Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after removing Security 2012 malware


  • Please log in to reply
3 replies to this topic

#1 cygnet06

cygnet06

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 04 February 2012 - 12:18 PM

I had the Security 2012 problem and seem to be almost recovered. I used Malwarebytes anti-malware to get rid of it but as others have experienced I had no internet. I was able to restore missing registry entries for Security Center, NetBt, wscsvc and wuauserv from another XP SP3 machine and internet access was available again. On a couple of occasions over the last 24 hours, after being connected to the internet, access was then lost again. I have not been able to associate this with any particular event. Each time, access was restored again by recopying NetBt.reg into registry and rebooting, but it doesn't seem to be totally stable.

As per Broni's instructions to favorito 1/30/2012 12:10 pm, I ran Security check, FSS.exe, MiniToolBox.exe, MBAM and aswMBR. Everything seems ok except for one entry in aswMBR - it detects one suspicious module - DLADResN.SYS. I ran FixMBR and reran the scan, and the same message comes back, so I'm not sure if this is a significant problem or not.

Here are the log files:

Checkup:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
McAfee Security Scan Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

FSS:
Farbar Service Scanner Version: 02-02-2012
Ran by Lorne (administrator) on 04-02-2012 at 09:55:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) TVTPktFilter(10)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Lorne (administrator) on 04-02-2012 at 10:02:38
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® 82566MC Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LENOVO-69483380

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1C-BF-07-73-3C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Saturday, February 04, 2012 9:51:52 AM

Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 9:51:52 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82566MC Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1A-6B-CD-77-58

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.49, 74.125.226.52, 74.125.226.48, 74.125.226.51
74.125.226.50



Pinging google.com [74.125.226.49] with 32 bytes of data:



Reply from 74.125.226.49: bytes=32 time=97ms TTL=56

Reply from 74.125.226.49: bytes=32 time=121ms TTL=56



Ping statistics for 74.125.226.49:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 97ms, Maximum = 121ms, Average = 109ms

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=104ms TTL=53

Reply from 209.191.122.70: bytes=32 time=126ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 104ms, Maximum = 126ms, Average = 115ms

Server: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c bf 07 73 3c ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 1a 6b cd 77 58 ...... Intel® 82566MC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.12 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.12 192.168.2.12 25
192.168.2.12 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.12 192.168.2.12 25
224.0.0.0 240.0.0.0 192.168.2.12 192.168.2.12 25
255.255.255.255 255.255.255.255 192.168.2.12 3 1
255.255.255.255 255.255.255.255 192.168.2.12 192.168.2.12 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (02/04/2012 09:51:49 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 001CBF07733C. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (02/04/2012 00:22:49 AM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (02/04/2012 00:22:48 AM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (02/04/2012 00:21:59 AM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (02/03/2012 06:25:01 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (02/03/2012 06:18:09 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (02/03/2012 06:18:09 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (02/03/2012 03:55:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TVT Backup Service service to connect.

Error: (02/03/2012 03:55:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TVT Backup Protection Service service to connect.

Error: (02/03/2012 03:55:57 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
Access Help (Version: 2.02)
Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.0 (Version: 9.4.0)
ArcSoft MediaImpression (Version: 1.2.26.429)
Avercast
Avercast (Version: 4.0.1)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
Bing Bar (Version: 7.0.822.0)
Brother MFL-Pro Suite (Version: 1.00)
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CCleaner (Version: 3.02)
Client Security Solution (Version: 8.00.0311.00)
Dell AIO Printer A920
Dell Driver Download Manager (Version: 2.1.0.0)
Dropbox (Version: 1.2.51)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.3 (Version: 3.3b)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (Version: 10.50.1617.0)
Google Chrome (Version: 16.0.912.75)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
GoToMeeting 5.0.0.799 (Version: 5.0.0.799)
Help Center (Version: 2.00n)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Integrated Camera (Version: 5.8.8.010)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless WiFi Software (Version: 12.04.0000)
InterVideo WinDVD (Version: 5.0-B11.311)
InterVideo WinDVD Creator 3 (Version: 3.0.01.196)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Junk Mail filter update (Version: 14.0.8117.416)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Registration
Lenovo System Interface Driver (Version: 1.02)
Maintenance Manager (Version: 3.0.5.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Message Center (Version: 2.01g)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1617.0)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1617.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
mProSafe (Version: 9.00.0000)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
mWlsSafe (Version: 9.00.0000)
MySQL Connector/ODBC 3.51 (Version: 3.51.19)
On Screen Display (Version: 6.10.01)
Presentation Director (Version: 4.08)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
QlikView x86 (Version: 10.00.9055.7)
Rapport (Version: 3.5.1108.55)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery (Version: 4.10.0314.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
Segoe UI (Version: 14.0.4327.805)
Simply Accounting by Sage 2008 (Version: 2008)
Simply Accounting by Sage 2008 (Version: Release A)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Sonic DLA (Version: 5.2.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.10.01.5520)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
System Migration Assistant (Version: 5.20.0033)
System Update (Version: 3.14.0024)
TeamViewer 5 (Version: 5.1.9385 )
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.1.0.3100)
ThinkPad EasyEject Utility (Version: 2.39)
ThinkPad FullScreen Magnifier (Version: 2.15)
ThinkPad Keyboard Customizer Utility (Version: 1.3.53.0)
ThinkPad Modem (Version: 7.80.7.0)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.60.0.4)
ThinkPad Power Manager (Version: 1.14)
ThinkPad UltraNav Driver (Version: 15.0.24.0)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Access Connections (Version: 4.40)
ThinkVantage Active Protection System (Version: 1.72)
ThinkVantage Fingerprint Software (Version: 5.8.5.6014)
ThinkVantage Productivity Center (Version: 3.11)
ThinkVantage Technologies Welcome Message (Version: 1.18)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Wallpapers
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (Version: 11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows Resource Kit Tools (Version: 5.2.3790)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 14.5 (Version: 14.5.9095)
XP Themes (Version: 1.00.0000)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2038.22 MB
Available physical RAM: 1121.23 MB
Total Pagefile: 3930.03 MB
Available Pagefile: 3025.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.21 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:87.35 GB) (Free:5.07 GB) NTFS
3 Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.32 GB) FAT

========================= Users: ========================================

User accounts for \\LENOVO-69483380

Administrator ASPNET Guest
HelpAssistant Lorne SUPPORT_388945a0


**** End of log ****

MBAM:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lorne :: LENOVO-69483380 [administrator]

Protection: Enabled

2/4/2012 9:24:38 AM
mbam-log-2012-02-04 (09-24-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198423
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR (2 logs, second one from after running fixMBR):
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 10:04:02
-----------------------------
10:04:02.562 OS Version: Windows 5.1.2600 Service Pack 3
10:04:02.562 Number of processors: 2 586 0xF0A
10:04:02.562 ComputerName: LENOVO-69483380 UserName: Lorne
10:04:03.625 Initialize success
10:04:15.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:04:15.687 Disk 0 Vendor: HTS72101 MCZI Size: 95396MB BusType: 3
10:04:15.703 Disk 0 MBR read successfully
10:04:15.703 Disk 0 MBR scan
10:04:15.703 Disk 0 Windows XP default MBR code
10:04:15.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89450 MB offset 63
10:04:15.734 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5943 MB offset 183193920
10:04:15.734 Disk 0 scanning sectors +195365520
10:04:15.812 Disk 0 scanning C:\WINDOWS\system32\drivers
10:04:33.843 Service scanning
10:04:35.546 Modules scanning
10:04:46.140 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:04:47.875 Disk 0 trace - called modules:
10:04:47.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
10:04:48.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a804198]
10:04:48.421 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a715030]
10:04:48.421 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a7fe028]
10:04:48.421 Scan finished successfully
10:05:18.187 Verifying
10:05:28.187 Disk 0 Windows 501 MBR fixed successfully
10:05:57.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorne\Desktop\MBR.dat"
10:05:57.859 The log file has been saved successfully to "C:\Documents and Settings\Lorne\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 12:01:06
-----------------------------
12:01:06.015 OS Version: Windows 5.1.2600 Service Pack 3
12:01:06.015 Number of processors: 2 586 0xF0A
12:01:06.015 ComputerName: LENOVO-69483380 UserName: Lorne
12:01:07.031 Initialize success
12:01:11.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:01:11.953 Disk 0 Vendor: HTS72101 MCZI Size: 95396MB BusType: 3
12:01:12.000 Disk 0 MBR read successfully
12:01:12.000 Disk 0 MBR scan
12:01:12.000 Disk 0 Windows XP default MBR code
12:01:12.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89450 MB offset 63
12:01:12.015 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5943 MB offset 183193920
12:01:12.015 Disk 0 scanning sectors +195365520
12:01:12.062 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:30.484 Service scanning
12:01:32.031 Modules scanning
12:01:42.234 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:01:43.968 Disk 0 trace - called modules:
12:01:43.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
12:01:43.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7b8030]
12:01:43.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000092[0x8a7e8ac0]
12:01:43.984 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a7ec028]
12:01:44.000 Scan finished successfully
12:03:40.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lorne\Desktop\MBR.dat"
12:03:40.796 The log file has been saved successfully to "C:\Documents and Settings\Lorne\Desktop\aswMBR.txt"


Any idea why the internet access drops out after a while, and how to fix the suspcious DLADResN.SYS? Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 04 February 2012 - 01:56 PM

Lets also run these.. It still may be infection altering internet.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cygnet06

cygnet06
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 05 February 2012 - 02:52 PM

Installed a new HOSTS file (there wasn't one!!). I think that has solved the intermittent loss of internet access as I have been connected now for about 6 hours with no interruption.

As suggested, I ran TDSSKiller and it seemed to come out clean. (I had run it previously in trying to get rid of the original problem.)
Here is the log anyway.

09:43:58.0265 5336 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:43:59.0093 5336 ============================================================
09:43:59.0093 5336 Current date / time: 2012/02/05 09:43:59.0093
09:43:59.0093 5336 SystemInfo:
09:43:59.0093 5336
09:43:59.0093 5336 OS Version: 5.1.2600 ServicePack: 3.0
09:43:59.0093 5336 Product type: Workstation
09:43:59.0093 5336 ComputerName: LENOVO-69483380
09:43:59.0093 5336 UserName: Lorne
09:43:59.0093 5336 Windows directory: C:\WINDOWS
09:43:59.0093 5336 System windows directory: C:\WINDOWS
09:43:59.0093 5336 Processor architecture: Intel x86
09:43:59.0093 5336 Number of processors: 2
09:43:59.0093 5336 Page size: 0x1000
09:43:59.0093 5336 Boot type: Normal boot
09:43:59.0093 5336 ============================================================
09:44:00.0890 5336 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:44:00.0906 5336 Drive \Device\Harddisk1\DR7 - Size: 0x76C00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:44:00.0921 5336 \Device\Harddisk0\DR0:
09:44:00.0921 5336 MBR used
09:44:00.0921 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEB5101
09:44:00.0921 5336 \Device\Harddisk1\DR7:
09:44:00.0921 5336 MBR used
09:44:00.0953 5336 Initialize success
09:44:00.0953 5336 ============================================================
09:44:09.0234 5520 ============================================================
09:44:09.0234 5520 Scan started
09:44:09.0234 5520 Mode: Manual;
09:44:09.0234 5520 ============================================================
09:44:09.0968 5520 Abiosdsk - ok
09:44:10.0000 5520 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:44:10.0031 5520 abp480n5 - ok
09:44:10.0078 5520 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
09:44:10.0109 5520 ac97intc - ok
09:44:10.0171 5520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:44:10.0234 5520 ACPI - ok
09:44:10.0359 5520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:44:10.0375 5520 ACPIEC - ok
09:44:10.0453 5520 ADIHdAudAddService (ca6d262e0e68da7ac1e2edb0a8324031) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:44:10.0500 5520 ADIHdAudAddService - ok
09:44:10.0546 5520 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:44:10.0625 5520 adpu160m - ok
09:44:10.0796 5520 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys
09:44:10.0843 5520 AEAudio - ok
09:44:10.0890 5520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:44:10.0953 5520 aec - ok
09:44:11.0000 5520 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
09:44:11.0046 5520 Afc - ok
09:44:11.0093 5520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:44:11.0109 5520 AFD - ok
09:44:11.0250 5520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:44:11.0296 5520 agp440 - ok
09:44:11.0328 5520 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:44:11.0359 5520 agpCPQ - ok
09:44:11.0406 5520 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:44:11.0437 5520 Aha154x - ok
09:44:11.0468 5520 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:44:11.0546 5520 aic78u2 - ok
09:44:11.0687 5520 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:44:11.0734 5520 aic78xx - ok
09:44:11.0765 5520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:44:11.0796 5520 AliIde - ok
09:44:11.0843 5520 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:44:11.0859 5520 alim1541 - ok
09:44:11.0875 5520 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:44:11.0921 5520 amdagp - ok
09:44:11.0953 5520 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:44:11.0984 5520 amsint - ok
09:44:12.0140 5520 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
09:44:12.0187 5520 ANC - ok
09:44:12.0234 5520 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:44:12.0281 5520 asc - ok
09:44:12.0312 5520 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:44:12.0343 5520 asc3350p - ok
09:44:12.0375 5520 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:44:12.0406 5520 asc3550 - ok
09:44:12.0578 5520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:44:12.0609 5520 AsyncMac - ok
09:44:12.0656 5520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:44:12.0703 5520 atapi - ok
09:44:12.0718 5520 Atdisk - ok
09:44:12.0750 5520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:44:12.0781 5520 Atmarpc - ok
09:44:12.0843 5520 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
09:44:12.0875 5520 atmeltpm - ok
09:44:13.0000 5520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:44:13.0031 5520 audstub - ok
09:44:13.0156 5520 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
09:44:13.0187 5520 avgio - ok
09:44:13.0234 5520 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:44:13.0265 5520 avgntflt - ok
09:44:13.0312 5520 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:44:13.0359 5520 avipbb - ok
09:44:13.0531 5520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:44:13.0546 5520 Beep - ok
09:44:13.0609 5520 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
09:44:13.0640 5520 BrScnUsb - ok
09:44:13.0703 5520 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
09:44:13.0734 5520 BrSerIf - ok
09:44:13.0750 5520 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
09:44:13.0781 5520 BrUsbSer - ok
09:44:13.0968 5520 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:44:14.0046 5520 BTKRNL - ok
09:44:14.0078 5520 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
09:44:14.0093 5520 BTWUSB - ok
09:44:14.0140 5520 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:44:14.0156 5520 cbidf - ok
09:44:14.0265 5520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:44:14.0265 5520 cbidf2k - ok
09:44:14.0296 5520 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:44:14.0312 5520 cd20xrnt - ok
09:44:14.0343 5520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:44:14.0375 5520 Cdaudio - ok
09:44:14.0421 5520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:44:14.0468 5520 Cdfs - ok
09:44:14.0515 5520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:44:14.0546 5520 Cdrom - ok
09:44:14.0562 5520 Changer - ok
09:44:14.0625 5520 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:44:14.0671 5520 CmBatt - ok
09:44:14.0812 5520 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:44:14.0828 5520 CmdIde - ok
09:44:14.0875 5520 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:44:14.0906 5520 Compbatt - ok
09:44:14.0953 5520 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:44:14.0984 5520 Cpqarray - ok
09:44:15.0015 5520 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:44:15.0046 5520 dac2w2k - ok
09:44:15.0187 5520 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:44:15.0203 5520 dac960nt - ok
09:44:15.0265 5520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:44:15.0312 5520 Disk - ok
09:44:15.0359 5520 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:44:15.0406 5520 DLABOIOM - ok
09:44:15.0421 5520 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:44:15.0468 5520 DLACDBHM - ok
09:44:15.0609 5520 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:44:15.0640 5520 DLADResN - ok
09:44:15.0812 5520 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:44:15.0875 5520 DLAIFS_M - ok
09:44:15.0906 5520 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:44:15.0953 5520 DLAOPIOM - ok
09:44:15.0984 5520 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:44:16.0015 5520 DLAPoolM - ok
09:44:16.0156 5520 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:44:16.0187 5520 DLARTL_N - ok
09:44:16.0234 5520 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:44:16.0281 5520 DLAUDFAM - ok
09:44:16.0328 5520 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:44:16.0375 5520 DLAUDF_M - ok
09:44:16.0453 5520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:44:16.0515 5520 dmboot - ok
09:44:16.0671 5520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:44:16.0734 5520 dmio - ok
09:44:16.0765 5520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:44:16.0781 5520 dmload - ok
09:44:16.0828 5520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:44:16.0859 5520 DMusic - ok
09:44:16.0906 5520 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:44:16.0937 5520 dpti2o - ok
09:44:17.0078 5520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:44:17.0109 5520 drmkaud - ok
09:44:17.0156 5520 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:44:17.0203 5520 DRVMCDB - ok
09:44:17.0218 5520 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:44:17.0250 5520 DRVNDDM - ok
09:44:17.0296 5520 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:44:17.0328 5520 E100B - ok
09:44:17.0390 5520 e1express (67396a6b3adac7ff233cadf6d1660dba) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:44:17.0437 5520 e1express - ok
09:44:17.0656 5520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:44:17.0718 5520 Fastfat - ok
09:44:17.0734 5520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:44:17.0765 5520 Fdc - ok
09:44:17.0796 5520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:44:17.0843 5520 Fips - ok
09:44:17.0875 5520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:44:17.0890 5520 Flpydisk - ok
09:44:18.0046 5520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:44:18.0093 5520 FltMgr - ok
09:44:18.0140 5520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:44:18.0187 5520 Fs_Rec - ok
09:44:18.0218 5520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:44:18.0265 5520 Ftdisk - ok
09:44:18.0296 5520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:44:18.0343 5520 Gpc - ok
09:44:18.0515 5520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:44:18.0562 5520 HDAudBus - ok
09:44:18.0703 5520 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:44:18.0750 5520 HidUsb - ok
09:44:18.0812 5520 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:44:18.0843 5520 hpn - ok
09:44:18.0953 5520 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:44:19.0015 5520 HSFHWAZL - ok
09:44:19.0125 5520 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:44:19.0218 5520 HSF_DPV - ok
09:44:19.0328 5520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:44:19.0343 5520 HTTP - ok
09:44:19.0421 5520 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:44:19.0453 5520 i2omgmt - ok
09:44:19.0484 5520 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:44:19.0500 5520 i2omp - ok
09:44:19.0578 5520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:44:19.0625 5520 i8042prt - ok
09:44:19.0859 5520 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:44:19.0984 5520 ialm - ok
09:44:20.0109 5520 iaStor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:44:20.0109 5520 iaStor - ok
09:44:20.0234 5520 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
09:44:20.0265 5520 IBMPMDRV - ok
09:44:20.0296 5520 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
09:44:20.0328 5520 IBMTPCHK - ok
09:44:20.0390 5520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:44:20.0406 5520 Imapi - ok
09:44:20.0484 5520 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:44:20.0515 5520 ini910u - ok
09:44:20.0625 5520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:44:20.0656 5520 IntelIde - ok
09:44:20.0703 5520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:44:20.0734 5520 intelppm - ok
09:44:20.0765 5520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:44:20.0796 5520 Ip6Fw - ok
09:44:20.0890 5520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:44:20.0921 5520 IpFilterDriver - ok
09:44:21.0031 5520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:44:21.0046 5520 IpInIp - ok
09:44:21.0093 5520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:44:21.0140 5520 IpNat - ok
09:44:21.0171 5520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:44:21.0218 5520 IPSec - ok
09:44:21.0312 5520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:44:21.0328 5520 IRENUM - ok
09:44:21.0421 5520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:44:21.0453 5520 isapnp - ok
09:44:21.0500 5520 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
09:44:21.0546 5520 Iviaspi - ok
09:44:21.0578 5520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:44:21.0625 5520 Kbdclass - ok
09:44:21.0718 5520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:44:21.0765 5520 kmixer - ok
09:44:21.0875 5520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:44:21.0890 5520 KSecDD - ok
09:44:21.0906 5520 lbrtfdc - ok
09:44:21.0984 5520 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
09:44:22.0031 5520 lenovo.smi - ok
09:44:22.0093 5520 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:44:22.0140 5520 MBAMProtector - ok
09:44:22.0234 5520 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:44:22.0281 5520 mdmxsdk - ok
09:44:22.0390 5520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:44:22.0421 5520 mnmdd - ok
09:44:22.0468 5520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:44:22.0515 5520 Modem - ok
09:44:22.0546 5520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:44:22.0578 5520 Mouclass - ok
09:44:22.0656 5520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:44:22.0687 5520 mouhid - ok
09:44:22.0781 5520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:44:22.0812 5520 MountMgr - ok
09:44:22.0859 5520 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:44:22.0890 5520 mraid35x - ok
09:44:22.0921 5520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:44:22.0984 5520 MRxDAV - ok
09:44:23.0109 5520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:44:23.0125 5520 MRxSmb - ok
09:44:23.0218 5520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:44:23.0250 5520 Msfs - ok
09:44:23.0296 5520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:44:23.0328 5520 MSKSSRV - ok
09:44:23.0390 5520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:44:23.0421 5520 MSPCLOCK - ok
09:44:23.0453 5520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:44:23.0468 5520 MSPQM - ok
09:44:23.0515 5520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:44:23.0562 5520 mssmbios - ok
09:44:23.0687 5520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:44:23.0687 5520 Mup - ok
09:44:23.0781 5520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:44:23.0843 5520 NDIS - ok
09:44:23.0890 5520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:44:23.0890 5520 NdisTapi - ok
09:44:23.0921 5520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:44:23.0953 5520 Ndisuio - ok
09:44:24.0062 5520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:44:24.0078 5520 NdisWan - ok
09:44:24.0109 5520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:44:24.0125 5520 NDProxy - ok
09:44:24.0218 5520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:44:24.0250 5520 NetBIOS - ok
09:44:24.0312 5520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:44:24.0343 5520 NetBT - ok
09:44:24.0562 5520 NETw4x32 (9b18806954cb7f33b538cbf090562db2) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:44:24.0687 5520 NETw4x32 - ok
09:44:25.0046 5520 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:44:25.0343 5520 NETw5x32 - ok
09:44:25.0921 5520 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
09:44:26.0421 5520 NETwLx32 - ok
09:44:26.0578 5520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:44:26.0625 5520 Npfs - ok
09:44:26.0687 5520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:44:26.0781 5520 Ntfs - ok
09:44:26.0843 5520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:44:26.0875 5520 Null - ok
09:44:27.0093 5520 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:44:27.0234 5520 nv - ok
09:44:27.0375 5520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:44:27.0390 5520 NwlnkFlt - ok
09:44:27.0421 5520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:44:27.0453 5520 NwlnkFwd - ok
09:44:27.0531 5520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:44:27.0546 5520 Parport - ok
09:44:27.0593 5520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:44:27.0625 5520 PartMgr - ok
09:44:27.0781 5520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:44:27.0796 5520 ParVdm - ok
09:44:27.0828 5520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:44:27.0875 5520 PCI - ok
09:44:27.0890 5520 PCIDump - ok
09:44:27.0906 5520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:44:27.0921 5520 PCIIde - ok
09:44:27.0968 5520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:44:28.0015 5520 Pcmcia - ok
09:44:28.0031 5520 PDCOMP - ok
09:44:28.0062 5520 PDFRAME - ok
09:44:28.0078 5520 PDRELI - ok
09:44:28.0093 5520 PDRFRAME - ok
09:44:28.0125 5520 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:44:28.0156 5520 perc2 - ok
09:44:28.0312 5520 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:44:28.0328 5520 perc2hib - ok
09:44:28.0406 5520 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
09:44:28.0437 5520 pmem - ok
09:44:28.0500 5520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:44:28.0546 5520 PptpMiniport - ok
09:44:28.0593 5520 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
09:44:28.0625 5520 PROCDD - ok
09:44:28.0765 5520 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:44:28.0812 5520 Processor - ok
09:44:28.0859 5520 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
09:44:28.0890 5520 psadd - ok
09:44:28.0937 5520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:44:28.0984 5520 PSched - ok
09:44:29.0031 5520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:44:29.0062 5520 Ptilink - ok
09:44:29.0125 5520 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:44:29.0156 5520 PxHelp20 - ok
09:44:29.0312 5520 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:44:29.0359 5520 ql1080 - ok
09:44:29.0406 5520 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:44:29.0437 5520 Ql10wnt - ok
09:44:29.0484 5520 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:44:29.0531 5520 ql12160 - ok
09:44:29.0578 5520 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:44:29.0609 5520 ql1240 - ok
09:44:29.0656 5520 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:44:29.0703 5520 ql1280 - ok
09:44:29.0906 5520 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
09:44:29.0968 5520 RapportCerberus_34302 - ok
09:44:30.0062 5520 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:44:30.0109 5520 RapportEI - ok
09:44:30.0171 5520 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
09:44:30.0203 5520 RapportIaso - ok
09:44:30.0359 5520 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
09:44:30.0406 5520 RapportKELL - ok
09:44:30.0500 5520 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:44:30.0562 5520 RapportPG - ok
09:44:30.0703 5520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:44:30.0734 5520 RasAcd - ok
09:44:30.0796 5520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:44:30.0828 5520 Rasl2tp - ok
09:44:30.0953 5520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:44:30.0984 5520 RasPppoe - ok
09:44:31.0015 5520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:44:31.0062 5520 Raspti - ok
09:44:31.0093 5520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:44:31.0140 5520 Rdbss - ok
09:44:31.0187 5520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:44:31.0218 5520 RDPCDD - ok
09:44:31.0281 5520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:44:31.0343 5520 rdpdr - ok
09:44:31.0500 5520 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:44:31.0500 5520 RDPWD - ok
09:44:31.0562 5520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:44:31.0609 5520 redbook - ok
09:44:31.0687 5520 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
09:44:31.0750 5520 RsFx0150 - ok
09:44:31.0812 5520 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:44:31.0843 5520 s24trans - ok
09:44:32.0031 5520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:44:32.0062 5520 Secdrv - ok
09:44:32.0093 5520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:44:32.0125 5520 serenum - ok
09:44:32.0171 5520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:44:32.0203 5520 Serial - ok
09:44:32.0250 5520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:44:32.0281 5520 Sfloppy - ok
09:44:32.0453 5520 Shockprf (bc31655a03d9e9ed6f7116bafb9b38c7) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
09:44:32.0500 5520 Shockprf - ok
09:44:32.0515 5520 Simbad - ok
09:44:32.0593 5520 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:44:32.0609 5520 sisagp - ok
09:44:32.0734 5520 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
09:44:32.0781 5520 smihlp2 - ok
09:44:32.0843 5520 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:44:32.0875 5520 Sparrow - ok
09:44:33.0031 5520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:44:33.0078 5520 splitter - ok
09:44:33.0140 5520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:44:33.0187 5520 sr - ok
09:44:33.0265 5520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:44:33.0281 5520 Srv - ok
09:44:33.0343 5520 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:44:33.0375 5520 ssmdrv - ok
09:44:33.0546 5520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:44:33.0578 5520 swenum - ok
09:44:33.0640 5520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:44:33.0671 5520 swmidi - ok
09:44:33.0718 5520 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:44:33.0750 5520 symc810 - ok
09:44:33.0796 5520 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:44:33.0828 5520 symc8xx - ok
09:44:33.0875 5520 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:44:33.0921 5520 sym_hi - ok
09:44:34.0046 5520 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:44:34.0078 5520 sym_u3 - ok
09:44:34.0203 5520 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:44:34.0328 5520 SynTP - ok
09:44:34.0453 5520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:44:34.0500 5520 sysaudio - ok
09:44:34.0593 5520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:44:34.0609 5520 Tcpip - ok
09:44:34.0671 5520 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
09:44:34.0703 5520 TcUsb - ok
09:44:34.0750 5520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:44:34.0765 5520 TDPIPE - ok
09:44:34.0906 5520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:44:34.0937 5520 TDTCP - ok
09:44:34.0968 5520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:44:35.0015 5520 TermDD - ok
09:44:35.0078 5520 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:44:35.0078 5520 TosIde - ok
09:44:35.0125 5520 TPDIGIMN (c5dc9e462407b274b504de2aa3220c2e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
09:44:35.0156 5520 TPDIGIMN - ok
09:44:35.0218 5520 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
09:44:35.0234 5520 TPHKDRV - ok
09:44:35.0406 5520 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
09:44:35.0421 5520 TPPWRIF - ok
09:44:35.0500 5520 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
09:44:35.0531 5520 TSMAPIP - ok
09:44:35.0625 5520 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
09:44:35.0625 5520 tvtfilter - ok
09:44:35.0687 5520 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
09:44:35.0734 5520 TVTI2C - ok
09:44:35.0890 5520 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
09:44:35.0906 5520 TVTPktFilter - ok
09:44:35.0968 5520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:44:36.0015 5520 Udfs - ok
09:44:36.0031 5520 UIUSys - ok
09:44:36.0093 5520 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:44:36.0125 5520 ultra - ok
09:44:36.0203 5520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:44:36.0265 5520 Update - ok
09:44:36.0437 5520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:44:36.0484 5520 usbaudio - ok
09:44:36.0531 5520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:44:36.0562 5520 usbccgp - ok
09:44:36.0656 5520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:44:36.0703 5520 usbehci - ok
09:44:36.0796 5520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:44:36.0843 5520 usbhub - ok
09:44:36.0906 5520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:44:36.0937 5520 usbprint - ok
09:44:37.0000 5520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:44:37.0031 5520 usbscan - ok
09:44:37.0125 5520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:44:37.0171 5520 USBSTOR - ok
09:44:37.0265 5520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:44:37.0296 5520 usbuhci - ok
09:44:37.0343 5520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:44:37.0375 5520 VgaSave - ok
09:44:37.0437 5520 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:44:37.0484 5520 viaagp - ok
09:44:37.0578 5520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:44:37.0593 5520 ViaIde - ok
09:44:37.0687 5520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:44:37.0718 5520 VolSnap - ok
09:44:37.0781 5520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:44:37.0828 5520 Wanarp - ok
09:44:37.0906 5520 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:44:37.0968 5520 Wdf01000 - ok
09:44:38.0015 5520 WDICA - ok
09:44:38.0156 5520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:44:38.0187 5520 wdmaud - ok
09:44:38.0281 5520 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:44:38.0375 5520 winachsf - ok
09:44:38.0515 5520 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:44:38.0546 5520 WmiAcpi - ok
09:44:38.0640 5520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:44:38.0890 5520 \Device\Harddisk0\DR0 - ok
09:44:38.0906 5520 MBR (0x1B8) (5fc202272ad3e5bdbb63379ab42a0643) \Device\Harddisk1\DR7
09:44:42.0421 5520 \Device\Harddisk1\DR7 - ok
09:44:42.0453 5520 Boot (0x1200) (a1d3f24e17f8c2b32371183852dec516) \Device\Harddisk0\DR0\Partition0
09:44:42.0453 5520 \Device\Harddisk0\DR0\Partition0 - ok
09:44:42.0453 5520 ============================================================
09:44:42.0453 5520 Scan finished
09:44:42.0453 5520 ============================================================
09:44:42.0484 4612 Detected object count: 0
09:44:42.0484 4612 Actual detected object count: 0
09:46:53.0656 1532 Deinitialize success

Then ran ESET. It found four problems which were quarantined and deleted - here is the log from that.

C:\Documents and Settings\Lorne\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\aebplnambrjkghcdefvlt.jar-2a089fb7-106f8a91.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Lorne\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\aebplnambrjkghcdefvlt.jar-2a2459c3-5aabb7cf.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Lorne\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\pyreeqhlckuglwmsmcwak.jar-721e2121-47001cca.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Lorne\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\pyreeqhlckuglwmsmcwak.jar-7239db2d-5ef908ef.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

I'm guardedly optimistic that I'm back in business now. If there are any other things you think I should do, please let me know. Otherwise thanks a million for your help.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 05 February 2012 - 06:29 PM

You're welcome! Looks good..

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users