Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes starts then stops


  • Please log in to reply
10 replies to this topic

#1 MarcLodge

MarcLodge

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 23 March 2012 - 03:49 PM

Hi, a friend has asked me to look at a machine which according to her 'when I go onto the internet, does not work'. I have little more to go on than that, but my first thoughts after checking device manager (all is ok) was to check for a virus. I've downloaded on another machine the latest version of MBAM and installed this fine. When I try to execute it though, it tells me the database is 70 days out of date and if I click yes to update, the program stops. No messages or anything, just stops. If I don't update it presents me with the main MBAM screen, but when I click 'scan', the program again just stops.

Grateful for any suggestions.

Marc

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 AM

Posted 23 March 2012 - 05:39 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 23 March 2012 - 06:58 PM

Log from security check:
=========================================================================================================
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

McAfee Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

mcafee VIRUSS~1 mcvsshld.exe
``````````End of Log````````````
=========================================================================================================
Log from FSS:
=========================================================================================================
Farbar Service Scanner Version: 01-03-2012
Ran by dell (administrator) on 23-03-2012 at 23:38:38
Running from "I:\Virus stuff"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
H:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
H:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
H:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
H:\WINDOWS\system32\netman.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\srsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
H:\WINDOWS\system32\wscsvc.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\wuauserv.dll => MD5 is legit
H:\WINDOWS\system32\qmgr.dll => MD5 is legit
H:\WINDOWS\system32\es.dll => MD5 is legit
H:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
H:\WINDOWS\system32\svchost.exe => MD5 is legit
H:\WINDOWS\system32\rpcss.dll => MD5 is legit
H:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****
=========================================================================================================
Log from mini toolboox:
=========================================================================================================
MiniToolBox by Farbar Version: 18-01-2012
Ran by dell (administrator) on 23-03-2012 at 23:40:06
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell-369fdb885f

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-72-E1-22-37

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.9

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 23 March 2012 23:33:37

Lease Expires . . . . . . . . . . : 24 March 2012 23:33:37

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.34.131, 173.194.34.132, 173.194.34.142, 173.194.34.135
173.194.34.130, 173.194.34.137, 173.194.34.129, 173.194.34.136, 173.194.34.133
173.194.34.134, 173.194.34.128



Pinging google.com [173.194.34.128] with 32 bytes of data:



Reply from 173.194.34.128: bytes=32 time=217ms TTL=53

Reply from 173.194.34.128: bytes=32 time=348ms TTL=53



Ping statistics for 173.194.34.128:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 217ms, Maximum = 348ms, Average = 282ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=334ms TTL=50

Reply from 98.139.183.24: bytes=32 time=403ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 334ms, Maximum = 403ms, Average = 368ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 e1 22 37 ...... Intel® PRO/100 VE Network Connection - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.9 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.9 192.168.0.9 20
192.168.0.0 255.255.255.0 192.168.0.9 192.168.0.9 20
192.168.0.9 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.9 192.168.0.9 20
224.0.0.0 240.0.0.0 192.168.0.9 192.168.0.9 20
255.255.255.255 255.255.255.255 192.168.0.9 192.168.0.9 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 H:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 H:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 H:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 H:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 H:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 H:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 H:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/23/2012 11:33:57 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (03/23/2012 11:33:53 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (03/23/2012 11:33:53 PM) (Source: STacSV) (User: SYSTEM)SYSTEM
Description: Connection to the Storage interface failed

Error: (03/23/2012 08:08:28 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 7142, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (03/23/2012 08:08:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (03/23/2012 08:08:25 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 7142, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (03/23/2012 08:07:13 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (03/23/2012 08:06:33 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (03/23/2012 08:06:30 PM) (Source: STacSV) (User: SYSTEM)SYSTEM
Description: Connection to the Storage interface failed

Error: (03/23/2012 07:18:51 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7


System errors:
=============
Error: (03/23/2012 11:39:22 PM) (Source: DCOM) (User: dell)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (03/23/2012 11:38:20 PM) (Source: DCOM) (User: dell)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (03/23/2012 08:49:57 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/23/2012 08:42:10 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2012 08:42:10 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2012 08:39:43 PM) (Source: DCOM) (User: Administrator)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (03/23/2012 08:38:18 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2012 08:37:59 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2012 08:37:54 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2012 08:37:42 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.0.0.4080)
Adobe Reader X (10.1.2) (Version: 10.1.2)
AiO_Scan_CDA (Version: 70.0.231.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
Bonjour (Version: 3.0.0.10)
Conexant D850 56K V.9x DFVc Modem
Digital Line Detect (Version: 1.10)
FIFA 2003
Google Chrome (Version: 17.0.963.79)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Photosmart, Officejet and Deskjet 7.0.A (Version: 7.0)
Intel® Network Connections Drivers
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Internet Security (Version: 11.0.654)
Memeo Instant Backup (Version: 4.60.0.7876)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Modem On Hold (Version: 1.12)
MSVCRT (Version: 14.0.1468.721)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0)
QFolder (Version: 1.00.0000)
Scan (Version: 7.0.0.0)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4803.0)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.6 (Version: 5.6.110)
Total Club Manager 2004
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 3710.07 MB
Available physical RAM: 3160.29 MB
Total Pagefile: 5591.33 MB
Available Pagefile: 5116.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.04 MB

========================= Partitions: =====================================

6 Drive h: () (Fixed) (Total:232.88 GB) (Free:216.34 GB) NTFS
7 Drive i: () (Removable) (Total:7.44 GB) (Free:0.71 GB) FAT32

========================= Users: ========================================

User accounts for \\DELL-369FDB885F

Administrator dell Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****
=========================================================================================================
log from aswmbr:
=========================================================================================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 23:41:51
-----------------------------
23:41:51.359 OS Version: Windows 5.1.2600 Service Pack 3
23:41:51.359 Number of processors: 2 586 0x407
23:41:51.359 ComputerName: DELL-369FDB885F UserName: dell
23:41:51.796 Initialize success
23:45:34.031 AVAST engine defs: 12032302
23:45:43.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:45:43.562 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:45:43.562 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS ba481f26
23:45:43.578 Disk 1 MBR read successfully
23:45:43.578 Disk 1 MBR scan
23:45:43.609 Disk 1 Windows XP default MBR code
23:45:43.609 Disk 1 MBR hidden
23:45:43.625 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
23:45:43.671 Disk 1 scanning H:\WINDOWS\system32\drivers
23:45:53.937 Service scanning
23:46:07.531 Modules scanning
23:46:11.140 Disk 1 trace - called modules:
23:46:11.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
23:46:11.140 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8a45f030]
23:46:11.734 AVAST engine scan H:\WINDOWS
23:46:23.968 AVAST engine scan H:\WINDOWS\system32
23:48:25.078 AVAST engine scan H:\WINDOWS\system32\drivers
23:48:43.546 AVAST engine scan H:\Documents and Settings\dell
23:51:27.484 AVAST engine scan H:\Documents and Settings\All Users
23:51:41.234 Scan finished successfully
23:52:36.000 Disk 1 MBR has been saved successfully to "I:\Virus stuff\MBR.dat"
23:52:36.031 The log file has been saved successfully to "I:\Virus stuff\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 AM

Posted 23 March 2012 - 07:03 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 24 March 2012 - 09:10 AM

I couldn't find out how to disable McAffee as when I double clicked on the icon in the systray, nothing happened. I tried running McAfee from programs to see how to disable it, but in the end I decided to uninstall. I shall re-install in a while.Oddly, the system thinks the C:\ drive is a removable drive and the system drive is H:\
GMER LOG
======================================================================================================================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-24 14:06:19
Windows 5.1.2600 Service Pack 3
Running: uyk8o56z.exe; Driver: H:\DOCUME~1\dell\LOCALS~1\Temp\kgwyqfob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EB8484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EB8498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9EB8488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9EB849C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text H:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB997F000, 0x1C5D38, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT H:\WINDOWS\system32\mfevtps.exe[560] @ H:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] H:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT H:\WINDOWS\system32\mfevtps.exe[560] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] H:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 AM

Posted 25 March 2012 - 12:32 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 March 2012 - 12:49 PM

TDSSkiller log
====================================================================================
18:47:12.0671 4000 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
18:47:12.0703 4000 ============================================================
18:47:12.0703 4000 Current date / time: 2012/03/25 18:47:12.0703
18:47:12.0703 4000 SystemInfo:
18:47:12.0703 4000
18:47:12.0703 4000 OS Version: 5.1.2600 ServicePack: 3.0
18:47:12.0703 4000 Product type: Workstation
18:47:12.0703 4000 ComputerName: DELL-369FDB885F
18:47:12.0703 4000 UserName: dell
18:47:12.0703 4000 Windows directory: H:\WINDOWS
18:47:12.0703 4000 System windows directory: H:\WINDOWS
18:47:12.0703 4000 Processor architecture: Intel x86
18:47:12.0703 4000 Number of processors: 2
18:47:12.0703 4000 Page size: 0x1000
18:47:12.0703 4000 Boot type: Normal boot
18:47:12.0703 4000 ============================================================
18:47:14.0265 4000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:47:14.0312 4000 Drive \Device\Harddisk5\DR10 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:47:14.0312 4000 \Device\Harddisk0\DR0:
18:47:14.0312 4000 MBR used
18:47:14.0312 4000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
18:47:14.0312 4000 \Device\Harddisk5\DR10:
18:47:14.0312 4000 MBR used
18:47:14.0312 4000 \Device\Harddisk5\DR10\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE4080
18:47:14.0328 4000 Initialize success
18:47:14.0328 4000 ============================================================
18:47:16.0859 4020 ============================================================
18:47:16.0859 4020 Scan started
18:47:16.0859 4020 Mode: Manual;
18:47:16.0859 4020 ============================================================
18:47:17.0500 4020 Abiosdsk - ok
18:47:17.0515 4020 abp480n5 - ok
18:47:17.0578 4020 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
18:47:17.0578 4020 ACPI - ok
18:47:17.0625 4020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
18:47:17.0625 4020 ACPIEC - ok
18:47:17.0640 4020 adpu160m - ok
18:47:17.0656 4020 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
18:47:17.0656 4020 aec - ok
18:47:17.0703 4020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
18:47:17.0703 4020 AFD - ok
18:47:17.0703 4020 Aha154x - ok
18:47:17.0718 4020 aic78u2 - ok
18:47:17.0718 4020 aic78xx - ok
18:47:17.0781 4020 Alerter (a9a3daa780ca6c9671a19d52456705b4) H:\WINDOWS\system32\alrsvc.dll
18:47:17.0781 4020 Alerter - ok
18:47:17.0796 4020 ALG (8c515081584a38aa007909cd02020b3d) H:\WINDOWS\System32\alg.exe
18:47:17.0796 4020 ALG - ok
18:47:17.0812 4020 AliIde - ok
18:47:17.0812 4020 amsint - ok
18:47:17.0906 4020 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:47:17.0906 4020 Apple Mobile Device - ok
18:47:17.0906 4020 AppMgmt - ok
18:47:17.0921 4020 asc - ok
18:47:17.0921 4020 asc3350p - ok
18:47:17.0937 4020 asc3550 - ok
18:47:18.0000 4020 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:47:18.0031 4020 aspnet_state - ok
18:47:18.0062 4020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:47:18.0062 4020 AsyncMac - ok
18:47:18.0078 4020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
18:47:18.0078 4020 atapi - ok
18:47:18.0093 4020 Atdisk - ok
18:47:18.0140 4020 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) H:\WINDOWS\system32\Ati2evxx.exe
18:47:18.0156 4020 Ati HotKey Poller - ok
18:47:18.0265 4020 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:47:18.0296 4020 ati2mtag - ok
18:47:18.0328 4020 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:47:18.0328 4020 Atmarpc - ok
18:47:18.0359 4020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) H:\WINDOWS\System32\audiosrv.dll
18:47:18.0359 4020 AudioSrv - ok
18:47:18.0406 4020 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
18:47:18.0406 4020 audstub - ok
18:47:18.0453 4020 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
18:47:18.0453 4020 Beep - ok
18:47:18.0484 4020 BITS (574738f61fca2935f5265dc4e5691314) H:\WINDOWS\system32\qmgr.dll
18:47:18.0515 4020 BITS - ok
18:47:18.0578 4020 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) H:\Program Files\Bonjour\mDNSResponder.exe
18:47:18.0593 4020 Bonjour Service - ok
18:47:18.0640 4020 Browser (a06ce3399d16db864f55faeb1f1927a9) H:\WINDOWS\System32\browser.dll
18:47:18.0640 4020 Browser - ok
18:47:18.0734 4020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
18:47:18.0734 4020 cbidf2k - ok
18:47:18.0890 4020 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:47:18.0890 4020 CCDECODE - ok
18:47:18.0937 4020 cd20xrnt - ok
18:47:19.0015 4020 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
18:47:19.0015 4020 Cdaudio - ok
18:47:19.0031 4020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
18:47:19.0031 4020 Cdfs - ok
18:47:19.0046 4020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
18:47:19.0046 4020 Cdrom - ok
18:47:19.0062 4020 cercsr6 (84853b3fd012251690570e9e7e43343f) H:\WINDOWS\system32\drivers\cercsr6.sys
18:47:19.0062 4020 cercsr6 - ok
18:47:19.0109 4020 cfwids (1dcb5209601a70e36c70fe8d197d62cb) H:\WINDOWS\system32\drivers\cfwids.sys
18:47:19.0109 4020 cfwids - ok
18:47:19.0109 4020 Changer - ok
18:47:19.0171 4020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) H:\WINDOWS\system32\cisvc.exe
18:47:19.0171 4020 CiSvc - ok
18:47:19.0203 4020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) H:\WINDOWS\system32\clipsrv.exe
18:47:19.0203 4020 ClipSrv - ok
18:47:19.0218 4020 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:19.0218 4020 clr_optimization_v2.0.50727_32 - ok
18:47:19.0234 4020 CmdIde - ok
18:47:19.0234 4020 COMSysApp - ok
18:47:19.0250 4020 Cpqarray - ok
18:47:19.0281 4020 CryptSvc (3d4e199942e29207970e04315d02ad3b) H:\WINDOWS\System32\cryptsvc.dll
18:47:19.0281 4020 CryptSvc - ok
18:47:19.0296 4020 dac2w2k - ok
18:47:19.0296 4020 dac960nt - ok
18:47:19.0359 4020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll
18:47:19.0359 4020 DcomLaunch - ok
18:47:19.0421 4020 Dhcp (5e38d7684a49cacfb752b046357e0589) H:\WINDOWS\System32\dhcpcsvc.dll
18:47:19.0421 4020 Dhcp - ok
18:47:19.0468 4020 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
18:47:19.0468 4020 Disk - ok
18:47:19.0468 4020 dmadmin - ok
18:47:19.0515 4020 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
18:47:19.0531 4020 dmboot - ok
18:47:19.0546 4020 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
18:47:19.0546 4020 dmio - ok
18:47:19.0578 4020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
18:47:19.0578 4020 dmload - ok
18:47:19.0609 4020 dmserver (57edec2e5f59f0335e92f35184bc8631) H:\WINDOWS\System32\dmserver.dll
18:47:19.0625 4020 dmserver - ok
18:47:19.0656 4020 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
18:47:19.0656 4020 DMusic - ok
18:47:19.0703 4020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) H:\WINDOWS\System32\dnsrslvr.dll
18:47:19.0703 4020 Dnscache - ok
18:47:19.0734 4020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) H:\WINDOWS\System32\dot3svc.dll
18:47:19.0734 4020 Dot3svc - ok
18:47:19.0750 4020 dpti2o - ok
18:47:19.0765 4020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
18:47:19.0765 4020 drmkaud - ok
18:47:19.0812 4020 E100B (ac9cf17ee2ae003c98eb4f5336c38058) H:\WINDOWS\system32\DRIVERS\e100b325.sys
18:47:19.0812 4020 E100B - ok
18:47:19.0843 4020 EapHost (2187855a7703adef0cef9ee4285182cc) H:\WINDOWS\System32\eapsvc.dll
18:47:19.0843 4020 EapHost - ok
18:47:19.0890 4020 ERSvc (bc93b4a066477954555966d77fec9ecb) H:\WINDOWS\System32\ersvc.dll
18:47:19.0890 4020 ERSvc - ok
18:47:19.0937 4020 Eventlog (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe
18:47:19.0937 4020 Eventlog - ok
18:47:19.0984 4020 EventSystem (d4991d98f2db73c60d042f1aef79efae) H:\WINDOWS\system32\es.dll
18:47:19.0984 4020 EventSystem - ok
18:47:20.0015 4020 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
18:47:20.0015 4020 Fastfat - ok
18:47:20.0078 4020 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) H:\WINDOWS\System32\shsvcs.dll
18:47:20.0078 4020 FastUserSwitchingCompatibility - ok
18:47:20.0093 4020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys
18:47:20.0093 4020 Fdc - ok
18:47:20.0109 4020 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
18:47:20.0109 4020 Fips - ok
18:47:20.0109 4020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
18:47:20.0125 4020 Flpydisk - ok
18:47:20.0156 4020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
18:47:20.0156 4020 FltMgr - ok
18:47:20.0281 4020 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:47:20.0281 4020 FontCache3.0.0.0 - ok
18:47:20.0328 4020 fssfltr (e0087225b137e57239ff40f8ae82059b) H:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:47:20.0328 4020 fssfltr - ok
18:47:20.0437 4020 fsssvc (45b52394f9624237f33a8a3d73c0b221) H:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:47:20.0453 4020 fsssvc - ok
18:47:20.0500 4020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
18:47:20.0500 4020 Fs_Rec - ok
18:47:20.0546 4020 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:47:20.0546 4020 Ftdisk - ok
18:47:20.0593 4020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:47:20.0609 4020 GEARAspiWDM - ok
18:47:20.0609 4020 GetSusp - ok
18:47:20.0671 4020 GoToAssist (8f6ae606eb0cc884ee12c41948424422) H:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
18:47:20.0671 4020 GoToAssist - ok
18:47:20.0703 4020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
18:47:20.0703 4020 Gpc - ok
18:47:20.0734 4020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:47:20.0734 4020 HDAudBus - ok
18:47:20.0796 4020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:47:20.0796 4020 helpsvc - ok
18:47:20.0796 4020 HidServ (deb04da35cc871b6d309b77e1443c796) H:\WINDOWS\System32\hidserv.dll
18:47:20.0812 4020 HidServ - ok
18:47:20.0828 4020 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
18:47:20.0828 4020 hidusb - ok
18:47:20.0875 4020 hkmsvc (8878bd685e490239777bfe51320b88e9) H:\WINDOWS\System32\kmsvc.dll
18:47:20.0875 4020 hkmsvc - ok
18:47:20.0875 4020 hpn - ok
18:47:20.0937 4020 HPZid412 (30ca91e657cede2f95359d6ef186f650) H:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:47:20.0937 4020 HPZid412 - ok
18:47:20.0937 4020 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) H:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:47:20.0937 4020 HPZipr12 - ok
18:47:20.0953 4020 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) H:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:47:20.0953 4020 HPZius12 - ok
18:47:20.0984 4020 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) H:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:47:20.0984 4020 HSFHWBS2 - ok
18:47:21.0031 4020 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) H:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:47:21.0046 4020 HSF_DP - ok
18:47:21.0093 4020 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
18:47:21.0093 4020 HTTP - ok
18:47:21.0140 4020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) H:\WINDOWS\System32\w3ssl.dll
18:47:21.0171 4020 HTTPFilter - ok
18:47:21.0171 4020 i2omgmt - ok
18:47:21.0171 4020 i2omp - ok
18:47:21.0203 4020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\drivers\i8042prt.sys
18:47:21.0203 4020 i8042prt - ok
18:47:21.0328 4020 idsvc (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:47:21.0343 4020 idsvc - ok
18:47:21.0359 4020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
18:47:21.0375 4020 Imapi - ok
18:47:21.0421 4020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) H:\WINDOWS\system32\imapi.exe
18:47:21.0421 4020 ImapiService - ok
18:47:21.0421 4020 ini910u - ok
18:47:21.0437 4020 IntelIde - ok
18:47:21.0453 4020 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys
18:47:21.0453 4020 intelppm - ok
18:47:21.0484 4020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
18:47:21.0484 4020 Ip6Fw - ok
18:47:21.0515 4020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:47:21.0515 4020 IpFilterDriver - ok
18:47:21.0546 4020 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
18:47:21.0562 4020 IpInIp - ok
18:47:21.0578 4020 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
18:47:21.0578 4020 IpNat - ok
18:47:21.0687 4020 iPod Service (33642c17c232aa272c68e446a2619899) H:\Program Files\iPod\bin\iPodService.exe
18:47:21.0703 4020 iPod Service - ok
18:47:21.0718 4020 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
18:47:21.0718 4020 IPSec - ok
18:47:21.0718 4020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
18:47:21.0734 4020 IRENUM - ok
18:47:21.0750 4020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
18:47:21.0750 4020 isapnp - ok
18:47:21.0765 4020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:47:21.0765 4020 Kbdclass - ok
18:47:21.0765 4020 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:47:21.0765 4020 kbdhid - ok
18:47:21.0796 4020 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
18:47:21.0796 4020 kmixer - ok
18:47:21.0828 4020 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
18:47:21.0828 4020 KSecDD - ok
18:47:21.0859 4020 lanmanserver (f385f4b02c535bffe1d70cab80838123) H:\WINDOWS\System32\srvsvc.dll
18:47:21.0859 4020 lanmanserver - ok
18:47:21.0875 4020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) H:\WINDOWS\System32\wkssvc.dll
18:47:21.0875 4020 lanmanworkstation - ok
18:47:21.0875 4020 lbrtfdc - ok
18:47:21.0906 4020 LmHosts (a7db739ae99a796d91580147e919cc59) H:\WINDOWS\System32\lmhsvc.dll
18:47:21.0906 4020 LmHosts - ok
18:47:21.0937 4020 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) H:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:47:21.0937 4020 MBAMSwissArmy - ok
18:47:22.0015 4020 McAfee SiteAdvisor Service - ok
18:47:22.0062 4020 McShield (16767b4cb7ae8f388e091717db34ff6c) H:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:47:22.0062 4020 McShield - ok
18:47:22.0109 4020 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) H:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:47:22.0109 4020 mdmxsdk - ok
18:47:22.0156 4020 MemeoBackgroundService (b7c1ba9b0256b66411f09d705117ae66) H:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
18:47:22.0156 4020 MemeoBackgroundService - ok
18:47:22.0187 4020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) H:\WINDOWS\System32\msgsvc.dll
18:47:22.0187 4020 Messenger - ok
18:47:22.0218 4020 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) H:\WINDOWS\system32\drivers\mfeapfk.sys
18:47:22.0218 4020 mfeapfk - ok
18:47:22.0265 4020 mfeavfk (cde41293db871a75cd99eb0ce781356b) H:\WINDOWS\system32\drivers\mfeavfk.sys
18:47:22.0265 4020 mfeavfk - ok
18:47:22.0281 4020 mfebopk (e22385f64bdf0ad81157479496e33c4a) H:\WINDOWS\system32\drivers\mfebopk.sys
18:47:22.0281 4020 mfebopk - ok
18:47:22.0328 4020 mfefire (3f17534b8867854113df2b45fff3acf5) H:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:47:22.0328 4020 mfefire - ok
18:47:22.0359 4020 mfefirek (215666a8a85023ef019b510cbb67f678) H:\WINDOWS\system32\drivers\mfefirek.sys
18:47:22.0359 4020 mfefirek - ok
18:47:22.0390 4020 mfehidk (56d330981866a72f061dd16cc5004513) H:\WINDOWS\system32\drivers\mfehidk.sys
18:47:22.0406 4020 mfehidk - ok
18:47:22.0421 4020 mfendisk (62acda4e958e2a392557ba3c6c754a58) H:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:47:22.0421 4020 mfendisk - ok
18:47:22.0421 4020 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) H:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:47:22.0421 4020 mfendiskmp - ok
18:47:22.0437 4020 mferkdet (89b564d63c53fc0c6782ab07eea63acf) H:\WINDOWS\system32\drivers\mferkdet.sys
18:47:22.0437 4020 mferkdet - ok
18:47:22.0453 4020 mfetdi2k (922e64ca38e38106498fb3435a8e399d) H:\WINDOWS\system32\drivers\mfetdi2k.sys
18:47:22.0453 4020 mfetdi2k - ok
18:47:22.0484 4020 mfevtp (ad52269897626d614b31e153f5c5d65c) H:\WINDOWS\system32\mfevtps.exe
18:47:22.0484 4020 mfevtp - ok
18:47:22.0531 4020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
18:47:22.0531 4020 mnmdd - ok
18:47:22.0578 4020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) H:\WINDOWS\system32\mnmsrvc.exe
18:47:22.0578 4020 mnmsrvc - ok
18:47:22.0625 4020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
18:47:22.0625 4020 Modem - ok
18:47:22.0656 4020 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) H:\WINDOWS\system32\drivers\MODEMCSA.sys
18:47:22.0656 4020 MODEMCSA - ok
18:47:22.0687 4020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
18:47:22.0687 4020 Mouclass - ok
18:47:22.0718 4020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys
18:47:22.0718 4020 mouhid - ok
18:47:22.0750 4020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
18:47:22.0750 4020 MountMgr - ok
18:47:22.0750 4020 mraid35x - ok
18:47:22.0765 4020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:47:22.0765 4020 MRxDAV - ok
18:47:22.0796 4020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:47:22.0812 4020 MRxSmb - ok
18:47:22.0843 4020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) H:\WINDOWS\system32\msdtc.exe
18:47:22.0843 4020 MSDTC - ok
18:47:22.0859 4020 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
18:47:22.0859 4020 Msfs - ok
18:47:22.0875 4020 MSIServer - ok
18:47:22.0968 4020 MSK80Service - ok
18:47:22.0984 4020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
18:47:22.0984 4020 MSKSSRV - ok
18:47:23.0046 4020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:47:23.0046 4020 MSPCLOCK - ok
18:47:23.0046 4020 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
18:47:23.0046 4020 MSPQM - ok
18:47:23.0078 4020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:47:23.0078 4020 mssmbios - ok
18:47:23.0109 4020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
18:47:23.0109 4020 MSTEE - ok
18:47:23.0125 4020 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
18:47:23.0125 4020 Mup - ok
18:47:23.0140 4020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:47:23.0140 4020 NABTSFEC - ok
18:47:23.0187 4020 napagent (0102140028fad045756796e1c685d695) H:\WINDOWS\System32\qagentrt.dll
18:47:23.0187 4020 napagent - ok
18:47:23.0203 4020 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
18:47:23.0203 4020 NDIS - ok
18:47:23.0250 4020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:47:23.0250 4020 NdisIP - ok
18:47:23.0296 4020 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:47:23.0296 4020 NdisTapi - ok
18:47:23.0312 4020 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:47:23.0312 4020 Ndisuio - ok
18:47:23.0328 4020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:47:23.0328 4020 NdisWan - ok
18:47:23.0343 4020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
18:47:23.0343 4020 NDProxy - ok
18:47:23.0343 4020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
18:47:23.0359 4020 NetBIOS - ok
18:47:23.0375 4020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
18:47:23.0375 4020 NetBT - ok
18:47:23.0421 4020 NetDDE (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe
18:47:23.0421 4020 NetDDE - ok
18:47:23.0437 4020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe
18:47:23.0437 4020 NetDDEdsdm - ok
18:47:23.0453 4020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
18:47:23.0453 4020 Netlogon - ok
18:47:23.0500 4020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) H:\WINDOWS\System32\netman.dll
18:47:23.0500 4020 Netman - ok
18:47:23.0578 4020 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:23.0593 4020 NetTcpPortSharing - ok
18:47:23.0656 4020 Nla (943337d786a56729263071623bbb9de5) H:\WINDOWS\System32\mswsock.dll
18:47:23.0656 4020 Nla - ok
18:47:23.0671 4020 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
18:47:23.0671 4020 Npfs - ok
18:47:23.0703 4020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
18:47:23.0703 4020 Ntfs - ok
18:47:23.0718 4020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
18:47:23.0718 4020 NtLmSsp - ok
18:47:23.0781 4020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) H:\WINDOWS\system32\ntmssvc.dll
18:47:23.0796 4020 NtmsSvc - ok
18:47:23.0843 4020 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
18:47:23.0843 4020 Null - ok
18:47:23.0890 4020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:47:23.0890 4020 NwlnkFlt - ok
18:47:23.0890 4020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:47:23.0890 4020 NwlnkFwd - ok
18:47:24.0062 4020 odserv (785f487a64950f3cb8e9f16253ba3b7b) H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:47:24.0062 4020 odserv - ok
18:47:24.0093 4020 ose (5a432a042dae460abe7199b758e8606c) H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:24.0093 4020 ose - ok
18:47:24.0140 4020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\drivers\Parport.sys
18:47:24.0140 4020 Parport - ok
18:47:24.0187 4020 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
18:47:24.0187 4020 PartMgr - ok
18:47:24.0218 4020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
18:47:24.0218 4020 ParVdm - ok
18:47:24.0218 4020 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
18:47:24.0218 4020 PCI - ok
18:47:24.0234 4020 PCIDump - ok
18:47:24.0250 4020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
18:47:24.0250 4020 PCIIde - ok
18:47:24.0281 4020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
18:47:24.0281 4020 Pcmcia - ok
18:47:24.0281 4020 PDCOMP - ok
18:47:24.0296 4020 PDFRAME - ok
18:47:24.0296 4020 PDRELI - ok
18:47:24.0312 4020 PDRFRAME - ok
18:47:24.0312 4020 perc2 - ok
18:47:24.0328 4020 perc2hib - ok
18:47:24.0375 4020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe
18:47:24.0375 4020 PlugPlay - ok
18:47:24.0421 4020 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) H:\WINDOWS\system32\HPZipm12.exe
18:47:24.0421 4020 Pml Driver HPZ12 - ok
18:47:24.0453 4020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
18:47:24.0453 4020 PolicyAgent - ok
18:47:24.0484 4020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
18:47:24.0484 4020 PptpMiniport - ok
18:47:24.0484 4020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
18:47:24.0484 4020 ProtectedStorage - ok
18:47:24.0500 4020 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
18:47:24.0500 4020 PSched - ok
18:47:24.0515 4020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
18:47:24.0531 4020 Ptilink - ok
18:47:24.0531 4020 ql1080 - ok
18:47:24.0546 4020 Ql10wnt - ok
18:47:24.0546 4020 ql12160 - ok
18:47:24.0562 4020 ql1240 - ok
18:47:24.0562 4020 ql1280 - ok
18:47:24.0593 4020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
18:47:24.0593 4020 RasAcd - ok
18:47:24.0625 4020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) H:\WINDOWS\System32\rasauto.dll
18:47:24.0640 4020 RasAuto - ok
18:47:24.0656 4020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:47:24.0656 4020 Rasl2tp - ok
18:47:24.0718 4020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) H:\WINDOWS\System32\rasmans.dll
18:47:24.0718 4020 RasMan - ok
18:47:24.0718 4020 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:47:24.0734 4020 RasPppoe - ok
18:47:24.0734 4020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
18:47:24.0734 4020 Raspti - ok
18:47:24.0750 4020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
18:47:24.0765 4020 Rdbss - ok
18:47:24.0781 4020 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:47:24.0781 4020 RDPCDD - ok
18:47:24.0828 4020 RDPWD (5b3055daa788bd688594d2f5981f2a83) H:\WINDOWS\system32\drivers\RDPWD.sys
18:47:24.0843 4020 RDPWD - ok
18:47:24.0890 4020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) H:\WINDOWS\system32\sessmgr.exe
18:47:24.0890 4020 RDSessMgr - ok
18:47:24.0906 4020 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
18:47:24.0906 4020 redbook - ok
18:47:24.0953 4020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) H:\WINDOWS\System32\mprdim.dll
18:47:24.0953 4020 RemoteAccess - ok
18:47:24.0968 4020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) H:\WINDOWS\system32\locator.exe
18:47:24.0968 4020 RpcLocator - ok
18:47:25.0015 4020 RpcSs (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll
18:47:25.0015 4020 RpcSs - ok
18:47:25.0046 4020 RSVP (471b3f9741d762abe75e9deea4787e47) H:\WINDOWS\system32\rsvp.exe
18:47:25.0046 4020 RSVP - ok
18:47:25.0078 4020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe
18:47:25.0078 4020 SamSs - ok
18:47:25.0093 4020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) H:\WINDOWS\System32\SCardSvr.exe
18:47:25.0093 4020 SCardSvr - ok
18:47:25.0140 4020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) H:\WINDOWS\system32\schedsvc.dll
18:47:25.0140 4020 Schedule - ok
18:47:25.0281 4020 SeaPort (d358e077a0a05d9b12da22d137ee8464) H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:47:25.0281 4020 SeaPort - ok
18:47:25.0312 4020 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
18:47:25.0312 4020 Secdrv - ok
18:47:25.0328 4020 seclogon (cbe612e2bb6a10e3563336191eda1250) H:\WINDOWS\System32\seclogon.dll
18:47:25.0343 4020 seclogon - ok
18:47:25.0343 4020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) H:\WINDOWS\system32\sens.dll
18:47:25.0343 4020 SENS - ok
18:47:25.0375 4020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys
18:47:25.0375 4020 Serial - ok
18:47:25.0437 4020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
18:47:25.0437 4020 Sfloppy - ok
18:47:25.0468 4020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) H:\WINDOWS\System32\ipnathlp.dll
18:47:25.0468 4020 SharedAccess - ok
18:47:25.0484 4020 ShellHWDetection (1926899bf9ffe2602b63074971700412) H:\WINDOWS\System32\shsvcs.dll
18:47:25.0484 4020 ShellHWDetection - ok
18:47:25.0500 4020 Simbad - ok
18:47:25.0515 4020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
18:47:25.0515 4020 SLIP - ok
18:47:25.0515 4020 Sparrow - ok
18:47:25.0546 4020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
18:47:25.0546 4020 splitter - ok
18:47:25.0562 4020 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) H:\WINDOWS\system32\spoolsv.exe
18:47:25.0562 4020 Spooler - ok
18:47:25.0609 4020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
18:47:25.0609 4020 sr - ok
18:47:25.0640 4020 srservice (3805df0ac4296a34ba4bf93b346cc378) H:\WINDOWS\system32\srsvc.dll
18:47:25.0640 4020 srservice - ok
18:47:25.0671 4020 Srv (89220b427890aa1dffd1a02648ae51c3) H:\WINDOWS\system32\DRIVERS\srv.sys
18:47:25.0671 4020 Srv - ok
18:47:25.0703 4020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) H:\WINDOWS\System32\ssdpsrv.dll
18:47:25.0703 4020 SSDPSRV - ok
18:47:25.0734 4020 STacSV (f70ab08582e06a8bda3e470592d1a394) H:\WINDOWS\system32\STacSV.exe
18:47:25.0734 4020 STacSV - ok
18:47:25.0781 4020 STHDA (797fcc1d859b203958e915bb82528da9) H:\WINDOWS\system32\drivers\sthda.sys
18:47:25.0796 4020 STHDA - ok
18:47:25.0828 4020 stisvc (8bad69cbac032d4bbacfce0306174c30) H:\WINDOWS\system32\wiaservc.dll
18:47:25.0828 4020 stisvc - ok
18:47:25.0859 4020 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:47:25.0859 4020 streamip - ok
18:47:25.0906 4020 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
18:47:25.0906 4020 swenum - ok
18:47:25.0921 4020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
18:47:25.0921 4020 swmidi - ok
18:47:25.0921 4020 SwPrv - ok
18:47:25.0937 4020 symc810 - ok
18:47:25.0953 4020 symc8xx - ok
18:47:25.0953 4020 sym_hi - ok
18:47:25.0968 4020 sym_u3 - ok
18:47:25.0984 4020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
18:47:25.0984 4020 sysaudio - ok
18:47:26.0015 4020 SysmonLog (c7abbc59b43274b1109df6b24d617051) H:\WINDOWS\system32\smlogsvc.exe
18:47:26.0015 4020 SysmonLog - ok
18:47:26.0031 4020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) H:\WINDOWS\System32\tapisrv.dll
18:47:26.0031 4020 TapiSrv - ok
18:47:26.0093 4020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
18:47:26.0093 4020 Tcpip - ok
18:47:26.0140 4020 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
18:47:26.0140 4020 TDPIPE - ok
18:47:26.0171 4020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
18:47:26.0171 4020 TDTCP - ok
18:47:26.0203 4020 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
18:47:26.0203 4020 TermDD - ok
18:47:26.0265 4020 TermService (ff3477c03be7201c294c35f684b3479f) H:\WINDOWS\System32\termsrv.dll
18:47:26.0265 4020 TermService - ok
18:47:26.0281 4020 Themes (1926899bf9ffe2602b63074971700412) H:\WINDOWS\System32\shsvcs.dll
18:47:26.0281 4020 Themes - ok
18:47:26.0281 4020 TosIde - ok
18:47:26.0343 4020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) H:\WINDOWS\system32\trkwks.dll
18:47:26.0343 4020 TrkWks - ok
18:47:26.0375 4020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
18:47:26.0375 4020 Udfs - ok
18:47:26.0375 4020 ultra - ok
18:47:26.0406 4020 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
18:47:26.0406 4020 Update - ok
18:47:26.0421 4020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) H:\WINDOWS\System32\upnphost.dll
18:47:26.0437 4020 upnphost - ok
18:47:26.0453 4020 UPS (05365fb38fca1e98f7a566aaaf5d1815) H:\WINDOWS\System32\ups.exe
18:47:26.0453 4020 UPS - ok
18:47:26.0515 4020 USBAAPL (83cafcb53201bbac04d822f32438e244) H:\WINDOWS\system32\Drivers\usbaapl.sys
18:47:26.0515 4020 USBAAPL - ok
18:47:26.0546 4020 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
18:47:26.0546 4020 usbaudio - ok
18:47:26.0578 4020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:47:26.0578 4020 usbccgp - ok
18:47:26.0625 4020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
18:47:26.0625 4020 usbehci - ok
18:47:26.0640 4020 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
18:47:26.0640 4020 usbhub - ok
18:47:26.0671 4020 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
18:47:26.0671 4020 usbprint - ok
18:47:26.0718 4020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
18:47:26.0718 4020 usbscan - ok
18:47:26.0718 4020 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:47:26.0718 4020 usbstor - ok
18:47:26.0750 4020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:47:26.0750 4020 usbuhci - ok
18:47:26.0781 4020 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) H:\WINDOWS\system32\Drivers\usbvideo.sys
18:47:26.0781 4020 usbvideo - ok
18:47:26.0812 4020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
18:47:26.0812 4020 VgaSave - ok
18:47:26.0812 4020 ViaIde - ok
18:47:26.0843 4020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
18:47:26.0843 4020 VolSnap - ok
18:47:26.0890 4020 VSS (7a9db3a67c333bf0bd42e42b8596854b) H:\WINDOWS\System32\vssvc.exe
18:47:26.0906 4020 VSS - ok
18:47:26.0921 4020 W32Time (54af4b1d5459500ef0937f6d33b1914f) H:\WINDOWS\system32\w32time.dll
18:47:26.0937 4020 W32Time - ok
18:47:26.0953 4020 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
18:47:26.0953 4020 Wanarp - ok
18:47:26.0968 4020 WDICA - ok
18:47:27.0000 4020 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
18:47:27.0000 4020 wdmaud - ok
18:47:27.0062 4020 WebClient (77a354e28153ad2d5e120a5a8687bc06) H:\WINDOWS\System32\webclnt.dll
18:47:27.0062 4020 WebClient - ok
18:47:27.0109 4020 winachsf (f59ed5a43b988a18ef582bb07b2327a7) H:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:47:27.0125 4020 winachsf - ok
18:47:27.0187 4020 winmgmt (2d0e4ed081963804ccc196a0929275b5) H:\WINDOWS\system32\wbem\WMIsvc.dll
18:47:27.0187 4020 winmgmt - ok
18:47:27.0234 4020 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) H:\WINDOWS\system32\mspmsnsv.dll
18:47:27.0250 4020 WmdmPmSN - ok
18:47:27.0281 4020 WmiApSrv (e0673f1106e62a68d2257e376079f821) H:\WINDOWS\system32\wbem\wmiapsrv.exe
18:47:27.0296 4020 WmiApSrv - ok
18:47:27.0328 4020 wscsvc (7c278e6408d1dce642230c0585a854d5) H:\WINDOWS\system32\wscsvc.dll
18:47:27.0343 4020 wscsvc - ok
18:47:27.0390 4020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:47:27.0390 4020 WSTCODEC - ok
18:47:27.0390 4020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) H:\WINDOWS\system32\wuauserv.dll
18:47:27.0406 4020 wuauserv - ok
18:47:27.0453 4020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) H:\WINDOWS\System32\wzcsvc.dll
18:47:27.0468 4020 WZCSVC - ok
18:47:27.0484 4020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) H:\WINDOWS\System32\xmlprov.dll
18:47:27.0484 4020 xmlprov - ok
18:47:27.0515 4020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:47:27.0687 4020 \Device\Harddisk0\DR0 - ok
18:47:27.0703 4020 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR10
18:47:28.0265 4020 \Device\Harddisk5\DR10 - ok
18:47:28.0265 4020 Boot (0x1200) (588b7c6c91b3f09fc11a492b79ae6e4c) \Device\Harddisk0\DR0\Partition0
18:47:28.0265 4020 \Device\Harddisk0\DR0\Partition0 - ok
18:47:28.0265 4020 Boot (0x1200) (b8c040fba40e4e542ccc07d192cc9357) \Device\Harddisk5\DR10\Partition0
18:47:28.0265 4020 \Device\Harddisk5\DR10\Partition0 - ok
18:47:28.0265 4020 ============================================================
18:47:28.0265 4020 Scan finished
18:47:28.0265 4020 ============================================================
18:47:28.0281 4012 Detected object count: 0
18:47:28.0281 4012 Actual detected object count: 0

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 AM

Posted 25 March 2012 - 12:59 PM

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 March 2012 - 01:26 PM

Bootkit log
==================================================================
Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\H:
\\.\H: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:10 AM

Posted 25 March 2012 - 01:28 PM

GMER log indicates some issues but to deal with it more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 March 2012 - 02:50 PM

I have completed the steps as requested and posted a new topic here: http://www.bleepingcomputer.com/forums/topic447582.html

Many thanks for your time and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users