Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes refuses to run


  • This topic is locked This topic is locked
10 replies to this topic

#1 MarcLodge

MarcLodge

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 March 2012 - 02:38 PM

MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


Hi, a friend has asked me to look at a machine which according to her 'when I go onto the internet, does not work'. I have little more to go on than that, but my first thoughts after checking device manager (all is ok) was to check for a virus. I've downloaded on another machine the latest version of MBAM and installed this fine. When I try to execute it though, it tells me the database is 70 days out of date and if I click yes to update, the program stops. No messages or anything, just stops. If I don't update it presents me with the main MBAM screen, but when I click 'scan', the program again just stops.

I started a topic here: http://www.bleepingcomputer.com/forums/topic447359.html/page__pid__2642681#entry2642681 and have followed everything so far. A couple of things that are worth noting are that the normal C:\ drive is in fact the H:\ drive and that even though I have removed McAfee, from the machine, there still appears to be references to it in the logs. I have disconnected the machine from the network and am using another machine to post logs etc.

As per the instructions in the topic already mentioned, I have run defogger, run dds and gmer and the attach, dds and gmer logs are attached.

Grateful for any help you are able to give.

Marc

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by dell at 19:54:43 on 2012-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3710.3182 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\mfevtps.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\WINDOWS\stsystra.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\DOCUME~1\dell\LOCALS~1\Temp\mcupdate_1332594642.exe
H:\Program Files\Digital Line Detect\DLG.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
H:\Program Files\Memeo\AutoBackup\InstantBackup.exe
H:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - h:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - h:\program files\common files\mcafee\systemcore\ScriptSn.20111228224842.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - h:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - h:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - h:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - h:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
uRun: [Google Update] "h:\documents and settings\dell\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "h:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "h:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [McAfee Update] h:\docume~1\dell\locals~1\temp\mcupdate_1332594642.exe /insfin h:\docume~1\dell\locals~1\temp\mcupdate_1332594642.ini
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "h:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [NUSB3MON] "h:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Memeo Instant Backup] h:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
StartupFolder: h:\docume~1\dell\startm~1\programs\startup\onenot~1.lnk - h:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - h:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - h:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;h:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;h:\windows\system32\drivers\mfetdi2k.sys [2011-10-29 89792]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [2011-10-29 54760]
R2 MemeoBackgroundService;MemeoBackgroundService;h:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 mfefire;McAfee Firewall Core Service;h:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-29 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;h:\windows\system32\mfevtps.exe [2011-10-29 150856]
R3 mfeavfk;McAfee Inc. mfeavfk;h:\windows\system32\drivers\mfeavfk.sys [2011-10-29 180816]
R3 mfefirek;McAfee Inc. mfefirek;h:\windows\system32\drivers\mfefirek.sys [2011-10-29 338176]
R3 mfendiskmp;mfendiskmp;h:\windows\system32\drivers\mfendisk.sys [2011-10-29 83856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"h:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> h:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McShield;McAfee McShield;h:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-29 166288]
S3 cfwids;McAfee Inc. cfwids;h:\windows\system32\drivers\cfwids.sys [2011-10-29 57600]
S3 fsssvc;Windows Live Family Safety Service;h:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GetSusp;GetSusp;\??\h:\windows\getsusp.sys --> h:\windows\GetSusp.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;h:\windows\system32\drivers\mbamswissarmy.sys [2012-3-23 40776]
S3 mfebopk;McAfee Inc. mfebopk;h:\windows\system32\drivers\mfebopk.sys [2011-10-29 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;h:\windows\system32\drivers\mfendisk.sys [2011-10-29 83856]
S3 mferkdet;McAfee Inc. mferkdet;h:\windows\system32\drivers\mferkdet.sys [2011-10-29 87656]
.
=============== Created Last 30 ================
.
2012-03-23 23:33:39 -------- d-sh--w- h:\documents and settings\dell\IETldCache
2012-03-23 20:30:17 -------- dc-h--w- h:\windows\ie8
2012-03-23 20:20:00 974848 -c----w- h:\windows\system32\dllcache\mfc42.dll
2012-03-23 20:20:00 953856 -c----w- h:\windows\system32\dllcache\mfc40u.dll
2012-03-23 20:19:30 617472 -c----w- h:\windows\system32\dllcache\comctl32.dll
2012-03-23 20:18:46 40960 -c----w- h:\windows\system32\dllcache\ndproxy.sys
2012-03-23 20:17:52 105472 -c----w- h:\windows\system32\dllcache\mup.sys
2012-03-23 20:13:24 40776 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2012-03-23 20:13:24 -------- d-----w- h:\documents and settings\dell\application data\Malwarebytes
2012-03-23 20:13:18 20464 ----a-w- h:\windows\system32\drivers\mbam.sys
2012-03-23 20:13:18 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2012-03-23 20:13:18 -------- d-----w- h:\documents and settings\all users\application data\Malwarebytes
2012-03-23 20:12:56 10496 -c----w- h:\windows\system32\dllcache\ndistapi.sys
2012-03-23 20:12:55 3072 -c----w- h:\windows\system32\dllcache\iacenc.dll
2012-03-23 20:12:55 3072 ------w- h:\windows\system32\iacenc.dll
2012-03-23 20:12:53 139784 -c----w- h:\windows\system32\dllcache\rdpwd.sys
2012-03-23 20:10:37 45568 -c----w- h:\windows\system32\dllcache\wab.exe
2012-03-23 19:42:41 -------- d-----w- h:\windows\system32\scripting
2012-03-23 19:42:41 -------- d-----w- h:\windows\l2schemas
2012-03-23 19:42:40 -------- d-----w- h:\windows\system32\en
2012-03-23 19:42:40 -------- d-----w- h:\windows\system32\bits
2012-03-23 19:39:15 -------- d-----w- h:\windows\network diagnostic
2012-03-23 19:26:13 -------- d-----w- h:\windows\EHome
2012-03-22 16:51:02 -------- d-----w- h:\documents and settings\all users\application data\Citrix
2012-03-22 16:49:53 -------- d-----w- h:\program files\Citrix
2012-03-22 16:49:49 -------- d-----w- h:\documents and settings\dell\local settings\application data\Citrix
2012-03-22 15:21:19 -------- d-----w- h:\windows\system32\wbem\repository\FS
2012-03-22 15:21:19 -------- d-----w- h:\windows\system32\wbem\Repository
2012-03-22 15:20:25 -------- d-----w- h:\program files\common files\Mcafee
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- h:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- h:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TEAC____ rev.4.00 -> Harddisk1\DR2 -> \Device\00000073
.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR2[0x8A5B93D8]
kernel: MBR read successfully
_asm { CLI ; MOV SI, 0x7c00; MOV DI, 0x7a00; MOV CX, 0x100; CLD ; PUSH CS; POP DS; PUSH CS; POP ES; REP MOVSW ; JMP FAR 0x0:0x7a16; }
user != kernel MBR !!!
.
============= FINISH: 19:55:25.43 ===============

Attached Files


Edited by Noviciate, 25 March 2012 - 04:13 PM.
DDS log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 25 March 2012 - 04:15 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 March 2012 - 05:11 PM

Hi Noviciate,
I ran TDSSKiller after changing the parameters, and it found two suspicious files, but the default action was to skip them, which I did. Log that was generated is attached.
Marc

23:05:03.0562 3808 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
23:05:03.0562 3808 ============================================================
23:05:03.0562 3808 Current date / time: 2012/03/25 23:05:03.0562
23:05:03.0562 3808 SystemInfo:
23:05:03.0562 3808
23:05:03.0562 3808 OS Version: 5.1.2600 ServicePack: 3.0
23:05:03.0562 3808 Product type: Workstation
23:05:03.0562 3808 ComputerName: DELL-369FDB885F
23:05:03.0578 3808 UserName: dell
23:05:03.0578 3808 Windows directory: H:\WINDOWS
23:05:03.0578 3808 System windows directory: H:\WINDOWS
23:05:03.0578 3808 Processor architecture: Intel x86
23:05:03.0578 3808 Number of processors: 2
23:05:03.0578 3808 Page size: 0x1000
23:05:03.0578 3808 Boot type: Normal boot
23:05:03.0578 3808 ============================================================
23:05:04.0875 3808 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:05:04.0937 3808 Drive \Device\Harddisk5\DR10 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:05:04.0937 3808 \Device\Harddisk0\DR0:
23:05:04.0937 3808 MBR used
23:05:04.0937 3808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
23:05:04.0937 3808 \Device\Harddisk5\DR10:
23:05:04.0937 3808 MBR used
23:05:04.0937 3808 \Device\Harddisk5\DR10\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE4080
23:05:04.0937 3808 Initialize success
23:05:04.0937 3808 ============================================================
23:05:19.0515 3828 ============================================================
23:05:19.0515 3828 Scan started
23:05:19.0515 3828 Mode: Manual; SigCheck; TDLFS;
23:05:19.0515 3828 ============================================================
23:05:19.0703 3828 Abiosdsk - ok
23:05:19.0703 3828 abp480n5 - ok
23:05:19.0765 3828 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
23:05:20.0531 3828 ACPI - ok
23:05:20.0578 3828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
23:05:20.0703 3828 ACPIEC - ok
23:05:20.0718 3828 adpu160m - ok
23:05:20.0765 3828 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
23:05:20.0890 3828 aec - ok
23:05:20.0921 3828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
23:05:20.0953 3828 AFD - ok
23:05:20.0968 3828 Aha154x - ok
23:05:20.0968 3828 aic78u2 - ok
23:05:20.0984 3828 aic78xx - ok
23:05:20.0984 3828 AliIde - ok
23:05:21.0000 3828 amsint - ok
23:05:21.0015 3828 asc - ok
23:05:21.0015 3828 asc3350p - ok
23:05:21.0031 3828 asc3550 - ok
23:05:21.0078 3828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:05:21.0218 3828 AsyncMac - ok
23:05:21.0234 3828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
23:05:21.0359 3828 atapi - ok
23:05:21.0375 3828 Atdisk - ok
23:05:21.0468 3828 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:05:21.0578 3828 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
23:05:21.0578 3828 ati2mtag - detected UnsignedFile.Multi.Generic (1)
23:05:21.0625 3828 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:05:21.0796 3828 Atmarpc - ok
23:05:21.0843 3828 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
23:05:21.0968 3828 audstub - ok
23:05:22.0000 3828 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
23:05:22.0125 3828 Beep - ok
23:05:22.0171 3828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
23:05:22.0296 3828 cbidf2k - ok
23:05:22.0312 3828 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:05:22.0453 3828 CCDECODE - ok
23:05:22.0453 3828 cd20xrnt - ok
23:05:22.0484 3828 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
23:05:22.0609 3828 Cdaudio - ok
23:05:22.0656 3828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
23:05:22.0781 3828 Cdfs - ok
23:05:22.0828 3828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
23:05:22.0953 3828 Cdrom - ok
23:05:22.0953 3828 cercsr6 (84853b3fd012251690570e9e7e43343f) H:\WINDOWS\system32\drivers\cercsr6.sys
23:05:22.0984 3828 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:05:22.0984 3828 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:05:23.0046 3828 cfwids (1dcb5209601a70e36c70fe8d197d62cb) H:\WINDOWS\system32\drivers\cfwids.sys
23:05:23.0062 3828 cfwids - ok
23:05:23.0062 3828 Changer - ok
23:05:23.0078 3828 CmdIde - ok
23:05:23.0093 3828 Cpqarray - ok
23:05:23.0109 3828 dac2w2k - ok
23:05:23.0109 3828 dac960nt - ok
23:05:23.0125 3828 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
23:05:23.0250 3828 Disk - ok
23:05:23.0281 3828 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
23:05:23.0453 3828 dmboot - ok
23:05:23.0468 3828 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
23:05:23.0609 3828 dmio - ok
23:05:23.0656 3828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
23:05:23.0812 3828 dmload - ok
23:05:23.0843 3828 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
23:05:23.0968 3828 DMusic - ok
23:05:23.0984 3828 dpti2o - ok
23:05:24.0015 3828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
23:05:24.0125 3828 drmkaud - ok
23:05:24.0156 3828 E100B (ac9cf17ee2ae003c98eb4f5336c38058) H:\WINDOWS\system32\DRIVERS\e100b325.sys
23:05:24.0171 3828 E100B - ok
23:05:24.0203 3828 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
23:05:24.0328 3828 Fastfat - ok
23:05:24.0359 3828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys
23:05:24.0484 3828 Fdc - ok
23:05:24.0500 3828 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
23:05:24.0625 3828 Fips - ok
23:05:24.0640 3828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
23:05:24.0765 3828 Flpydisk - ok
23:05:24.0796 3828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
23:05:24.0921 3828 FltMgr - ok
23:05:24.0984 3828 fssfltr (e0087225b137e57239ff40f8ae82059b) H:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:05:25.0000 3828 fssfltr - ok
23:05:25.0031 3828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
23:05:25.0171 3828 Fs_Rec - ok
23:05:25.0203 3828 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:05:25.0343 3828 Ftdisk - ok
23:05:25.0390 3828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:05:25.0390 3828 GEARAspiWDM - ok
23:05:25.0406 3828 GetSusp - ok
23:05:25.0437 3828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
23:05:25.0578 3828 Gpc - ok
23:05:25.0593 3828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:05:25.0718 3828 HDAudBus - ok
23:05:25.0734 3828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
23:05:25.0859 3828 hidusb - ok
23:05:25.0890 3828 hpn - ok
23:05:25.0937 3828 HPZid412 (30ca91e657cede2f95359d6ef186f650) H:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:05:26.0046 3828 HPZid412 - ok
23:05:26.0062 3828 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) H:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:05:26.0109 3828 HPZipr12 - ok
23:05:26.0125 3828 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) H:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:05:26.0218 3828 HPZius12 - ok
23:05:26.0265 3828 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) H:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:05:26.0296 3828 HSFHWBS2 - ok
23:05:26.0328 3828 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) H:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:05:26.0375 3828 HSF_DP - ok
23:05:26.0421 3828 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
23:05:26.0453 3828 HTTP - ok
23:05:26.0468 3828 i2omgmt - ok
23:05:26.0468 3828 i2omp - ok
23:05:26.0531 3828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\drivers\i8042prt.sys
23:05:26.0671 3828 i8042prt - ok
23:05:26.0703 3828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
23:05:26.0859 3828 Imapi - ok
23:05:26.0859 3828 ini910u - ok
23:05:26.0875 3828 IntelIde - ok
23:05:26.0906 3828 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys
23:05:27.0015 3828 intelppm - ok
23:05:27.0046 3828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
23:05:27.0187 3828 Ip6Fw - ok
23:05:27.0234 3828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:05:27.0359 3828 IpFilterDriver - ok
23:05:27.0390 3828 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
23:05:27.0500 3828 IpInIp - ok
23:05:27.0531 3828 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
23:05:27.0656 3828 IpNat - ok
23:05:27.0687 3828 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
23:05:27.0796 3828 IPSec - ok
23:05:27.0859 3828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
23:05:27.0984 3828 IRENUM - ok
23:05:28.0015 3828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
23:05:28.0140 3828 isapnp - ok
23:05:28.0156 3828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:05:28.0265 3828 Kbdclass - ok
23:05:28.0265 3828 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:05:28.0390 3828 kbdhid - ok
23:05:28.0437 3828 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
23:05:28.0578 3828 kmixer - ok
23:05:28.0609 3828 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
23:05:28.0640 3828 KSecDD - ok
23:05:28.0656 3828 lbrtfdc - ok
23:05:28.0703 3828 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) H:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:05:28.0718 3828 MBAMSwissArmy - ok
23:05:28.0781 3828 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) H:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:05:28.0796 3828 mdmxsdk - ok
23:05:28.0859 3828 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) H:\WINDOWS\system32\drivers\mfeapfk.sys
23:05:28.0875 3828 mfeapfk - ok
23:05:28.0921 3828 mfeavfk (cde41293db871a75cd99eb0ce781356b) H:\WINDOWS\system32\drivers\mfeavfk.sys
23:05:28.0937 3828 mfeavfk - ok
23:05:28.0953 3828 mfebopk (e22385f64bdf0ad81157479496e33c4a) H:\WINDOWS\system32\drivers\mfebopk.sys
23:05:28.0953 3828 mfebopk - ok
23:05:28.0984 3828 mfefirek (215666a8a85023ef019b510cbb67f678) H:\WINDOWS\system32\drivers\mfefirek.sys
23:05:29.0000 3828 mfefirek - ok
23:05:29.0046 3828 mfehidk (56d330981866a72f061dd16cc5004513) H:\WINDOWS\system32\drivers\mfehidk.sys
23:05:29.0078 3828 mfehidk - ok
23:05:29.0093 3828 mfendisk (62acda4e958e2a392557ba3c6c754a58) H:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:05:29.0093 3828 mfendisk - ok
23:05:29.0109 3828 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) H:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:05:29.0109 3828 mfendiskmp - ok
23:05:29.0156 3828 mferkdet (89b564d63c53fc0c6782ab07eea63acf) H:\WINDOWS\system32\drivers\mferkdet.sys
23:05:29.0171 3828 mferkdet - ok
23:05:29.0218 3828 mfetdi2k (922e64ca38e38106498fb3435a8e399d) H:\WINDOWS\system32\drivers\mfetdi2k.sys
23:05:29.0234 3828 mfetdi2k - ok
23:05:29.0281 3828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
23:05:29.0421 3828 mnmdd - ok
23:05:29.0453 3828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
23:05:29.0578 3828 Modem - ok
23:05:29.0593 3828 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) H:\WINDOWS\system32\drivers\MODEMCSA.sys
23:05:29.0718 3828 MODEMCSA - ok
23:05:29.0750 3828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
23:05:29.0859 3828 Mouclass - ok
23:05:29.0906 3828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys
23:05:30.0031 3828 mouhid - ok
23:05:30.0062 3828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
23:05:30.0171 3828 MountMgr - ok
23:05:30.0187 3828 mraid35x - ok
23:05:30.0187 3828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:05:30.0312 3828 MRxDAV - ok
23:05:30.0328 3828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:05:30.0421 3828 MRxSmb - ok
23:05:30.0453 3828 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
23:05:30.0578 3828 Msfs - ok
23:05:30.0593 3828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
23:05:30.0718 3828 MSKSSRV - ok
23:05:30.0734 3828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:05:30.0875 3828 MSPCLOCK - ok
23:05:30.0953 3828 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
23:05:31.0093 3828 MSPQM - ok
23:05:31.0140 3828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:05:31.0250 3828 mssmbios - ok
23:05:31.0281 3828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
23:05:31.0421 3828 MSTEE - ok
23:05:31.0484 3828 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
23:05:31.0531 3828 Mup - ok
23:05:31.0562 3828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:05:31.0703 3828 NABTSFEC - ok
23:05:31.0734 3828 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
23:05:31.0843 3828 NDIS - ok
23:05:31.0875 3828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:05:31.0984 3828 NdisIP - ok
23:05:32.0031 3828 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:05:32.0093 3828 NdisTapi - ok
23:05:32.0140 3828 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:05:32.0265 3828 Ndisuio - ok
23:05:32.0281 3828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:05:32.0406 3828 NdisWan - ok
23:05:32.0468 3828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
23:05:32.0531 3828 NDProxy - ok
23:05:32.0531 3828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
23:05:32.0656 3828 NetBIOS - ok
23:05:32.0703 3828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
23:05:32.0828 3828 NetBT - ok
23:05:32.0843 3828 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
23:05:32.0968 3828 Npfs - ok
23:05:32.0984 3828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
23:05:33.0140 3828 Ntfs - ok
23:05:33.0203 3828 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
23:05:33.0328 3828 Null - ok
23:05:33.0359 3828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:05:33.0484 3828 NwlnkFlt - ok
23:05:33.0484 3828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:05:33.0625 3828 NwlnkFwd - ok
23:05:33.0656 3828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\drivers\Parport.sys
23:05:33.0765 3828 Parport - ok
23:05:33.0812 3828 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
23:05:33.0937 3828 PartMgr - ok
23:05:33.0968 3828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
23:05:34.0093 3828 ParVdm - ok
23:05:34.0109 3828 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
23:05:34.0218 3828 PCI - ok
23:05:34.0218 3828 PCIDump - ok
23:05:34.0234 3828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
23:05:34.0359 3828 PCIIde - ok
23:05:34.0375 3828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
23:05:34.0484 3828 Pcmcia - ok
23:05:34.0500 3828 PDCOMP - ok
23:05:34.0500 3828 PDFRAME - ok
23:05:34.0515 3828 PDRELI - ok
23:05:34.0515 3828 PDRFRAME - ok
23:05:34.0531 3828 perc2 - ok
23:05:34.0531 3828 perc2hib - ok
23:05:34.0593 3828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
23:05:34.0718 3828 PptpMiniport - ok
23:05:34.0718 3828 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
23:05:34.0843 3828 PSched - ok
23:05:34.0859 3828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
23:05:34.0984 3828 Ptilink - ok
23:05:34.0984 3828 ql1080 - ok
23:05:35.0000 3828 Ql10wnt - ok
23:05:35.0000 3828 ql12160 - ok
23:05:35.0015 3828 ql1240 - ok
23:05:35.0031 3828 ql1280 - ok
23:05:35.0062 3828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
23:05:35.0187 3828 RasAcd - ok
23:05:35.0203 3828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:05:35.0328 3828 Rasl2tp - ok
23:05:35.0328 3828 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:05:35.0453 3828 RasPppoe - ok
23:05:35.0468 3828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
23:05:35.0593 3828 Raspti - ok
23:05:35.0609 3828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
23:05:35.0734 3828 Rdbss - ok
23:05:35.0750 3828 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:05:35.0875 3828 RDPCDD - ok
23:05:35.0921 3828 RDPWD (5b3055daa788bd688594d2f5981f2a83) H:\WINDOWS\system32\drivers\RDPWD.sys
23:05:35.0953 3828 RDPWD - ok
23:05:35.0984 3828 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
23:05:36.0109 3828 redbook - ok
23:05:36.0156 3828 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
23:05:36.0265 3828 Secdrv - ok
23:05:36.0281 3828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys
23:05:36.0406 3828 Serial - ok
23:05:36.0437 3828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
23:05:36.0562 3828 Sfloppy - ok
23:05:36.0578 3828 Simbad - ok
23:05:36.0593 3828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
23:05:36.0703 3828 SLIP - ok
23:05:36.0718 3828 Sparrow - ok
23:05:36.0734 3828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
23:05:36.0843 3828 splitter - ok
23:05:36.0875 3828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
23:05:37.0000 3828 sr - ok
23:05:37.0031 3828 Srv (89220b427890aa1dffd1a02648ae51c3) H:\WINDOWS\system32\DRIVERS\srv.sys
23:05:37.0078 3828 Srv - ok
23:05:37.0171 3828 STHDA (797fcc1d859b203958e915bb82528da9) H:\WINDOWS\system32\drivers\sthda.sys
23:05:37.0265 3828 STHDA - ok
23:05:37.0296 3828 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:05:37.0406 3828 streamip - ok
23:05:37.0437 3828 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
23:05:37.0546 3828 swenum - ok
23:05:37.0578 3828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
23:05:37.0703 3828 swmidi - ok
23:05:37.0703 3828 symc810 - ok
23:05:37.0718 3828 symc8xx - ok
23:05:37.0718 3828 sym_hi - ok
23:05:37.0734 3828 sym_u3 - ok
23:05:37.0765 3828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
23:05:37.0875 3828 sysaudio - ok
23:05:37.0921 3828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
23:05:38.0015 3828 Tcpip - ok
23:05:38.0046 3828 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
23:05:38.0171 3828 TDPIPE - ok
23:05:38.0187 3828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
23:05:38.0312 3828 TDTCP - ok
23:05:38.0328 3828 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
23:05:38.0453 3828 TermDD - ok
23:05:38.0453 3828 TosIde - ok
23:05:38.0484 3828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
23:05:38.0625 3828 Udfs - ok
23:05:38.0640 3828 ultra - ok
23:05:38.0656 3828 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
23:05:38.0796 3828 Update - ok
23:05:38.0859 3828 USBAAPL (83cafcb53201bbac04d822f32438e244) H:\WINDOWS\system32\Drivers\usbaapl.sys
23:05:38.0937 3828 USBAAPL - ok
23:05:38.0968 3828 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
23:05:39.0109 3828 usbaudio - ok
23:05:39.0140 3828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:05:39.0250 3828 usbccgp - ok
23:05:39.0296 3828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
23:05:39.0421 3828 usbehci - ok
23:05:39.0437 3828 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
23:05:39.0562 3828 usbhub - ok
23:05:39.0578 3828 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
23:05:39.0718 3828 usbprint - ok
23:05:39.0750 3828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
23:05:39.0859 3828 usbscan - ok
23:05:39.0859 3828 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:05:39.0984 3828 usbstor - ok
23:05:40.0015 3828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:05:40.0125 3828 usbuhci - ok
23:05:40.0156 3828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) H:\WINDOWS\system32\Drivers\usbvideo.sys
23:05:40.0265 3828 usbvideo - ok
23:05:40.0281 3828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
23:05:40.0406 3828 VgaSave - ok
23:05:40.0421 3828 ViaIde - ok
23:05:40.0437 3828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
23:05:40.0562 3828 VolSnap - ok
23:05:40.0578 3828 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
23:05:40.0703 3828 Wanarp - ok
23:05:40.0703 3828 WDICA - ok
23:05:40.0718 3828 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
23:05:40.0843 3828 wdmaud - ok
23:05:40.0890 3828 winachsf (f59ed5a43b988a18ef582bb07b2327a7) H:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:05:40.0921 3828 winachsf - ok
23:05:40.0968 3828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:05:41.0093 3828 WSTCODEC - ok
23:05:41.0140 3828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:05:41.0359 3828 \Device\Harddisk0\DR0 - ok
23:05:41.0359 3828 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR10
23:05:42.0312 3828 \Device\Harddisk5\DR10 - ok
23:05:42.0312 3828 Boot (0x1200) (588b7c6c91b3f09fc11a492b79ae6e4c) \Device\Harddisk0\DR0\Partition0
23:05:42.0312 3828 \Device\Harddisk0\DR0\Partition0 - ok
23:05:42.0328 3828 Boot (0x1200) (1892347fdcaff8674ad7ab22024dc059) \Device\Harddisk5\DR10\Partition0
23:05:42.0328 3828 \Device\Harddisk5\DR10\Partition0 - ok
23:05:42.0328 3828 ============================================================
23:05:42.0328 3828 Scan finished
23:05:42.0328 3828 ============================================================
23:05:42.0437 3820 Detected object count: 2
23:05:42.0437 3820 Actual detected object count: 2
23:06:54.0484 3820 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:54.0484 3820 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:54.0484 3820 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:54.0484 3820 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Attached Files


Edited by Noviciate, 26 March 2012 - 02:34 PM.
Added log from attachment.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 26 March 2012 - 02:36 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • When prompted "Would you like to download latest Avast! virus definitions?" click No .
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully" click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#5 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 26 March 2012 - 03:40 PM

ASW log attached.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 21:29:24
-----------------------------
21:29:24.937 OS Version: Windows 5.1.2600 Service Pack 3
21:29:24.937 Number of processors: 2 586 0x407
21:29:24.937 ComputerName: DELL-369FDB885F UserName: dell
21:29:25.390 Initialize success
21:29:39.828 AVAST engine defs: 12032302
21:29:41.781 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:29:41.781 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
21:29:41.781 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS ba499f26
21:29:41.812 Disk 1 MBR read successfully
21:29:41.812 Disk 1 MBR scan
21:29:41.875 Disk 1 Windows XP default MBR code
21:29:41.875 Disk 1 MBR hidden
21:29:41.875 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
21:29:41.921 Disk 1 scanning H:\WINDOWS\system32\drivers
21:29:51.781 Service scanning
21:30:04.843 Modules scanning
21:30:07.625 Disk 1 trace - called modules:
21:30:07.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
21:30:07.640 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8aa8d030]
21:30:08.250 AVAST engine scan H:\WINDOWS
21:30:21.687 AVAST engine scan H:\WINDOWS\system32
21:32:29.281 AVAST engine scan H:\WINDOWS\system32\drivers
21:32:47.890 AVAST engine scan H:\Documents and Settings\dell
21:35:35.343 AVAST engine scan H:\Documents and Settings\All Users
21:35:43.828 Scan finished successfully
21:37:59.218 Disk 1 MBR has been saved successfully to "I:\MBR.dat"
21:37:59.234 The log file has been saved successfully to "I:\aswMBR.txt"

Attached Files


Edited by Noviciate, 26 March 2012 - 05:29 PM.
Added log from attachment


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 26 March 2012 - 05:31 PM

Unless I specifically state that I want something attached will you simply paste it into your reply - it makes it more difficult to read as an attachment.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

So long, and thanks for all the fish.

 

 


#7 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 26 March 2012 - 05:47 PM

Hi Noviciate, sorry about attaching the logs previously, will ensure all are embedded from now on.
I couldn't see an 'Include All Files' option to check - have I downloaded an incorrect version? I checked all the boxes available though, and here follows the log:

Farbar Service Scanner Version: 01-03-2012
Ran by dell (administrator) on 26-03-2012 at 23:44:16
Running from "H:\Documents and Settings\dell\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
H:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
H:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
H:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
H:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
H:\WINDOWS\system32\netman.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\srsvc.dll => MD5 is legit
H:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
H:\WINDOWS\system32\wscsvc.dll => MD5 is legit
H:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
H:\WINDOWS\system32\wuauserv.dll => MD5 is legit
H:\WINDOWS\system32\qmgr.dll => MD5 is legit
H:\WINDOWS\system32\es.dll => MD5 is legit
H:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
H:\WINDOWS\system32\svchost.exe => MD5 is legit
H:\WINDOWS\system32\rpcss.dll => MD5 is legit
H:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 27 March 2012 - 02:58 PM

Good evening. :)

I couldn't see an 'Include All Files' option to check - have I downloaded an incorrect version? I checked all the boxes available though, and here follows the log:

I guess Farbar has updated the interface since I last used the tool. I'd have checked all the boxes if i'd known about them, so good call there.

Have you actually tried to put the PC in question online?

So long, and thanks for all the fish.

 

 


#9 MarcLodge

MarcLodge
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 27 March 2012 - 03:06 PM

Evening Noviciate,
When I first looked at the machine, it connected to the net ok abd did some windows updates, and seemed to browse ok, but admitedly, I didn't do much with it. It still won't run Malwarebytes and I'm just not sure why.

Why I ran TDSSKiller earlier, with the changed parameters, it found two suspicious files which the default action was to ignore. One of them I think was the graphics card, but I didn't recognise the other. Was it OK to leave it?

Should I try another malware software, maybe superantispyware and see if that runs ok do you think?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 27 March 2012 - 03:16 PM

Was it OK to leave it?

I'd say so.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, let's try to "get on the same page" as it were. I took "Hi, a friend has asked me to look at a machine which according to her 'when I go onto the internet, does not work" to mean that there was an issue with internet access, which it seems is not the case.
Apart from the MBAM issue, are there any other problems with the machine that you are aware of?

So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:25 PM

Posted 02 April 2012 - 01:52 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users