefile: 3431.35 MB
Available Pagefile: 2930.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:64.79 GB) NTFS

========================= Users: ========================================

User accounts for \\K12-73DCC087895

Administrator Guest HelpAssistant
McAfeeMVSUser Parent SUPPORT_388945a0
VCSParent


**** End of log ****
********************************************************************
Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.
The above link does not work ???
*****************************************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-27 17:52:39
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST380815AS rev.3.CHH
Running: 6p08w6l1.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\ffwcifow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys (Hide My Folders AX Control Core Driver/Eltima Software) ZwQueryDirectoryFile [0xBA2C981A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0434527]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0434551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0434511]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA04344E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0434567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA043453B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3F939B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3F939B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A3F939B

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380815AS______________________________3.CHH___#5239365752325243202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] aaqzvytvv <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:39 AM

Posted 27 October 2011 - 08:15 PM

OK, we have several issue there.

Let's start with a rootkit removal.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 28 October 2011 - 07:00 AM

That link does not work? THANKS


I just looked at some of the stuff I pasted on here...
This is a home school computer and they have used it for file sharing programs...porno nad what have you.... looks like I'll have to bklock access from these sites after this fix... my eyes have been opened UGH!!!

Edited by beardbuster, 28 October 2011 - 07:16 AM.


#7 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 28 October 2011 - 09:40 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 07:38:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST380815AS rev.3.CHH
Running: 6p08w6l1.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\ffwcifow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys (Hide My Folders AX Control Core Driver/Eltima Software) ZwCreateFile [0xBA2C94A8] <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys (Hide My Folders AX Control Core Driver/Eltima Software) ZwOpenFile [0xBA2C96A6] <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys (Hide My Folders AX Control Core Driver/Eltima Software) ZwQueryDirectoryFile [0xBA2C981A] <-- ROOTKIT !!!

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0434527]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0434551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0434511]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA04344E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0434567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA043453B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 805018C4 7 Bytes JMP A043453F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A6286 7 Bytes JMP A0434555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A709C 5 Bytes JMP A043456B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805AC81E 7 Bytes JMP A0434515 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C601E 5 Bytes JMP A043452B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C77FE 5 Bytes JMP A04344EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB911B000, 0x1A4422, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C30F5C
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C30051
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C30040
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C3002F
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C30F9E
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C30F1A
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C30F37
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C3007D
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C30EE4
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C30EC9
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C30062
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\services.exe[724] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C30EFF
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[724] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F9A
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FAB
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FC6
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00040FDB
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00040011
.text C:\WINDOWS\system32\services.exe[724] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00040022
.text C:\WINDOWS\system32\services.exe[724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF0F46
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF003B
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0F61
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF0F7C
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF0F0E
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF0F1F
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF0082
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0071
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00FF0ECE
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00FF0F8D
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00FF0056
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\lsass.exe[736] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00FF0EF3
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00FE0051
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00FE0040
.text C:\WINDOWS\system32\lsass.exe[736] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FC1
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0FD2
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD002E
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD000C
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FE3
.text C:\WINDOWS\system32\lsass.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD001D
.text C:\WINDOWS\system32\lsass.exe[736] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\lsass.exe[736] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DE0F85
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DE0084
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DE0FAA
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DE0FD1
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DE0062
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DE0F74
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DE00B0
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DE0F34
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DE00CD
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00DE00DE
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00DE0073
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00DE009F
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00DE0047
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00DE0F4F
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00DD0F7C
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00DD0039
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00DD0F97
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00DD0FA8
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC0064
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0049
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC002E
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0FE3
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[904] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[904] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[904] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[904] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C00F83
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C00F94
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C00FA5
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C000B5
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C000A4
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C000FC
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C000E1
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C00F3E
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C00093
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C000D0
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00BF0F8A
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00BF0FA5
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00BF0FB6
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0033
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0022
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\svchost.exe[1040] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 00FD9DB4
.text C:\WINDOWS\System32\svchost.exe[1040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
.text C:\WINDOWS\System32\svchost.exe[1040] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02BE0FEF
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02BE0F55
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02BE0F66
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02BE0F77
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02BE0036
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02BE0F94
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02BE005B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02BE0F13
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02BE0EF8
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02BE009B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02BE0EDD
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02BE0025
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02BE0FDE
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02BE0F30
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02BE000A
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02BE0FC3
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02BE0076
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 02BD0FCA
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02BD0F79
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02BD001B
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02BD000A
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02BD0F8A
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02BD0036
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02BD0FAF
.text C:\WINDOWS\System32\svchost.exe[1040] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01F3000A
.text C:\WINDOWS\System32\svchost.exe[1040] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02BC0FB2
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!system 77C293C7 5 Bytes JMP 02BC0FC3
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02BC0029
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02BC0000
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02BC0FD4
.text C:\WINDOWS\System32\svchost.exe[1040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02BA0000
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02BA0011
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02BA0FDB
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02BA0FCA
.text C:\WINDOWS\System32\svchost.exe[1040] NETAPI32.dll!NetpwPathCanonicalize 5B86A101 5 Bytes JMP 00FD9D54
.text C:\WINDOWS\System32\svchost.exe[1040] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02BB0000
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 00A09DB4
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F55
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A40F70
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A4004A
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40F8D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A40080
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A4006F
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A40F13
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A400B6
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A400D1
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A40F9E
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A40FCA
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A40F44
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A40FB9
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A400A5
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009F002F
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009F0F7C
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009F0014
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009F0FDE
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009F0F97
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009F0FA8
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009F0FCD
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FBC
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0047
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 009C0FDB
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00960065
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00960F70
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00960F81
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00960F9E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00960025
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009600A7
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0096008A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009600D3
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009600B8
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009600EE
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00960040
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00960FD4
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00960F5F
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00960FB9
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00960F3A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00950040
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009500AC
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0095002F
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0095009B
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00950076
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0095005B
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940FCD
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940FDE
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940033
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0094000C
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940044
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AA0084
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AA0F8F
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AA0073
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AA0062
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AA0036
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AA00C4
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AA0F72
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AA0F35
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AA0F46
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00AA00F3
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00AA0047
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00AA00A9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00AA0F61
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008E0FB9
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008E0F68
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008E0F83
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008E0F9E
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0055
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D003A
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0029
.text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[1544] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 008B0FB2
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\explorer.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\explorer.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\explorer.exe[1856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D3000C
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002B0025
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002B0080
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002B000A
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002B006F
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002B004A
.text C:\WINDOWS\explorer.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002C0F9A
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 002C0FB5
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002C0FC6
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002C0FE3
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002C0025
.text C:\WINDOWS\explorer.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3F939B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3F939B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A3F939B

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380815AS______________________________3.CHH___#5239365752325243202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] aaqzvytvv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@DisplayName Config Installer
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv@Description Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aaqzvytvv\Parameters@ServiceDll C:\WINDOWS\system32\isagt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@DisplayName Config Installer
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv@Description Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\aaqzvytvv\Parameters@ServiceDll C:\WINDOWS\system32\isagt.dll

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#8 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 28 October 2011 - 09:59 AM

07:48:36.0343 5848 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
07:48:36.0375 5848 ============================================================
07:48:36.0375 5848 Current date / time: 2011/10/28 07:48:36.0375
07:48:36.0375 5848 SystemInfo:
07:48:36.0375 5848
07:48:36.0375 5848 OS Version: 5.1.2600 ServicePack: 2.0
07:48:36.0375 5848 Product type: Workstation
07:48:36.0375 5848 ComputerName: K12-73DCC087895
07:48:36.0375 5848 UserName: Parent
07:48:36.0375 5848 Windows directory: C:\WINDOWS
07:48:36.0375 5848 System windows directory: C:\WINDOWS
07:48:36.0375 5848 Processor architecture: Intel x86
07:48:36.0375 5848 Number of processors: 1
07:48:36.0375 5848 Page size: 0x1000
07:48:36.0375 5848 Boot type: Normal boot
07:48:36.0375 5848 ============================================================
07:48:36.0921 5848 Initialize success
07:48:43.0000 3808 ============================================================
07:48:43.0000 3808 Scan started
07:48:43.0000 3808 Mode: Manual;
07:48:43.0000 3808 ============================================================
07:48:43.0750 3808 Suspicious service (NoAccess): aaqzvytvv
07:48:43.0796 3808 Abiosdsk - ok
07:48:43.0843 3808 abp480n5 - ok
07:48:43.0906 3808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:48:43.0921 3808 ACPI - ok
07:48:43.0968 3808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:48:44.0015 3808 ACPIEC - ok
07:48:44.0078 3808 ADIHdAudAddService (52cc84e612c283f774f9cb196ccef6fb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
07:48:44.0078 3808 ADIHdAudAddService - ok
07:48:44.0125 3808 adpu160m - ok
07:48:44.0140 3808 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
07:48:44.0140 3808 AEAudio - ok
07:48:44.0156 3808 aec - ok
07:48:44.0218 3808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
07:48:44.0218 3808 AFD - ok
07:48:44.0312 3808 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
07:48:44.0312 3808 AgereSoftModem - ok
07:48:44.0343 3808 Aha154x - ok
07:48:44.0359 3808 aic78u2 - ok
07:48:44.0390 3808 aic78xx - ok
07:48:44.0437 3808 AliIde - ok
07:48:44.0453 3808 amsint - ok
07:48:44.0484 3808 asc - ok
07:48:44.0500 3808 asc3350p - ok
07:48:44.0515 3808 asc3550 - ok
07:48:44.0562 3808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:48:44.0562 3808 AsyncMac - ok
07:48:44.0593 3808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:48:44.0593 3808 atapi - ok
07:48:44.0625 3808 Atdisk - ok
07:48:44.0750 3808 ati2mtag (af0abf90899c212f2eeb5bf7200054eb) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:48:44.0781 3808 ati2mtag - ok
07:48:44.0843 3808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:48:44.0843 3808 Atmarpc - ok
07:48:44.0921 3808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:48:44.0921 3808 audstub - ok
07:48:44.0968 3808 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:48:44.0968 3808 b57w2k - ok
07:48:45.0015 3808 bcm (b5b0b31bbc69aa89b539cf9a84ceada3) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
07:48:45.0031 3808 bcm - ok
07:48:45.0062 3808 bcmbusctr (bc88fb0a5131cf1384dceeee13c59943) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
07:48:45.0062 3808 bcmbusctr - ok
07:48:45.0109 3808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:48:45.0109 3808 Beep - ok
07:48:45.0187 3808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:48:45.0234 3808 cbidf2k - ok
07:48:45.0265 3808 cd20xrnt - ok
07:48:45.0281 3808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:48:45.0343 3808 Cdaudio - ok
07:48:45.0375 3808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
07:48:45.0375 3808 Cdfs - ok
07:48:45.0421 3808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:48:45.0421 3808 Cdrom - ok
07:48:45.0437 3808 Changer - ok
07:48:45.0468 3808 CmdIde - ok
07:48:45.0500 3808 Cpqarray - ok
07:48:45.0531 3808 dac2w2k - ok
07:48:45.0531 3808 dac960nt - ok
07:48:45.0593 3808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
07:48:45.0593 3808 Disk - ok
07:48:45.0671 3808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
07:48:45.0671 3808 dmboot - ok
07:48:45.0687 3808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
07:48:45.0687 3808 dmio - ok
07:48:45.0750 3808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:48:45.0750 3808 dmload - ok
07:48:45.0781 3808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
07:48:45.0796 3808 DMusic - ok
07:48:45.0828 3808 dpti2o - ok
07:48:45.0875 3808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
07:48:45.0875 3808 drmkaud - ok
07:48:45.0953 3808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
07:48:46.0015 3808 Fastfat - ok
07:48:46.0062 3808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:48:46.0062 3808 Fdc - ok
07:48:46.0093 3808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
07:48:46.0093 3808 Fips - ok
07:48:46.0109 3808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:48:46.0171 3808 Flpydisk - ok
07:48:46.0234 3808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:48:46.0234 3808 FltMgr - ok
07:48:46.0250 3808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:48:46.0250 3808 Fs_Rec - ok
07:48:46.0281 3808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:48:46.0281 3808 Ftdisk - ok
07:48:46.0343 3808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:48:46.0343 3808 Gpc - ok
07:48:46.0390 3808 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:48:46.0390 3808 HDAudBus - ok
07:48:46.0421 3808 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:48:46.0421 3808 hidusb - ok
07:48:46.0468 3808 HMFAxCoreac1538dd22fa7acfd433f47c679ad9da (2a20de5280ba64032500dc40dddad5a3) C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys
07:48:46.0468 3808 HMFAxCoreac1538dd22fa7acfd433f47c679ad9da - ok
07:48:46.0500 3808 hpn - ok
07:48:46.0531 3808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
07:48:46.0531 3808 HTTP - ok
07:48:46.0546 3808 i2omgmt - ok
07:48:46.0562 3808 i2omp - ok
07:48:46.0625 3808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:48:46.0625 3808 i8042prt - ok
07:48:46.0671 3808 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
07:48:46.0671 3808 IFXTPM - ok
07:48:46.0718 3808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:48:46.0718 3808 Imapi - ok
07:48:46.0734 3808 ini910u - ok
07:48:46.0859 3808 IntcAzAudAddService (a7d3a1b2cabdab81ead07c204adb7ce1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:48:46.0953 3808 IntcAzAudAddService - ok
07:48:46.0984 3808 IntelIde - ok
07:48:47.0062 3808 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:48:47.0062 3808 Ip6Fw - ok
07:48:47.0109 3808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:48:47.0109 3808 IpFilterDriver - ok
07:48:47.0140 3808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:48:47.0140 3808 IpInIp - ok
07:48:47.0218 3808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:48:47.0218 3808 IpNat - ok
07:48:47.0265 3808 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:48:47.0281 3808 IPSec - ok
07:48:47.0328 3808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:48:47.0328 3808 IRENUM - ok
07:48:47.0375 3808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:48:47.0375 3808 isapnp - ok
07:48:47.0421 3808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:48:47.0421 3808 Kbdclass - ok
07:48:47.0453 3808 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:48:47.0453 3808 kbdhid - ok
07:48:47.0500 3808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
07:48:47.0500 3808 kmixer - ok
07:48:47.0562 3808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
07:48:47.0562 3808 KSecDD - ok
07:48:47.0593 3808 lbrtfdc - ok
07:48:47.0687 3808 MfeAVFK (172938cc0f4a772adcfce7b0bf3e0b12) C:\WINDOWS\system32\drivers\MfeAVFK.sys
07:48:47.0687 3808 MfeAVFK - ok
07:48:47.0734 3808 MfeBOPK (4e20be4196dde74ea1468bb0f8863d79) C:\WINDOWS\system32\drivers\MfeBOPK.sys
07:48:47.0734 3808 MfeBOPK - ok
07:48:47.0781 3808 mfehidk (ee05b34dd0d19547b76537b4c6f808d4) C:\WINDOWS\system32\drivers\mfehidk.sys
07:48:47.0781 3808 mfehidk - ok
07:48:47.0812 3808 mfetdik (ce2834beb1c3c4db3eba4be2cb9c692f) C:\WINDOWS\system32\drivers\mfetdik.sys
07:48:47.0812 3808 mfetdik - ok
07:48:47.0859 3808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:48:47.0859 3808 mnmdd - ok
07:48:47.0906 3808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
07:48:47.0906 3808 Modem - ok
07:48:47.0953 3808 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
07:48:47.0953 3808 motccgp - ok
07:48:48.0015 3808 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
07:48:48.0015 3808 motccgpfl - ok
07:48:48.0062 3808 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
07:48:48.0062 3808 motmodem - ok
07:48:48.0109 3808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:48:48.0109 3808 Mouclass - ok
07:48:48.0156 3808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:48:48.0156 3808 mouhid - ok
07:48:48.0203 3808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
07:48:48.0203 3808 MountMgr - ok
07:48:48.0218 3808 mraid35x - ok
07:48:48.0281 3808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:48:48.0281 3808 MRxDAV - ok
07:48:48.0359 3808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:48:48.0359 3808 MRxSmb - ok
07:48:48.0406 3808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
07:48:48.0406 3808 Msfs - ok
07:48:48.0437 3808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:48:48.0437 3808 MSKSSRV - ok
07:48:48.0453 3808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:48:48.0453 3808 MSPCLOCK - ok
07:48:48.0468 3808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
07:48:48.0468 3808 MSPQM - ok
07:48:48.0500 3808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:48:48.0500 3808 mssmbios - ok
07:48:48.0546 3808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
07:48:48.0546 3808 Mup - ok
07:48:48.0593 3808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
07:48:48.0593 3808 NDIS - ok
07:48:48.0640 3808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:48:48.0640 3808 NdisTapi - ok
07:48:48.0671 3808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:48:48.0671 3808 Ndisuio - ok
07:48:48.0703 3808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:48:48.0703 3808 NdisWan - ok
07:48:48.0734 3808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
07:48:48.0734 3808 NDProxy - ok
07:48:48.0750 3808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:48:48.0750 3808 NetBIOS - ok
07:48:48.0781 3808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:48:48.0781 3808 NetBT - ok
07:48:48.0843 3808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
07:48:48.0843 3808 Npfs - ok
07:48:48.0921 3808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
07:48:48.0921 3808 Ntfs - ok
07:48:48.0953 3808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:48:48.0953 3808 Null - ok
07:48:49.0000 3808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:48:49.0000 3808 NwlnkFlt - ok
07:48:49.0031 3808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:48:49.0031 3808 NwlnkFwd - ok
07:48:49.0078 3808 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
07:48:49.0078 3808 NwlnkIpx - ok
07:48:49.0078 3808 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
07:48:49.0078 3808 NwlnkNb - ok
07:48:49.0125 3808 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
07:48:49.0125 3808 NwlnkSpx - ok
07:48:49.0156 3808 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
07:48:49.0156 3808 NWRDR - ok
07:48:49.0203 3808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
07:48:49.0203 3808 Parport - ok
07:48:49.0218 3808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
07:48:49.0218 3808 PartMgr - ok
07:48:49.0234 3808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:48:49.0296 3808 ParVdm - ok
07:48:49.0328 3808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
07:48:49.0328 3808 PCI - ok
07:48:49.0343 3808 PCIDump - ok
07:48:49.0375 3808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:48:49.0375 3808 PCIIde - ok
07:48:49.0421 3808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:48:49.0468 3808 Pcmcia - ok
07:48:49.0531 3808 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
07:48:49.0531 3808 PCTINDIS5 - ok
07:48:49.0562 3808 PDCOMP - ok
07:48:49.0593 3808 PDFRAME - ok
07:48:49.0640 3808 PDRELI - ok
07:48:49.0687 3808 PDRFRAME - ok
07:48:49.0718 3808 perc2 - ok
07:48:49.0765 3808 perc2hib - ok
07:48:49.0843 3808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:48:49.0843 3808 PptpMiniport - ok
07:48:49.0890 3808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
07:48:49.0890 3808 Processor - ok
07:48:49.0906 3808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
07:48:49.0906 3808 PSched - ok
07:48:49.0921 3808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:48:49.0921 3808 Ptilink - ok
07:48:49.0937 3808 ql1080 - ok
07:48:49.0984 3808 Ql10wnt - ok
07:48:50.0000 3808 ql12160 - ok
07:48:50.0015 3808 ql1240 - ok
07:48:50.0031 3808 ql1280 - ok
07:48:50.0046 3808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:48:50.0046 3808 RasAcd - ok
07:48:50.0078 3808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:48:50.0078 3808 Rasl2tp - ok
07:48:50.0109 3808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:48:50.0109 3808 RasPppoe - ok
07:48:50.0156 3808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:48:50.0156 3808 Raspti - ok
07:48:50.0218 3808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:48:50.0218 3808 Rdbss - ok
07:48:50.0265 3808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:48:50.0265 3808 RDPCDD - ok
07:48:50.0296 3808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:48:50.0296 3808 rdpdr - ok
07:48:50.0359 3808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
07:48:50.0515 3808 RDPWD - ok
07:48:50.0562 3808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:48:50.0578 3808 redbook - ok
07:48:50.0671 3808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:48:50.0671 3808 Secdrv - ok
07:48:50.0718 3808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:48:50.0718 3808 serenum - ok
07:48:50.0750 3808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
07:48:50.0750 3808 Serial - ok
07:48:50.0812 3808 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
07:48:50.0812 3808 SFAUDIO - ok
07:48:50.0859 3808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:48:50.0968 3808 Sfloppy - ok
07:48:51.0000 3808 Simbad - ok
07:48:51.0046 3808 Sparrow - ok
07:48:51.0109 3808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
07:48:51.0109 3808 splitter - ok
07:48:51.0140 3808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
07:48:51.0156 3808 sr - ok
07:48:51.0218 3808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
07:48:51.0218 3808 Srv - ok
07:48:51.0281 3808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:48:51.0296 3808 swenum - ok
07:48:51.0343 3808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
07:48:51.0343 3808 swmidi - ok
07:48:51.0375 3808 swmsflt (40ff1af10735cf67746b50780eff7ae4) C:\WINDOWS\System32\drivers\swmsflt.sys
07:48:51.0375 3808 swmsflt - ok
07:48:51.0421 3808 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
07:48:51.0421 3808 swmx00 - ok
07:48:51.0468 3808 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
07:48:51.0468 3808 SWNC5E00 - ok
07:48:51.0515 3808 symc810 - ok
07:48:51.0515 3808 symc8xx - ok
07:48:51.0531 3808 sym_hi - ok
07:48:51.0546 3808 sym_u3 - ok
07:48:51.0609 3808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
07:48:51.0609 3808 sysaudio - ok
07:48:51.0687 3808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:48:51.0687 3808 Tcpip - ok
07:48:51.0750 3808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:48:51.0843 3808 TDPIPE - ok
07:48:51.0875 3808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
07:48:51.0984 3808 TDTCP - ok
07:48:52.0031 3808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:48:52.0031 3808 TermDD - ok
07:48:52.0062 3808 TosIde - ok
07:48:52.0140 3808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
07:48:52.0140 3808 Udfs - ok
07:48:52.0171 3808 ultra - ok
07:48:52.0203 3808 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
07:48:52.0218 3808 Update - ok
07:48:52.0281 3808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:48:52.0281 3808 usbccgp - ok
07:48:52.0343 3808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:48:52.0343 3808 usbehci - ok
07:48:52.0390 3808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:48:52.0390 3808 usbhub - ok
07:48:52.0406 3808 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:48:52.0406 3808 usbohci - ok
07:48:52.0453 3808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:48:52.0453 3808 USBSTOR - ok
07:48:52.0500 3808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
07:48:52.0500 3808 VgaSave - ok
07:48:52.0500 3808 ViaIde - ok
07:48:52.0562 3808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
07:48:52.0562 3808 VolSnap - ok
07:48:52.0625 3808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:48:52.0625 3808 Wanarp - ok
07:48:52.0671 3808 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:48:52.0671 3808 Wdf01000 - ok
07:48:52.0687 3808 WDICA - ok
07:48:52.0765 3808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
07:48:52.0765 3808 wdmaud - ok
07:48:52.0843 3808 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:48:52.0843 3808 WmiAcpi - ok
07:48:52.0906 3808 MBR (0x1B8) (6740902318e30bd6e23729157057aa65) \Device\Harddisk0\DR0
07:48:52.0906 3808 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
07:48:52.0906 3808 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
07:48:52.0906 3808 Boot (0x1200) (41c861ce8e134dcb6c137306a3fc2308) \Device\Harddisk0\DR0\Partition0
07:48:52.0921 3808 \Device\Harddisk0\DR0\Partition0 - ok
07:48:52.0921 3808 ============================================================
07:48:52.0921 3808 Scan finished
07:48:52.0921 3808 ============================================================
07:48:52.0937 5404 Detected object count: 1
07:48:52.0937 5404 Actual detected object count: 1
07:49:00.0843 5404 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
07:49:00.0843 5404 \Device\Harddisk0\DR0 - ok
07:49:00.0843 5404 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
07:49:16.0750 2588 Deinitialize success

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:39 AM

Posted 28 October 2011 - 06:36 PM

Good :)

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

===============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 October 2011 - 12:09 AM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.


Server not found.... I've tried downloading this program at all hours of the day and night...
Can anyone email this to me?
THANKS in advance ...

#11 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 October 2011 - 12:13 AM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xB98A8000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5304320 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF19B000 C:\WINDOWS\System32\ati3duag.dll 3932160 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF55B000 C:\WINDOWS\System32\ativvaxx.dll 2379776 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB976E000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1204224 bytes (Agere Systems, SoftModem Device Driver)
0xB9E47000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF062000 C:\WINDOWS\System32\ati2cqag.dll 561152 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xAD1F2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF0EB000 C:\WINDOWS\System32\atikvmag.dll 446464 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAD31F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA20B000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xAD3E4000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 352256 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xA9256000 C:\WINDOWS\system32\DRIVERS\drxvi314.sys 344064 bytes (Beceem communications pvt ltd., Beceem Communications Inc. WiMAX driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 327680 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF158000 C:\WINDOWS\System32\atiok3x2.dll 274432 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB9622000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xA92AA000 C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys 204800 bytes (Sierra Wireless Inc., Sierra Wireless NDIS Driver)
0xB967E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9E1A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9742000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 180224 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xAA7C7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA93FA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAD261000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9DF8000 C:\WINDOWS\system32\drivers\mfehidk.sys 163840 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xAD2AE000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA7F3000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xA92DC000 C:\WINDOWS\system32\DRIVERS\swmx00.sys 159744 bytes (Sierra Wireless Inc., Sierra Wireless USB MUX Driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB96D7000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB971F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB96FC000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAD28C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAD3C2000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAD2FE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DFF000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAD3AA000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAD112000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9ED4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB96C0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA95B000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xAA6C2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9894000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD377000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB96AF000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA178000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xAA0C3000 C:\WINDOWS\system32\drivers\MfeAVFK.sys 65536 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA308000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAAA39000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xAA57A000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA218000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAA76F000 C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys 49152 bytes (Beceem communications pvt ltd., Beceem Communications Inc. WiMAX driver)
0xBA128000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA238000 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 45056 bytes (Infineon Technologies AG, Infineon Trusted Platform Module)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA268000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0F8000 sfaudio.sys 45056 bytes (Sonic Focus, Inc, Sonic Focus DSP driver for ADI)
0xBA2C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA298000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA93C3000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA158000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA118000 C:\WINDOWS\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys 36864 bytes (Eltima Software, Hide My Folders AX Control Core Driver)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA138000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA380000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3F8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA478000 C:\WINDOWS\system32\drivers\MfeBOPK.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA390000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3E8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA388000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA9FD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA560000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAD456000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB965E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB965A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA538000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA564000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5C8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5CE000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA656000 C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5CA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5CC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5BC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7E7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6FA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6B1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:39 AM

Posted 30 October 2011 - 10:12 AM

How is computer doing at the moment?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 30 October 2011 - 10:00 PM

This is what I see after simply turning the computer on and letting it sit as I do nothing... Within minutes the work offline box pops up then a few minutes later the explorer box pops up

Posted Image

#14 beardbuster

beardbuster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 31 October 2011 - 07:24 AM

I forgot this box pops up too

Posted Image

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:39 AM

Posted 31 October 2011 - 05:54 PM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users