Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit...uggg...I'm tapping out


  • Please log in to reply
20 replies to this topic

#1 SWWeatherGuy

SWWeatherGuy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 March 2012 - 07:52 PM

That's what I get for thinking I could help. I've been trying to help clean a neighbor's laptop thinking I might be able to help out but this is kicking my butt. It started with a Fake AV (sorry, I forget the exact name.) When I got the laptop, it had no anti-virus program that I could detect and looked like someone had already tried running a few utilities. I've tried various things and it is responding much better at this point but I'm still getting threats detected with most any type of scan, usually they're described as a Trojan and/or Rootkit. I could not access the internet before but can now. I had no keyboard or touch pad when I first started trying to clean it up, but do now. Windows updates will not run but malware utilities seem to be able to update as well as Java/Adobe/etc.

It is a Compaq Presario CQ60-215XD running Windows Vista Home 32-bit.
Some of what I've tried is:
- safe mode boot to get some utilities to install, such as: MalwareBytes, SuperAntiSpyware, AVG Free

- full MalwareBytes scan/clean. The following were detected
++ Trojan.Wimpixo
++ Trojan.Dropper
++ Trojan.FakeAlert
++ Spyware.Password
++ Trojan.Agent
++ Backdoor.Bot
++ 20 PUP (various)
++ Backdoor.IRCBot
++ Hijack.StartMenuInternet

- I uninstalled something called: Uninstalled Anti-Phishing Domain Advisor

- I ran a full SuperAntiSpyware scan/clean. The following were detected
++ Trojan.Agent/Gen-InstallCore
++ Trojan.Agent/Gen-Solimba
++ Trojan.Agent/Gen-FakeAS

- I ran a full TDSSKiller. The following were detected
++ Virus.Win32.ZAccess.k
++ Backdoor.Multi.ZAccess.gen

- About this time I was able to get internet access and Windows running more normally. I was able to update these utilities but am now continually seeing threats detected.

- For example, MalwareBytes now is finding
++ Rootkit.0Access.H
++ Rootkit.0Access

- AVG Free's active protection will typically pop-up with Trojan-type treats when another malware utility is scanning and will also detect when running it's own scan.

They all seem to indicate they're "fixing" the problem(s) but obviously not. I'm not sure what was tried before I took a stab at it, but I need some help from someone a lot smarter than me. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 24 March 2012 - 08:06 PM

You're infected with latest variant of zero access rootkit.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 March 2012 - 08:22 PM

Thank you for such fast response! Here is the TDSSKiller scan log:

19:16:56.0091 1720 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:16:56.0715 1720 ============================================================
19:16:56.0715 1720 Current date / time: 2012/03/24 19:16:56.0715
19:16:56.0715 1720 SystemInfo:
19:16:56.0715 1720
19:16:56.0715 1720 OS Version: 6.0.6002 ServicePack: 2.0
19:16:56.0715 1720 Product type: Workstation
19:16:56.0715 1720 ComputerName: CPQ-CQ60215DXLT
19:16:56.0715 1720 UserName: Louis Montoya
19:16:56.0715 1720 Windows directory: C:\Windows
19:16:56.0715 1720 System windows directory: C:\Windows
19:16:56.0715 1720 Processor architecture: Intel x86
19:16:56.0715 1720 Number of processors: 2
19:16:56.0715 1720 Page size: 0x1000
19:16:56.0715 1720 Boot type: Normal boot
19:16:56.0715 1720 ============================================================
19:16:58.0181 1720 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:16:58.0181 1720 Drive \Device\Harddisk1\DR1 - Size: 0x1EBF00000 (7.69 Gb), SectorSize: 0x200, Cylinders: 0x3EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:16:58.0181 1720 \Device\Harddisk0\DR0:
19:16:58.0181 1720 MBR used
19:16:58.0181 1720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BC02800
19:16:58.0181 1720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC03000, BlocksNum 0x15C1000
19:16:58.0181 1720 \Device\Harddisk1\DR1:
19:16:58.0181 1720 MBR used
19:16:58.0181 1720 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xF5F7E0
19:16:58.0275 1720 Initialize success
19:16:58.0275 1720 ============================================================
19:17:35.0387 2352 ============================================================
19:17:35.0387 2352 Scan started
19:17:35.0387 2352 Mode: Manual; TDLFS;
19:17:35.0387 2352 ============================================================
19:17:36.0261 2352 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:17:36.0261 2352 !SASCORE - ok
19:17:36.0386 2352 5689 - ok
19:17:36.0448 2352 78481032 - ok
19:17:36.0510 2352 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:17:36.0526 2352 ACPI - ok
19:17:36.0666 2352 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:17:36.0666 2352 AdobeARMservice - ok
19:17:36.0776 2352 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:17:36.0776 2352 adp94xx - ok
19:17:36.0807 2352 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:17:36.0822 2352 adpahci - ok
19:17:36.0916 2352 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:17:36.0916 2352 adpu160m - ok
19:17:36.0947 2352 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:17:36.0947 2352 adpu320 - ok
19:17:37.0072 2352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:17:37.0072 2352 AeLookupSvc - ok
19:17:37.0134 2352 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:17:37.0134 2352 AFD - ok
19:17:37.0244 2352 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:17:37.0244 2352 agp440 - ok
19:17:37.0275 2352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:17:37.0275 2352 aic78xx - ok
19:17:37.0353 2352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:17:37.0353 2352 ALG - ok
19:17:37.0400 2352 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
19:17:37.0400 2352 aliide - ok
19:17:37.0478 2352 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:17:37.0478 2352 amdagp - ok
19:17:37.0524 2352 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
19:17:37.0524 2352 amdide - ok
19:17:37.0571 2352 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:17:37.0571 2352 AmdK7 - ok
19:17:37.0634 2352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:17:37.0634 2352 AmdK8 - ok
19:17:37.0680 2352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:17:37.0696 2352 Appinfo - ok
19:17:37.0790 2352 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:17:37.0790 2352 arc - ok
19:17:37.0836 2352 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:17:37.0852 2352 arcsas - ok
19:17:37.0883 2352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:37.0883 2352 AsyncMac - ok
19:17:37.0977 2352 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:17:37.0977 2352 atapi - ok
19:17:38.0055 2352 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
19:17:38.0070 2352 athr - ok
19:17:38.0180 2352 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:17:38.0180 2352 AudioEndpointBuilder - ok
19:17:38.0195 2352 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:17:38.0195 2352 Audiosrv - ok
19:17:38.0398 2352 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:17:38.0523 2352 AVGIDSAgent - ok
19:17:38.0632 2352 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:17:38.0632 2352 AVGIDSDriver - ok
19:17:38.0663 2352 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:17:38.0679 2352 AVGIDSEH - ok
19:17:38.0772 2352 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:17:38.0772 2352 AVGIDSFilter - ok
19:17:38.0819 2352 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:17:38.0819 2352 AVGIDSShim - ok
19:17:38.0882 2352 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:17:38.0882 2352 Avgldx86 - ok
19:17:38.0991 2352 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:17:38.0991 2352 Avgmfx86 - ok
19:17:39.0022 2352 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:17:39.0022 2352 Avgrkx86 - ok
19:17:39.0131 2352 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:17:39.0147 2352 Avgtdix - ok
19:17:39.0225 2352 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:17:39.0240 2352 avgwd - ok
19:17:39.0350 2352 bdftdif - ok
19:17:39.0396 2352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:17:39.0396 2352 Beep - ok
19:17:39.0568 2352 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:17:39.0584 2352 BITS - ok
19:17:39.0693 2352 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:17:39.0693 2352 blbdrive - ok
19:17:39.0740 2352 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:17:39.0740 2352 bowser - ok
19:17:39.0771 2352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:17:39.0771 2352 BrFiltLo - ok
19:17:39.0802 2352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:17:39.0818 2352 BrFiltUp - ok
19:17:39.0896 2352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:17:39.0896 2352 Browser - ok
19:17:39.0942 2352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:17:39.0958 2352 Brserid - ok
19:17:40.0020 2352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:17:40.0020 2352 BrSerWdm - ok
19:17:40.0052 2352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:17:40.0067 2352 BrUsbMdm - ok
19:17:40.0130 2352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:17:40.0130 2352 BrUsbSer - ok
19:17:40.0161 2352 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:17:40.0176 2352 BTHMODEM - ok
19:17:40.0208 2352 catchme - ok
19:17:40.0301 2352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:17:40.0301 2352 cdfs - ok
19:17:40.0379 2352 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:17:40.0379 2352 cdrom - ok
19:17:40.0426 2352 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:17:40.0426 2352 CertPropSvc - ok
19:17:40.0520 2352 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:17:40.0520 2352 circlass - ok
19:17:40.0551 2352 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:17:40.0551 2352 CLFS - ok
19:17:40.0644 2352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:40.0644 2352 clr_optimization_v2.0.50727_32 - ok
19:17:40.0707 2352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:40.0707 2352 clr_optimization_v4.0.30319_32 - ok
19:17:40.0816 2352 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:40.0816 2352 CmBatt - ok
19:17:40.0832 2352 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
19:17:40.0847 2352 cmdide - ok
19:17:40.0910 2352 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
19:17:40.0925 2352 CnxtHdAudService - ok
19:17:41.0003 2352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:17:41.0019 2352 Compbatt - ok
19:17:41.0019 2352 COMSysApp - ok
19:17:41.0050 2352 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:17:41.0050 2352 crcdisk - ok
19:17:41.0081 2352 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:17:41.0081 2352 Crusoe - ok
19:17:41.0175 2352 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:17:41.0175 2352 CryptSvc - ok
19:17:41.0237 2352 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:17:41.0253 2352 DcomLaunch - ok
19:17:41.0331 2352 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:17:41.0346 2352 DfsC - ok
19:17:41.0440 2352 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:17:41.0471 2352 DFSR - ok
19:17:41.0596 2352 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:17:41.0596 2352 Dhcp - ok
19:17:41.0658 2352 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:17:41.0658 2352 disk - ok
19:17:41.0752 2352 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:17:41.0768 2352 Dnscache - ok
19:17:41.0799 2352 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:17:41.0799 2352 dot3svc - ok
19:17:41.0924 2352 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:17:41.0924 2352 Dot4 - ok
19:17:41.0986 2352 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:17:41.0986 2352 Dot4Print - ok
19:17:42.0080 2352 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:17:42.0080 2352 dot4usb - ok
19:17:42.0142 2352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:17:42.0142 2352 DPS - ok
19:17:42.0251 2352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:17:42.0251 2352 drmkaud - ok
19:17:42.0298 2352 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:17:42.0314 2352 DXGKrnl - ok
19:17:42.0407 2352 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:17:42.0407 2352 E1G60 - ok
19:17:42.0454 2352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:17:42.0454 2352 EapHost - ok
19:17:42.0579 2352 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:17:42.0579 2352 Ecache - ok
19:17:42.0657 2352 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:17:42.0657 2352 ehRecvr - ok
19:17:42.0704 2352 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:17:42.0719 2352 ehSched - ok
19:17:42.0735 2352 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:17:42.0735 2352 ehstart - ok
19:17:42.0828 2352 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:17:42.0828 2352 elxstor - ok
19:17:42.0891 2352 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:17:42.0906 2352 EMDMgmt - ok
19:17:42.0984 2352 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:17:42.0984 2352 ErrDev - ok
19:17:43.0062 2352 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:17:43.0062 2352 EventSystem - ok
19:17:43.0140 2352 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:17:43.0140 2352 exfat - ok
19:17:43.0218 2352 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:17:43.0218 2352 fastfat - ok
19:17:43.0265 2352 FastUserSwitchingCompatibility - ok
19:17:43.0296 2352 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:17:43.0296 2352 fdc - ok
19:17:43.0359 2352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:17:43.0359 2352 fdPHost - ok
19:17:43.0390 2352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:17:43.0390 2352 FDResPub - ok
19:17:43.0437 2352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:17:43.0452 2352 FileInfo - ok
19:17:43.0515 2352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:17:43.0515 2352 Filetrace - ok
19:17:43.0546 2352 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:43.0546 2352 flpydisk - ok
19:17:43.0593 2352 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:17:43.0593 2352 FltMgr - ok
19:17:43.0718 2352 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:17:43.0733 2352 FontCache - ok
19:17:43.0874 2352 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:17:43.0874 2352 FontCache3.0.0.0 - ok
19:17:43.0952 2352 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:17:43.0952 2352 Fs_Rec - ok
19:17:43.0998 2352 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:17:43.0998 2352 gagp30kx - ok
19:17:44.0061 2352 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:17:44.0061 2352 gpsvc - ok
19:17:44.0154 2352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:44.0154 2352 gupdate - ok
19:17:44.0170 2352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:44.0170 2352 gupdatem - ok
19:17:44.0201 2352 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:17:44.0201 2352 gusvc - ok
19:17:44.0295 2352 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:17:44.0310 2352 HdAudAddService - ok
19:17:44.0342 2352 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:17:44.0357 2352 HDAudBus - ok
19:17:44.0451 2352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:17:44.0451 2352 HidBth - ok
19:17:44.0466 2352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:17:44.0482 2352 HidIr - ok
19:17:44.0560 2352 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:17:44.0560 2352 hidserv - ok
19:17:44.0607 2352 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:17:44.0607 2352 HidUsb - ok
19:17:44.0685 2352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:17:44.0700 2352 hkmsvc - ok
19:17:44.0825 2352 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:17:44.0825 2352 HP Health Check Service - ok
19:17:44.0934 2352 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:17:44.0934 2352 HpCISSs - ok
19:17:45.0153 2352 hpqcxs08 (b14328cfeeb6b736be44c2c9db3b162c) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:17:45.0168 2352 hpqcxs08 - ok
19:17:45.0293 2352 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:17:45.0293 2352 HpqKbFiltr - ok
19:17:45.0449 2352 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:17:45.0465 2352 hpqwmiex - ok
19:17:45.0590 2352 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:17:45.0605 2352 HSF_DPV - ok
19:17:45.0699 2352 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:17:45.0714 2352 HSXHWAZL - ok
19:17:45.0761 2352 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:17:45.0777 2352 HTTP - ok
19:17:45.0870 2352 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:17:45.0870 2352 i2omp - ok
19:17:45.0917 2352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:17:45.0933 2352 i8042prt - ok
19:17:46.0042 2352 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:17:46.0042 2352 iaStorV - ok
19:17:46.0151 2352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:17:46.0151 2352 IDriverT - ok
19:17:46.0307 2352 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:17:46.0338 2352 idsvc - ok
19:17:46.0463 2352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:17:46.0463 2352 iirsp - ok
19:17:46.0526 2352 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:17:46.0541 2352 IKEEXT - ok
19:17:46.0650 2352 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
19:17:46.0650 2352 intelide - ok
19:17:46.0682 2352 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:17:46.0697 2352 intelppm - ok
19:17:46.0728 2352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:17:46.0744 2352 IPBusEnum - ok
19:17:46.0822 2352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:46.0838 2352 IpFilterDriver - ok
19:17:46.0884 2352 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:17:46.0884 2352 iphlpsvc - ok
19:17:46.0900 2352 IpInIp - ok
19:17:47.0025 2352 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:17:47.0025 2352 IPMIDRV - ok
19:17:47.0056 2352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:17:47.0072 2352 IPNAT - ok
19:17:47.0150 2352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:17:47.0150 2352 IRENUM - ok
19:17:47.0181 2352 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:17:47.0181 2352 isapnp - ok
19:17:47.0228 2352 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:17:47.0243 2352 iScsiPrt - ok
19:17:47.0337 2352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:17:47.0337 2352 iteatapi - ok
19:17:47.0352 2352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:17:47.0352 2352 iteraid - ok
19:17:47.0384 2352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:47.0384 2352 kbdclass - ok
19:17:47.0493 2352 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:47.0508 2352 kbdhid - ok
19:17:47.0540 2352 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:17:47.0555 2352 KeyIso - ok
19:17:47.0664 2352 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:17:47.0664 2352 KSecDD - ok
19:17:47.0774 2352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:17:47.0774 2352 KtmRm - ok
19:17:47.0805 2352 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:17:47.0820 2352 LanmanServer - ok
19:17:47.0930 2352 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:17:47.0930 2352 LanmanWorkstation - ok
19:17:47.0976 2352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:47.0992 2352 lltdio - ok
19:17:48.0070 2352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:17:48.0070 2352 lltdsvc - ok
19:17:48.0101 2352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:17:48.0101 2352 lmhosts - ok
19:17:48.0148 2352 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:17:48.0164 2352 LSI_FC - ok
19:17:48.0210 2352 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:17:48.0210 2352 LSI_SAS - ok
19:17:48.0273 2352 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:17:48.0288 2352 LSI_SCSI - ok
19:17:48.0351 2352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:17:48.0351 2352 luafv - ok
19:17:48.0382 2352 Machnm32 - ok
19:17:48.0429 2352 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:17:48.0444 2352 Mcx2Svc - ok
19:17:48.0538 2352 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:17:48.0538 2352 mdmxsdk - ok
19:17:48.0600 2352 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:17:48.0600 2352 megasas - ok
19:17:48.0694 2352 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:17:48.0694 2352 MegaSR - ok
19:17:48.0741 2352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:17:48.0756 2352 MMCSS - ok
19:17:48.0850 2352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:17:48.0850 2352 Modem - ok
19:17:48.0897 2352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:17:48.0897 2352 monitor - ok
19:17:48.0975 2352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:17:48.0975 2352 mouclass - ok
19:17:49.0037 2352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:49.0037 2352 mouhid - ok
19:17:49.0131 2352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:17:49.0131 2352 MountMgr - ok
19:17:49.0209 2352 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:17:49.0209 2352 mpio - ok
19:17:49.0287 2352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:17:49.0302 2352 mpsdrv - ok
19:17:49.0349 2352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:17:49.0349 2352 Mraid35x - ok
19:17:49.0443 2352 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:17:49.0443 2352 MRxDAV - ok
19:17:49.0490 2352 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:49.0505 2352 mrxsmb - ok
19:17:49.0583 2352 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:49.0583 2352 mrxsmb10 - ok
19:17:49.0646 2352 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:49.0661 2352 mrxsmb20 - ok
19:17:49.0755 2352 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
19:17:49.0755 2352 msahci - ok
19:17:49.0802 2352 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:17:49.0802 2352 msdsm - ok
19:17:49.0864 2352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:17:49.0880 2352 MSDTC - ok
19:17:49.0942 2352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:17:49.0942 2352 Msfs - ok
19:17:49.0989 2352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:17:49.0989 2352 msisadrv - ok
19:17:50.0067 2352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:17:50.0067 2352 MSiSCSI - ok
19:17:50.0098 2352 msiserver - ok
19:17:50.0192 2352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:50.0192 2352 MSKSSRV - ok
19:17:50.0238 2352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:50.0238 2352 MSPCLOCK - ok
19:17:50.0316 2352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:17:50.0332 2352 MSPQM - ok
19:17:50.0379 2352 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:17:50.0379 2352 MsRPC - ok
19:17:50.0488 2352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:17:50.0488 2352 mssmbios - ok
19:17:50.0550 2352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:17:50.0550 2352 MSTEE - ok
19:17:50.0582 2352 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:17:50.0582 2352 Mup - ok
19:17:50.0660 2352 mwssched - ok
19:17:50.0691 2352 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:17:50.0706 2352 napagent - ok
19:17:50.0816 2352 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:17:50.0831 2352 NativeWifiP - ok
19:17:50.0862 2352 NAVENG - ok
19:17:50.0878 2352 NAVEX15 - ok
19:17:51.0003 2352 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:17:51.0003 2352 NDIS - ok
19:17:51.0128 2352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:51.0128 2352 NdisTapi - ok
19:17:51.0174 2352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:51.0174 2352 Ndisuio - ok
19:17:51.0206 2352 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:51.0221 2352 NdisWan - ok
19:17:51.0315 2352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:17:51.0315 2352 NDProxy - ok
19:17:51.0330 2352 NecUsb - ok
19:17:51.0393 2352 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
19:17:51.0408 2352 Net Driver HPZ12 - ok
19:17:51.0518 2352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:17:51.0518 2352 NetBIOS - ok
19:17:51.0564 2352 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:17:51.0580 2352 netbt - ok
19:17:51.0658 2352 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:17:51.0658 2352 Netlogon - ok
19:17:51.0705 2352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:17:51.0705 2352 Netman - ok
19:17:51.0783 2352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:17:51.0798 2352 netprofm - ok
19:17:51.0923 2352 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:17:51.0923 2352 NetTcpPortSharing - ok
19:17:52.0157 2352 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:17:52.0204 2352 NETw3v32 - ok
19:17:52.0313 2352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:17:52.0313 2352 nfrd960 - ok
19:17:52.0360 2352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:17:52.0376 2352 NlaSvc - ok
19:17:52.0391 2352 Norton Internet Security - ok
19:17:52.0516 2352 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:17:52.0516 2352 Npfs - ok
19:17:52.0563 2352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:17:52.0578 2352 nsi - ok
19:17:52.0625 2352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:17:52.0625 2352 nsiproxy - ok
19:17:52.0797 2352 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:17:52.0812 2352 Ntfs - ok
19:17:52.0922 2352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:17:52.0937 2352 ntrigdigi - ok
19:17:52.0953 2352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:17:52.0953 2352 Null - ok
19:17:53.0015 2352 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:17:53.0031 2352 NVENETFD - ok
19:17:53.0156 2352 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
19:17:53.0156 2352 NVHDA - ok
19:17:53.0390 2352 nvlddmkm (9fa0906253ba079d8c086cd2700e8b4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:17:53.0577 2352 nvlddmkm - ok
19:17:53.0670 2352 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:17:53.0670 2352 nvraid - ok
19:17:53.0717 2352 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
19:17:53.0717 2352 nvsmu - ok
19:17:53.0826 2352 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:17:53.0826 2352 nvstor - ok
19:17:53.0889 2352 nvsvc (a91e66d964e5beb4792ec8bac8ed926a) C:\Windows\system32\nvvsvc.exe
19:17:53.0889 2352 nvsvc - ok
19:17:54.0014 2352 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:17:54.0014 2352 nv_agp - ok
19:17:54.0029 2352 NwlnkFlt - ok
19:17:54.0045 2352 NwlnkFwd - ok
19:17:54.0154 2352 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:17:54.0170 2352 odserv - ok
19:17:54.0294 2352 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:17:54.0294 2352 ohci1394 - ok
19:17:54.0404 2352 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:17:54.0404 2352 ose - ok
19:17:54.0497 2352 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:17:54.0513 2352 p2pimsvc - ok
19:17:54.0528 2352 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:17:54.0544 2352 p2psvc - ok
19:17:54.0669 2352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:17:54.0669 2352 Parport - ok
19:17:54.0731 2352 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:17:54.0731 2352 partmgr - ok
19:17:54.0825 2352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:17:54.0825 2352 Parvdm - ok
19:17:54.0856 2352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:17:54.0872 2352 PcaSvc - ok
19:17:54.0965 2352 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:17:54.0965 2352 pci - ok
19:17:55.0028 2352 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:17:55.0028 2352 pciide - ok
19:17:55.0074 2352 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:17:55.0074 2352 pcmcia - ok
19:17:55.0215 2352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:17:55.0246 2352 PEAUTH - ok
19:17:55.0402 2352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:17:55.0433 2352 pla - ok
19:17:55.0511 2352 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:17:55.0511 2352 PlugPlay - ok
19:17:55.0558 2352 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
19:17:55.0558 2352 Pml Driver HPZ12 - ok
19:17:55.0605 2352 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:17:55.0620 2352 PNRPAutoReg - ok
19:17:55.0636 2352 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:17:55.0652 2352 PNRPsvc - ok
19:17:55.0745 2352 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:17:55.0745 2352 PolicyAgent - ok
19:17:55.0823 2352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:17:55.0823 2352 PptpMiniport - ok
19:17:55.0932 2352 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
19:17:55.0932 2352 Processor - ok
19:17:55.0979 2352 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:17:55.0995 2352 ProfSvc - ok
19:17:56.0026 2352 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:17:56.0026 2352 ProtectedStorage - ok
19:17:56.0151 2352 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:17:56.0151 2352 PSched - ok
19:17:56.0244 2352 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:17:56.0276 2352 ql2300 - ok
19:17:56.0354 2352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:17:56.0369 2352 ql40xx - ok
19:17:56.0400 2352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:17:56.0416 2352 QWAVE - ok
19:17:56.0510 2352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:17:56.0510 2352 QWAVEdrv - ok
19:17:56.0541 2352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:17:56.0541 2352 RasAcd - ok
19:17:56.0619 2352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:17:56.0619 2352 RasAuto - ok
19:17:56.0681 2352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:56.0681 2352 Rasl2tp - ok
19:17:56.0775 2352 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:17:56.0775 2352 RasMan - ok
19:17:56.0822 2352 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:56.0822 2352 RasPppoe - ok
19:17:56.0931 2352 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:17:56.0931 2352 RasSstp - ok
19:17:56.0993 2352 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:17:56.0993 2352 rdbss - ok
19:17:57.0087 2352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:57.0087 2352 RDPCDD - ok
19:17:57.0134 2352 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:17:57.0134 2352 rdpdr - ok
19:17:57.0243 2352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:17:57.0243 2352 RDPENCDD - ok
19:17:57.0290 2352 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:17:57.0305 2352 RDPWD - ok
19:17:57.0414 2352 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
19:17:57.0414 2352 Recovery Service for Windows - ok
19:17:57.0508 2352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:17:57.0508 2352 RemoteAccess - ok
19:17:57.0539 2352 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:17:57.0555 2352 RemoteRegistry - ok
19:17:57.0633 2352 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:17:57.0648 2352 RichVideo - ok
19:17:57.0726 2352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:17:57.0726 2352 RpcLocator - ok
19:17:57.0773 2352 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:17:57.0773 2352 RpcSs - ok
19:17:57.0867 2352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:17:57.0867 2352 rspndr - ok
19:17:57.0914 2352 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
19:17:57.0914 2352 RTSTOR - ok
19:17:57.0992 2352 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:17:57.0992 2352 SamSs - ok
19:17:58.0070 2352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:17:58.0070 2352 SASDIFSV - ok
19:17:58.0085 2352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:17:58.0101 2352 SASKUTIL - ok
19:17:58.0210 2352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:17:58.0210 2352 sbp2port - ok
19:17:58.0257 2352 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:17:58.0257 2352 SCardSvr - ok
19:17:58.0335 2352 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:17:58.0366 2352 Schedule - ok
19:17:58.0444 2352 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:17:58.0444 2352 SCPolicySvc - ok
19:17:58.0491 2352 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:17:58.0491 2352 sdbus - ok
19:17:58.0569 2352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:17:58.0584 2352 SDRSVC - ok
19:17:58.0631 2352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:17:58.0631 2352 secdrv - ok
19:17:58.0694 2352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:17:58.0694 2352 seclogon - ok
19:17:58.0725 2352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:17:58.0725 2352 SENS - ok
19:17:58.0818 2352 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:17:58.0818 2352 Serenum - ok
19:17:58.0850 2352 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:17:58.0850 2352 Serial - ok
19:17:58.0959 2352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:17:58.0959 2352 sermouse - ok
19:17:59.0006 2352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:17:59.0021 2352 SessionEnv - ok
19:17:59.0099 2352 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:17:59.0099 2352 sffdisk - ok
19:17:59.0130 2352 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:17:59.0130 2352 sffp_mmc - ok
19:17:59.0224 2352 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:17:59.0224 2352 sffp_sd - ok
19:17:59.0255 2352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:17:59.0255 2352 sfloppy - ok
19:17:59.0349 2352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:17:59.0364 2352 SharedAccess - ok
19:17:59.0380 2352 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:17:59.0396 2352 ShellHWDetection - ok
19:17:59.0489 2352 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:17:59.0489 2352 sisagp - ok
19:17:59.0536 2352 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:17:59.0536 2352 SiSRaid2 - ok
19:17:59.0583 2352 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:17:59.0583 2352 SiSRaid4 - ok
19:17:59.0754 2352 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:17:59.0848 2352 slsvc - ok
19:17:59.0942 2352 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:17:59.0942 2352 SLUINotify - ok
19:17:59.0988 2352 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:18:00.0004 2352 Smb - ok
19:18:00.0051 2352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:18:00.0051 2352 SNMPTRAP - ok
19:18:00.0160 2352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:18:00.0160 2352 spldr - ok
19:18:00.0207 2352 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:18:00.0222 2352 Spooler - ok
19:18:00.0300 2352 SRTSP - ok
19:18:00.0300 2352 SRTSPX - ok
19:18:00.0347 2352 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:18:00.0363 2352 srv - ok
19:18:00.0472 2352 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:18:00.0472 2352 srv2 - ok
19:18:00.0503 2352 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:00.0503 2352 srvnet - ok
19:18:00.0597 2352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:18:00.0597 2352 SSDPSRV - ok
19:18:00.0644 2352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:18:00.0644 2352 SstpSvc - ok
19:18:00.0753 2352 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:18:00.0768 2352 stisvc - ok
19:18:00.0800 2352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:18:00.0815 2352 swenum - ok
19:18:00.0893 2352 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:18:00.0909 2352 swprv - ok
19:18:00.0971 2352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:18:00.0971 2352 Symc8xx - ok
19:18:01.0096 2352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:18:01.0096 2352 Sym_hi - ok
19:18:01.0127 2352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:18:01.0127 2352 Sym_u3 - ok
19:18:01.0190 2352 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
19:18:01.0205 2352 SynTP - ok
19:18:01.0299 2352 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:18:01.0314 2352 SysMain - ok
19:18:01.0346 2352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:18:01.0361 2352 TabletInputService - ok
19:18:01.0439 2352 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:18:01.0455 2352 TapiSrv - ok
19:18:01.0486 2352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:18:01.0502 2352 TBS - ok
19:18:01.0611 2352 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:18:01.0642 2352 Tcpip - ok
19:18:01.0751 2352 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:01.0767 2352 Tcpip6 - ok
19:18:01.0876 2352 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:18:01.0876 2352 tcpipreg - ok
19:18:01.0923 2352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:18:01.0923 2352 TDPIPE - ok
19:18:02.0001 2352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:18:02.0001 2352 TDTCP - ok
19:18:02.0048 2352 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:18:02.0048 2352 tdx - ok
19:18:02.0079 2352 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:18:02.0079 2352 TermDD - ok
19:18:02.0172 2352 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:18:02.0188 2352 TermService - ok
19:18:02.0282 2352 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:18:02.0297 2352 Themes - ok
19:18:02.0344 2352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:18:02.0344 2352 THREADORDER - ok
19:18:02.0422 2352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:18:02.0438 2352 TrkWks - ok
19:18:02.0500 2352 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:18:02.0500 2352 TrustedInstaller - ok
19:18:02.0594 2352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:02.0594 2352 tssecsrv - ok
19:18:02.0609 2352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:18:02.0625 2352 tunmp - ok
19:18:02.0718 2352 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:02.0718 2352 tunnel - ok
19:18:02.0765 2352 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:18:02.0781 2352 uagp35 - ok
19:18:02.0874 2352 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:18:02.0874 2352 udfs - ok
19:18:02.0921 2352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:18:02.0937 2352 UI0Detect - ok
19:18:03.0030 2352 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:18:03.0030 2352 uliagpkx - ok
19:18:03.0062 2352 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:18:03.0062 2352 uliahci - ok
19:18:03.0155 2352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:18:03.0171 2352 UlSata - ok
19:18:03.0186 2352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:18:03.0202 2352 ulsata2 - ok
19:18:03.0233 2352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:18:03.0233 2352 umbus - ok
19:18:03.0342 2352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:18:03.0342 2352 upnphost - ok
19:18:03.0389 2352 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:03.0405 2352 usbccgp - ok
19:18:03.0483 2352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:18:03.0483 2352 usbcir - ok
19:18:03.0561 2352 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:18:03.0561 2352 usbehci - ok
19:18:03.0654 2352 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:03.0654 2352 usbhub - ok
19:18:03.0717 2352 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:18:03.0717 2352 usbohci - ok
19:18:03.0810 2352 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:03.0810 2352 usbprint - ok
19:18:03.0857 2352 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:18:03.0873 2352 usbscan - ok
19:18:03.0982 2352 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:03.0982 2352 USBSTOR - ok
19:18:04.0044 2352 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:04.0044 2352 usbuhci - ok
19:18:04.0076 2352 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:18:04.0091 2352 UxSms - ok
19:18:04.0185 2352 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:18:04.0200 2352 vds - ok
19:18:04.0247 2352 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:04.0263 2352 vga - ok
19:18:04.0341 2352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:18:04.0341 2352 VgaSave - ok
19:18:04.0403 2352 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:18:04.0419 2352 viaagp - ok
19:18:04.0497 2352 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:18:04.0497 2352 ViaC7 - ok
19:18:04.0559 2352 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
19:18:04.0559 2352 viaide - ok
19:18:04.0622 2352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:18:04.0637 2352 volmgr - ok
19:18:04.0668 2352 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:18:04.0684 2352 volmgrx - ok
19:18:04.0793 2352 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:18:04.0793 2352 volsnap - ok
19:18:04.0824 2352 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:18:04.0840 2352 vsmraid - ok
19:18:04.0949 2352 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:18:04.0965 2352 VSS - ok
19:18:05.0090 2352 vToolbarUpdater (49099f62da09c819ecc69e9d9267d3ac) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
19:18:05.0105 2352 vToolbarUpdater - ok
19:18:05.0199 2352 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:18:05.0199 2352 W32Time - ok
19:18:05.0261 2352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:18:05.0261 2352 WacomPen - ok
19:18:05.0355 2352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:05.0355 2352 Wanarp - ok
19:18:05.0370 2352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:05.0370 2352 Wanarpv6 - ok
19:18:05.0417 2352 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:18:05.0433 2352 wcncsvc - ok
19:18:05.0495 2352 wcontrol - ok
19:18:05.0526 2352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:18:05.0542 2352 WcsPlugInService - ok
19:18:05.0651 2352 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:18:05.0651 2352 Wd - ok
19:18:05.0714 2352 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:18:05.0714 2352 Wdf01000 - ok
19:18:05.0807 2352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:18:05.0807 2352 WdiServiceHost - ok
19:18:05.0807 2352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:18:05.0823 2352 WdiSystemHost - ok
19:18:05.0854 2352 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:18:05.0854 2352 WebClient - ok
19:18:05.0932 2352 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
19:18:05.0948 2352 Wecsvc - ok
19:18:05.0979 2352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:18:05.0979 2352 wercplsupport - ok
19:18:06.0072 2352 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:18:06.0072 2352 WerSvc - ok
19:18:06.0150 2352 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:18:06.0166 2352 winachsf - ok
19:18:06.0260 2352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:18:06.0275 2352 WinDefend - ok
19:18:06.0275 2352 WinHttpAutoProxySvc - ok
19:18:06.0400 2352 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:18:06.0400 2352 Winmgmt - ok
19:18:06.0447 2352 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
19:18:06.0462 2352 WinRM - ok
19:18:06.0556 2352 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:18:06.0572 2352 Wlansvc - ok
19:18:06.0681 2352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:06.0681 2352 WmiAcpi - ok
19:18:06.0759 2352 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:18:06.0759 2352 wmiApSrv - ok
19:18:06.0837 2352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:18:06.0852 2352 WMPNetworkSvc - ok
19:18:06.0915 2352 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:18:06.0930 2352 WPCSvc - ok
19:18:06.0962 2352 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:18:06.0962 2352 WPDBusEnum - ok
19:18:07.0102 2352 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:18:07.0118 2352 WPFFontCache_v0400 - ok
19:18:07.0196 2352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:07.0196 2352 ws2ifsl - ok
19:18:07.0258 2352 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:18:07.0258 2352 wscsvc - ok
19:18:07.0289 2352 WSearch - ok
19:18:07.0398 2352 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:18:07.0445 2352 wuauserv - ok
19:18:07.0554 2352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:07.0554 2352 WUDFRd - ok
19:18:07.0601 2352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:18:07.0601 2352 wudfsvc - ok
19:18:07.0695 2352 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:18:07.0695 2352 XAudio - ok
19:18:07.0742 2352 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
19:18:07.0757 2352 XAudioService - ok
19:18:07.0882 2352 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:18:07.0898 2352 yukonwlh - ok
19:18:07.0929 2352 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
19:18:07.0991 2352 \Device\Harddisk0\DR0 - ok
19:18:08.0007 2352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:18:10.0581 2352 \Device\Harddisk1\DR1 - ok
19:18:10.0628 2352 Boot (0x1200) (023f32ded95140432a70a165cce6b85e) \Device\Harddisk0\DR0\Partition0
19:18:10.0628 2352 \Device\Harddisk0\DR0\Partition0 - ok
19:18:10.0659 2352 Boot (0x1200) (3410affd9307561be4bd891915ee6546) \Device\Harddisk0\DR0\Partition1
19:18:10.0659 2352 \Device\Harddisk0\DR0\Partition1 - ok
19:18:10.0659 2352 Boot (0x1200) (3e08e25987cc8c288cd49e359fc37f56) \Device\Harddisk1\DR1\Partition0
19:18:10.0659 2352 \Device\Harddisk1\DR1\Partition0 - ok
19:18:10.0659 2352 ============================================================
19:18:10.0659 2352 Scan finished
19:18:10.0659 2352 ============================================================
19:18:10.0690 3884 Detected object count: 0
19:18:10.0690 3884 Actual detected object count: 0
19:18:32.0062 1924 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 24 March 2012 - 09:02 PM

Waiting for other logs :thumbup2:

#5 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 March 2012 - 09:14 PM

Downloaded GMER, temporarily disabled AVG Free, and ran scan. Saved log and posted here:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-24 20:11:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK2555GSX rev.FG002C
Running: s5rqu8i7.exe; Driver: C:\Windows\TEMP\uggirpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B3C3F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B3C3FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B3C4080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B3C411C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 81CEEB74 4 Bytes [3C, 3F, 3C, 9B] {CMP AL, 0x3f; CMP AL, 0x9b}
.text ntkrnlpa.exe!KeSetEvent + 621 81CEEDA4 8 Bytes [E4, 3F, 3C, 9B, 80, 40, 3C, ...] {IN AL, 0x3f; CMP AL, 0x9b; ADD BYTE [EAX+0x3c], 0x9b}
.text ntkrnlpa.exe!KeSetEvent + 681 81CEEE04 4 Bytes [1C, 41, 3C, 9B] {SBB AL, 0x41; CMP AL, 0x9b}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA02340, 0x3EA427, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[924] kernel32.dll!CreateThread 74FFCB2E 5 Bytes JMP 6F5A7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!SetWindowsHookExW 75DF87AD 5 Bytes JMP 6F5E2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!CallNextHookEx 75DF8E3B 5 Bytes JMP 6F607BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!UnhookWindowsHookEx 75DF98DB 5 Bytes JMP 6F62EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!EnableWindow 75DFCD8B 5 Bytes JMP 6F5E9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DefWindowProcA 75DFDB88 7 Bytes JMP 6F5A952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!CreateWindowExA 75DFDC2A 5 Bytes JMP 6F5B3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!CreateWindowExW 75E01305 5 Bytes JMP 6F60FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DefWindowProcW 75E103B4 7 Bytes JMP 6F607C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxParamW 75E210B0 5 Bytes JMP 6F54170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxIndirectParamW 75E22EF5 5 Bytes JMP 6F736336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxParamA 75E38152 5 Bytes JMP 6F7362D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxIndirectParamA 75E3847D 5 Bytes JMP 6F73639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxIndirectA 75E4D4D9 5 Bytes JMP 6F736258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxIndirectW 75E4D5D3 5 Bytes JMP 6F7361DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxExA 75E4D639 5 Bytes JMP 6F73617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxExW 75E4D65D 5 Bytes JMP 6F736117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] ole32.dll!OleLoadFromStream 76171E80 5 Bytes JMP 6F736B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!EnableWindow 75DFCD8B 5 Bytes JMP 6F5E9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamW 75E210B0 5 Bytes JMP 6F54170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamW 75E22EF5 5 Bytes JMP 6F736336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamA 75E38152 5 Bytes JMP 6F7362D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamA 75E3847D 5 Bytes JMP 6F73639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectA 75E4D4D9 5 Bytes JMP 6F736258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectW 75E4D5D3 5 Bytes JMP 6F7361DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExA 75E4D639 5 Bytes JMP 6F73617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExW 75E4D65D 5 Bytes JMP 6F736117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72FD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7302A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72FDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72FCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72FD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72FCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73008395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [72FDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72FCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72FCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72FC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7305CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72FFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72FCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72FC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72FC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72FD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

#6 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 March 2012 - 09:40 PM

Downloaded and ran aswMBR. Log results here:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 20:15:09
-----------------------------
20:15:09.020 OS Version: Windows 6.0.6002 Service Pack 2
20:15:09.020 Number of processors: 2 586 0x301
20:15:09.020 ComputerName: CPQ-CQ60215DXLT UserName: Louis Montoya
20:15:11.064 Initialize success
20:15:25.275 AVAST engine defs: 12032401
20:17:10.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
20:17:10.606 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 3
20:17:11.215 Disk 0 MBR read successfully
20:17:11.293 Disk 0 MBR scan
20:17:11.293 Disk 0 unknown MBR code
20:17:11.496 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227333 MB offset 2048
20:17:11.589 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11138 MB offset 465580032
20:17:11.761 Disk 0 scanning sectors +488390656
20:17:12.369 Disk 0 scanning C:\Windows\system32\drivers
20:18:55.875 Service scanning
20:19:33.924 Modules scanning
20:22:02.716 Disk 0 trace - called modules:
20:22:02.779 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:22:03.294 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855936d0]
20:22:03.294 3 CLASSPNP.SYS[8079b8b3] -> nt!IofCallDriver -> [0x844d2a70]
20:22:03.309 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x844d2030]
20:22:04.105 AVAST engine scan C:\Windows
20:22:37.099 AVAST engine scan C:\Windows\system32
20:26:58.461 AVAST engine scan C:\Windows\system32\drivers
20:27:24.622 AVAST engine scan C:\Users\Louis Montoya
20:32:20.430 AVAST engine scan C:\ProgramData
20:33:28.399 Scan finished successfully
20:38:17.960 Disk 0 MBR has been saved successfully to "C:\Users\Louis Montoya\Desktop\MBR.dat"
20:38:17.976 The log file has been saved successfully to "C:\Users\Louis Montoya\Desktop\aswMBR.txt"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 24 March 2012 - 09:56 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download Autoruns

http://download.sysinternals.com/files/AutoRuns.zip

Extract and launch autoruns.exe

Allow it to scan

Click on FILE-SAVE AS

Save it as autoruns.txt

Upload text file to

www.mediafire.com and post the link here

good luck

#8 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 March 2012 - 10:13 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Sorry, by "regular mode" do you mean not a full scan or "quick scan?" Also, are you saying to repeat the Reboot...and quick scan until there are no detections?

Thanks.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 24 March 2012 - 10:18 PM

you're right

Some infections may need a reboot to get removed.

Its safe to restart the PC after a scan and re scan again to get a clean log

When i mean regular mode i refer to normal mode and not the safemode

Thanks

#10 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 March 2012 - 12:54 AM

OK, MBAM download and full scan = nothing detected.
Reboot and MBAM quick scan = nothing detected.
ESET download and scan/clean = results here

C:\$RECYCLE.BIN\S-1-5-21-1701404666-2700510398-1568716227-1000\$RV91MPY\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1701404666-2700510398-1568716227-1000\$RVQ5FNN\tsk0012.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1701404666-2700510398-1568716227-1000\$RVQ5FNN\tsk0013.dta Win32/Sirefef.ET trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\Louis Montoya\Downloads\PCPerformer_GN (1).exe a variant of Win32/InstallBrain application cleaned by deleting - quarantined
C:\Documents and Settings\Louis Montoya\Downloads\PCPerformer_GN.exe a variant of Win32/InstallBrain application cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Windows\Temp\NOD9852.tmp a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined

#11 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 March 2012 - 01:04 AM

Download, run Mini ToolBox w/specified settings = results here

MiniToolBox by Farbar Version: 18-01-2012
Ran by Louis Montoya (administrator) on 24-03-2012 at 23:57:58
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15173 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CPQ-CQ60215DXLT
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-1F-16-75-65-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2B-BD-EA-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b0ae:3e76:7680:453c%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.58.121(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 24, 2012 10:35:24 PM
Lease Expires . . . . . . . . . . : Sunday, March 25, 2012 10:35:24 PM
Default Gateway . . . . . . . . . : 192.168.58.1
DHCP Server . . . . . . . . . . . : 192.168.58.1
DHCPv6 IAID . . . . . . . . . . . : 218113067
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-9D-76-54-00-24-2B-BD-EA-06
DNS Servers . . . . . . . . . . . : 192.168.58.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D247ABAC-E76D-48B5-89C4-6E11021A850C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D803617E-55DB-4695-9783-022031A89CF0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: google.com
Addresses: 74.125.227.37
74.125.227.39
74.125.227.35
74.125.227.36
74.125.227.38
74.125.227.32
74.125.227.46
74.125.227.33
74.125.227.40
74.125.227.41
74.125.227.34



Pinging google.com [74.125.227.38] with 32 bytes of data:

Reply from 74.125.227.38: bytes=32 time=69ms TTL=49

Reply from 74.125.227.38: bytes=32 time=65ms TTL=49



Ping statistics for 74.125.227.38:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 65ms, Maximum = 69ms, Average = 67ms

1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=42ms TTL=51

Reply from 209.191.122.70: bytes=32 time=38ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 42ms, Average = 40ms

1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 1f 16 75 65 76 ...... NVIDIA nForce 10/100/1000 Mbps Networking Controller
10 ...00 24 2b bd ea 06 ...... Atheros AR5007 802.11b/g WiFi Adapter
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{D247ABAC-E76D-48B5-89C4-6E11021A850C}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.{D803617E-55DB-4695-9783-022031A89CF0}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.58.1 192.168.58.121 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.58.0 255.255.255.0 On-link 192.168.58.121 281
192.168.58.121 255.255.255.255 On-link 192.168.58.121 281
192.168.58.255 255.255.255.255 On-link 192.168.58.121 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.58.121 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.58.121 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::b0ae:3e76:7680:453c/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/24/2012 10:35:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 07:28:57 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/24/2012 07:07:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 06:21:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 06:07:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 03:33:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 03:22:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 03:08:42 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2e6acd5b-88ca-40e8-a0b0-f018d210de78}

Error: (03/24/2012 02:20:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2012 02:05:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: 78481032
SRTSP
SRTSPX

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: L8042Kbd%%126

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: USB Service%%126

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: Tosrfusb%%126

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: Network Security%%126

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: Dntus26%%126

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (03/24/2012 10:35:42 PM) (Source: Service Control Manager) (User: )
Description: FsRamDsk%%126


Microsoft Office Sessions:
=========================
Error: (11/22/2011 05:55:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer (Version: 1.0.0)
4500_Help (Version: 1.00.0000)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player (Version: 11.0)
Advanced Installer 8.8.2 (Version: 8.8.2)
Apple Application Support (Version: 1.4.1)
Atheros Driver Installation Program (Version: 5.2)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
CCleaner (Version: 3.16)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio (Version: 4.58.0.0)
CyberLink DVD Suite (Version: 6.0.2203)
Defraggler (Version: 2.09)
ESET Online Scanner v3
ESU for Microsoft Vista (Version: 1.0.0)
Fax (Version: 100.0.272.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2614.234)
Google Update Helper (Version: 1.3.21.99)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Help and Support (Version: 2.1.1.0)
HP Officejet J4500 Series (Version: 1.0)
HP Quick Launch Buttons (Version: 6.50.9.1)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Update (Version: 5.003.001.001)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
HPNetworkAssistant (Version: 1.1.70)
HPTCSSetup (Version: 1.1.1963.2799)
J4500 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
LabelPrint (Version: 2.5.0926)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox (3.0.7) (Version: 3.0.7 (en-US))
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.6951)
NetWaiting (Version: 2.5.52)
Norton Internet Security (Version: 16.0.0.125)
NVIDIA Drivers
PC MightyMax 2011 (Version: 1.0.0.1)
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.69.80.9)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
Scan (Version: 10.1.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1146)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
T-Shirt Factory Deluxe 3.0 (Version: 3.0.0.5)
Toolbox (Version: 100.0.170.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
WebReg (Version: 100.0.170.000)
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 1789.69 MB
Available physical RAM: 917.62 MB
Total Pagefile: 3827.88 MB
Available Pagefile: 2711.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.23 MB

========================= Partitions: =====================================

1 Drive c: (My Hard Disk) (Fixed) (Total:222 GB) (Free:188.68 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:10.88 GB) (Free:1.67 GB) NTFS
4 Drive f: (RPS-FLASHDR) (Removable) (Total:7.67 GB) (Free:1.6 GB) FAT32

========================= Users: ========================================

User accounts for \\CPQ-CQ60215DXLT

Administrator Guest Louis Montoya


**** End of log ****

#12 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 March 2012 - 01:25 AM

Download Autoruns

http://download.sysinternals.com/files/AutoRuns.zip

Extract and launch autoruns.exe

Allow it to scan

Click on FILE-SAVE AS

Save it as autoruns.txt

Upload text file to

www.mediafire.com and post the link here

good luck



AutoRuns link for MediaFire is here

http://www.mediafire.com/?wbs8cz2wd2vcb13

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 25 March 2012 - 09:03 AM

Uncheck this entry in autoruns

"NecUsb" "Support USB3 Services" "" "File not found: C:\Windows\system32\NUSB3w32.dll"

Open command prompt as administrator and run these two commands

net stop NecUsb
sc delete NecUsb



Download

FSS

Launch it and type USB3w32.dll in the search box and click on search files

Post the generated log

good luck

Edited by narenxp, 25 March 2012 - 09:03 AM.


#14 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 March 2012 - 10:30 AM

- Unchecked AutoRuns entry: "NecUsb" "Support USB3 Services" "" "File not found: C:\Windows\system32\NUSB3w32.dll"
(Question: just unckeck only? Nothing to save?)

- net stop NecUsb = the USB service is not started

- sc delete NecUsb = [SC] DeleteService SUCCESS

- Downloaded,ran FSS and did a file search for USB3w32.dll = results here

Farbar Service Scanner Version: 01-03-2012
Ran by Louis Montoya (administrator) on 25-03-2012 at 09:25:35
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "USB3w32.dll" =========

====== End Of Search ======

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 25 March 2012 - 11:19 AM

Download

Fix zero access

launch it,allow it to restart the PC,let me know if it finds infections in reboot




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users