Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Infection?


  • This topic is locked This topic is locked
7 replies to this topic

#1 THtweey

THtweey

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:11:35 PM

Posted 27 March 2012 - 07:44 PM

I am almost certain that I am infected with something. I am running on a gateway under windows xp professional. Something is taking about 90% of my memoery and my pc is at a crawl. I tried to update super and my antivirus (avast) to run a scan and I could not get anything to update at all. My virus scan has now been completely disabled and when I try to re-enable it it does nothing. I can't get superantispyware to launch at all to run period. Also, none of the online scanners will run on my pc either. I am running in safe mode at the moment because for some reason I can get online a bit faster this way. I was able to run malwarebytes (took forever to load, but finally did)and here is that log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Tammy :: TAMMY-B259C05FD [administrator]

Protection: Disabled

3/27/2012 3:41:48 PM
mbam-log-2012-03-27 (15-41-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192415
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Tammy\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

I also downloaded and scanned with TDSSKiller and here is that log:

18:55:41.0244 1884 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:55:42.0536 1884 ============================================================
18:55:42.0536 1884 Current date / time: 2012/03/27 18:55:42.0536
18:55:42.0536 1884 SystemInfo:
18:55:42.0536 1884
18:55:42.0536 1884 OS Version: 5.1.2600 ServicePack: 3.0
18:55:42.0536 1884 Product type: Workstation
18:55:42.0536 1884 ComputerName: TAMMY-B259C05FD
18:55:42.0546 1884 UserName: Tammy
18:55:42.0546 1884 Windows directory: C:\WINDOWS
18:55:42.0546 1884 System windows directory: C:\WINDOWS
18:55:42.0566 1884 Processor architecture: Intel x86
18:55:42.0566 1884 Number of processors: 1
18:55:42.0566 1884 Page size: 0x1000
18:55:42.0566 1884 Boot type: Safe boot with network
18:55:42.0566 1884 ============================================================
18:55:52.0841 1884 Drive \Device\Harddisk0\DR0 - Size: 0x330A98000 (12.76 Gb), SectorSize: 0x200, Cylinders: 0x681, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:55:52.0901 1884 \Device\Harddisk0\DR0:
18:55:52.0901 1884 MBR used
18:55:52.0901 1884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1982502
18:55:53.0011 1884 Initialize success
18:55:53.0011 1884 ============================================================
18:56:11.0448 1812 ============================================================
18:56:11.0448 1812 Scan started
18:56:11.0448 1812 Mode: Manual;
18:56:11.0448 1812 ============================================================
18:56:13.0731 1812 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:56:13.0761 1812 !SASCORE - ok
18:56:14.0011 1812 Abiosdsk - ok
18:56:14.0232 1812 abp480n5 - ok
18:56:14.0462 1812 ACPI - ok
18:56:14.0672 1812 ACPIEC - ok
18:56:15.0594 1812 adpu160m - ok
18:56:16.0024 1812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:56:16.0064 1812 aec - ok
18:56:16.0315 1812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:56:16.0335 1812 AFD - ok
18:56:16.0655 1812 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:56:16.0665 1812 agp440 - ok
18:56:16.0896 1812 Aha154x - ok
18:56:17.0126 1812 aic78u2 - ok
18:56:17.0326 1812 aic78xx - ok
18:56:17.0627 1812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:56:17.0647 1812 Alerter - ok
18:56:17.0907 1812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:56:17.0917 1812 ALG - ok
18:56:18.0127 1812 AliIde - ok
18:56:18.0247 1812 amsint - ok
18:56:18.0498 1812 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:56:18.0538 1812 AppMgmt - ok
18:56:18.0798 1812 asc - ok
18:56:18.0989 1812 asc3350p - ok
18:56:19.0209 1812 asc3550 - ok
18:56:19.0409 1812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:56:19.0409 1812 AsyncMac - ok
18:56:19.0720 1812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:56:19.0730 1812 atapi - ok
18:56:20.0491 1812 Atdisk - ok
18:56:20.0761 1812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:56:20.0761 1812 Atmarpc - ok
18:56:21.0031 1812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:56:21.0031 1812 AudioSrv - ok
18:56:21.0322 1812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:56:21.0322 1812 audstub - ok
18:56:21.0632 1812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:56:21.0642 1812 Beep - ok
18:56:21.0933 1812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:56:22.0173 1812 BITS - ok
18:56:22.0423 1812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:56:22.0433 1812 Browser - ok
18:56:22.0724 1812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:56:22.0724 1812 cbidf2k - ok
18:56:22.0954 1812 cd20xrnt - ok
18:56:23.0134 1812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:56:23.0134 1812 Cdaudio - ok
18:56:23.0385 1812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:56:23.0395 1812 Cdfs - ok
18:56:23.0695 1812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:56:23.0705 1812 Cdrom - ok
18:56:23.0926 1812 cerc6 - ok
18:56:24.0116 1812 Changer - ok
18:56:24.0366 1812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:56:24.0366 1812 CiSvc - ok
18:56:24.0647 1812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:56:24.0657 1812 ClipSrv - ok
18:56:24.0897 1812 CmdIde - ok
18:56:25.0107 1812 COMSysApp - ok
18:56:25.0468 1812 Cpqarray - ok
18:56:25.0698 1812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:56:25.0708 1812 CryptSvc - ok
18:56:25.0939 1812 dac2w2k - ok
18:56:26.0159 1812 dac960nt - ok
18:56:26.0419 1812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:56:26.0569 1812 DcomLaunch - ok
18:56:26.0810 1812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:56:26.0830 1812 Dhcp - ok
18:56:27.0070 1812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:27.0080 1812 Disk - ok
18:56:27.0230 1812 dmadmin - ok
18:56:27.0661 1812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:56:27.0751 1812 dmboot - ok
18:56:28.0072 1812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:56:28.0132 1812 dmio - ok
18:56:28.0322 1812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:56:28.0332 1812 dmload - ok
18:56:28.0622 1812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:56:28.0622 1812 dmserver - ok
18:56:28.0923 1812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:56:28.0933 1812 DMusic - ok
18:56:29.0093 1812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:56:29.0103 1812 Dnscache - ok
18:56:29.0383 1812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:56:29.0403 1812 Dot3svc - ok
18:56:29.0614 1812 dpti2o - ok
18:56:30.0034 1812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:30.0044 1812 drmkaud - ok
18:56:30.0365 1812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:56:30.0375 1812 EapHost - ok
18:56:30.0635 1812 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:56:30.0645 1812 EL90XBC - ok
18:56:30.0966 1812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:56:30.0976 1812 ERSvc - ok
18:56:31.0206 1812 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
18:56:31.0216 1812 es1371 - ok
18:56:31.0426 1812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:56:31.0527 1812 Eventlog - ok
18:56:32.0087 1812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:56:32.0127 1812 EventSystem - ok
18:56:32.0408 1812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:32.0438 1812 Fastfat - ok
18:56:32.0708 1812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:56:32.0768 1812 FastUserSwitchingCompatibility - ok
18:56:33.0049 1812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:56:33.0049 1812 Fdc - ok
18:56:33.0319 1812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:56:33.0329 1812 Fips - ok
18:56:33.0620 1812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:56:33.0630 1812 Flpydisk - ok
18:56:33.0880 1812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:56:33.0900 1812 FltMgr - ok
18:56:34.0120 1812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:34.0120 1812 Fs_Rec - ok
18:56:34.0401 1812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:34.0411 1812 Ftdisk - ok
18:56:34.0661 1812 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:56:34.0661 1812 gameenum - ok
18:56:34.0931 1812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:34.0961 1812 Gpc - ok
18:56:35.0182 1812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:56:35.0202 1812 helpsvc - ok
18:56:35.0362 1812 HidServ - ok
18:56:35.0652 1812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:56:35.0723 1812 hkmsvc - ok
18:56:35.0963 1812 hpn - ok
18:56:36.0213 1812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:36.0273 1812 HTTP - ok
18:56:36.0514 1812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:56:36.0584 1812 HTTPFilter - ok
18:56:36.0844 1812 i2omgmt - ok
18:56:37.0075 1812 i2omp - ok
18:56:37.0285 1812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:37.0295 1812 i8042prt - ok
18:56:37.0635 1812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:37.0645 1812 Imapi - ok
18:56:37.0916 1812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:56:37.0956 1812 ImapiService - ok
18:56:38.0226 1812 ini910u - ok
18:56:38.0517 1812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:56:38.0537 1812 IntelIde - ok
18:56:38.0987 1812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:56:38.0987 1812 Ip6Fw - ok
18:56:39.0238 1812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:39.0248 1812 IpFilterDriver - ok
18:56:39.0438 1812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:39.0448 1812 IpInIp - ok
18:56:39.0708 1812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:39.0728 1812 IpNat - ok
18:56:40.0049 1812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:40.0059 1812 IPSec - ok
18:56:40.0289 1812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:40.0289 1812 IRENUM - ok
18:56:40.0590 1812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:40.0600 1812 isapnp - ok
18:56:40.0900 1812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:40.0910 1812 Kbdclass - ok
18:56:41.0180 1812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:56:41.0200 1812 kmixer - ok
18:56:41.0451 1812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:41.0461 1812 KSecDD - ok
18:56:41.0661 1812 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:56:41.0681 1812 LanmanServer - ok
18:56:41.0942 1812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:56:42.0002 1812 lanmanworkstation - ok
18:56:42.0202 1812 lbrtfdc - ok
18:56:42.0542 1812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:56:42.0552 1812 LmHosts - ok
18:56:42.0873 1812 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:56:42.0953 1812 ltmodem5 - ok
18:56:43.0153 1812 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:56:43.0173 1812 MBAMProtector - ok
18:56:43.0384 1812 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:56:43.0614 1812 MBAMService - ok
18:56:43.0844 1812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:56:43.0854 1812 Messenger - ok
18:56:44.0135 1812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:56:44.0145 1812 mnmdd - ok
18:56:44.0425 1812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:56:44.0445 1812 mnmsrvc - ok
18:56:44.0695 1812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:56:44.0705 1812 Modem - ok
18:56:45.0006 1812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:56:45.0016 1812 MODEMCSA - ok
18:56:45.0216 1812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:56:45.0256 1812 Mouclass - ok
18:56:45.0447 1812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:56:45.0467 1812 MountMgr - ok
18:56:45.0677 1812 mraid35x - ok
18:56:45.0927 1812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:56:45.0947 1812 MRxDAV - ok
18:56:46.0248 1812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:56:46.0298 1812 MRxSmb - ok
18:56:46.0528 1812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:56:46.0538 1812 MSDTC - ok
18:56:46.0829 1812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:56:46.0829 1812 Msfs - ok
18:56:47.0059 1812 MSIServer - ok
18:56:47.0269 1812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:56:47.0279 1812 MSKSSRV - ok
18:56:47.0510 1812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:56:47.0540 1812 MSPCLOCK - ok
18:56:47.0770 1812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:56:47.0780 1812 MSPQM - ok
18:56:48.0050 1812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:56:48.0060 1812 mssmbios - ok
18:56:48.0361 1812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:56:48.0421 1812 Mup - ok
18:56:48.0671 1812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:56:48.0751 1812 napagent - ok
18:56:49.0282 1812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:56:49.0352 1812 NDIS - ok
18:56:49.0593 1812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:56:49.0643 1812 NdisTapi - ok
18:56:49.0873 1812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:56:49.0873 1812 Ndisuio - ok
18:56:50.0073 1812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:56:50.0083 1812 NdisWan - ok
18:56:50.0324 1812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:56:50.0324 1812 NDProxy - ok
18:56:50.0594 1812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:56:50.0604 1812 NetBIOS - ok
18:56:50.0894 1812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:56:50.0914 1812 NetBT - ok
18:56:51.0155 1812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:56:51.0175 1812 NetDDE - ok
18:56:51.0275 1812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:56:51.0295 1812 NetDDEdsdm - ok
18:56:51.0565 1812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:56:51.0575 1812 Netlogon - ok
18:56:51.0896 1812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:56:51.0956 1812 Netman - ok
18:56:52.0186 1812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:56:52.0256 1812 Nla - ok
18:56:52.0527 1812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:56:52.0537 1812 Npfs - ok
18:56:52.0777 1812 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
18:56:52.0827 1812 NtApm - ok
18:56:53.0148 1812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:56:53.0238 1812 Ntfs - ok
18:56:53.0428 1812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:56:53.0438 1812 NtLmSsp - ok
18:56:53.0668 1812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:56:53.0779 1812 NtmsSvc - ok
18:56:54.0039 1812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:56:54.0039 1812 Null - ok
18:56:54.0299 1812 nv3 (fd6d989ad4f14447bc634aa2eba4d169) C:\WINDOWS\system32\DRIVERS\nv3.sys
18:56:54.0349 1812 nv3 - ok
18:56:54.0660 1812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:56:54.0700 1812 NwlnkFlt - ok
18:56:54.0940 1812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:56:54.0950 1812 NwlnkFwd - ok
18:56:55.0161 1812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:56:55.0261 1812 Parport - ok
18:56:55.0471 1812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:56:55.0481 1812 PartMgr - ok
18:56:55.0701 1812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:56:55.0711 1812 ParVdm - ok
18:56:55.0972 1812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:56:55.0982 1812 PCI - ok
18:56:56.0182 1812 PCIDump - ok
18:56:56.0392 1812 PCIIde - ok
18:56:56.0643 1812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:56:56.0663 1812 Pcmcia - ok
18:56:56.0893 1812 PDCOMP - ok
18:56:57.0033 1812 PDFRAME - ok
18:56:57.0264 1812 PDRELI - ok
18:56:57.0434 1812 PDRFRAME - ok
18:56:57.0634 1812 perc2 - ok
18:56:57.0844 1812 perc2hib - ok
18:56:58.0335 1812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:56:58.0345 1812 PlugPlay - ok
18:56:58.0615 1812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:56:58.0626 1812 PolicyAgent - ok
18:56:58.0886 1812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:56:58.0896 1812 PptpMiniport - ok
18:56:59.0126 1812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:56:59.0136 1812 ProtectedStorage - ok
18:56:59.0407 1812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:56:59.0417 1812 PSched - ok
18:56:59.0667 1812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:56:59.0667 1812 Ptilink - ok
18:56:59.0837 1812 ql1080 - ok
18:57:00.0078 1812 Ql10wnt - ok
18:57:00.0258 1812 ql12160 - ok
18:57:00.0468 1812 ql1240 - ok
18:57:00.0648 1812 ql1280 - ok
18:57:00.0919 1812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:00.0929 1812 RasAcd - ok
18:57:01.0139 1812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:57:01.0179 1812 RasAuto - ok
18:57:01.0480 1812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:01.0480 1812 Rasl2tp - ok
18:57:01.0720 1812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:57:01.0750 1812 RasMan - ok
18:57:02.0070 1812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:02.0070 1812 RasPppoe - ok
18:57:02.0271 1812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:02.0301 1812 Raspti - ok
18:57:02.0591 1812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:02.0611 1812 Rdbss - ok
18:57:02.0852 1812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:02.0852 1812 RDPCDD - ok
18:57:03.0172 1812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:03.0222 1812 rdpdr - ok
18:57:03.0543 1812 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:03.0563 1812 RDPWD - ok
18:57:03.0783 1812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:57:03.0823 1812 RDSessMgr - ok
18:57:04.0043 1812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:04.0103 1812 redbook - ok
18:57:04.0364 1812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:57:04.0374 1812 RemoteAccess - ok
18:57:04.0634 1812 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:57:04.0654 1812 RemoteRegistry - ok
18:57:04.0844 1812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:57:04.0905 1812 RpcLocator - ok
18:57:05.0245 1812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:57:05.0275 1812 RpcSs - ok
18:57:05.0565 1812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:57:05.0596 1812 RSVP - ok
18:57:05.0856 1812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:05.0866 1812 SamSs - ok
18:57:06.0076 1812 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:57:06.0076 1812 SASDIFSV - ok
18:57:06.0166 1812 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:57:06.0176 1812 SASKUTIL - ok
18:57:06.0457 1812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:57:06.0477 1812 SCardSvr - ok
18:57:06.0717 1812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:57:06.0747 1812 Schedule - ok
18:57:07.0188 1812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:07.0218 1812 Secdrv - ok
18:57:07.0418 1812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:57:07.0428 1812 seclogon - ok
18:57:07.0659 1812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:57:07.0669 1812 SENS - ok
18:57:07.0959 1812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:07.0979 1812 serenum - ok
18:57:08.0249 1812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:08.0259 1812 Serial - ok
18:57:08.0530 1812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:57:08.0540 1812 Sfloppy - ok
18:57:08.0890 1812 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:57:08.0950 1812 SharedAccess - ok
18:57:09.0161 1812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:57:09.0181 1812 ShellHWDetection - ok
18:57:09.0451 1812 Simbad - ok
18:57:09.0711 1812 Sparrow - ok
18:57:09.0992 1812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:57:09.0992 1812 splitter - ok
18:57:10.0232 1812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:57:10.0242 1812 Spooler - ok
18:57:10.0523 1812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:10.0533 1812 sr - ok
18:57:10.0773 1812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:57:10.0823 1812 srservice - ok
18:57:11.0234 1812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:11.0424 1812 Srv - ok
18:57:11.0574 1812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:57:11.0634 1812 SSDPSRV - ok
18:57:11.0905 1812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:57:12.0015 1812 stisvc - ok
18:57:12.0265 1812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:12.0265 1812 swenum - ok
18:57:12.0495 1812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:57:12.0505 1812 swmidi - ok
18:57:12.0686 1812 SwPrv - ok
18:57:12.0876 1812 symc810 - ok
18:57:13.0086 1812 symc8xx - ok
18:57:13.0277 1812 sym_hi - ok
18:57:13.0417 1812 sym_u3 - ok
18:57:13.0637 1812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:13.0647 1812 sysaudio - ok
18:57:13.0867 1812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:57:13.0887 1812 SysmonLog - ok
18:57:14.0108 1812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:57:14.0188 1812 TapiSrv - ok
18:57:14.0498 1812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:14.0578 1812 Tcpip - ok
18:57:14.0869 1812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:14.0879 1812 TDPIPE - ok
18:57:15.0169 1812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:15.0169 1812 TDTCP - ok
18:57:15.0420 1812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:15.0430 1812 TermDD - ok
18:57:15.0760 1812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:57:15.0820 1812 TermService - ok
18:57:16.0071 1812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:57:16.0081 1812 Themes - ok
18:57:16.0271 1812 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:57:16.0301 1812 TlntSvr - ok
18:57:16.0531 1812 TosIde - ok
18:57:16.0772 1812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:57:16.0792 1812 TrkWks - ok
18:57:17.0182 1812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:17.0192 1812 Udfs - ok
18:57:17.0413 1812 ultra - ok
18:57:17.0803 1812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:17.0933 1812 Update - ok
18:57:18.0174 1812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:57:18.0244 1812 upnphost - ok
18:57:18.0534 1812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:57:18.0554 1812 UPS - ok
18:57:18.0774 1812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:18.0785 1812 usbhub - ok
18:57:19.0145 1812 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:19.0155 1812 usbstor - ok
18:57:19.0415 1812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:57:19.0435 1812 usbuhci - ok
18:57:19.0726 1812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:57:19.0736 1812 VgaSave - ok
18:57:19.0936 1812 ViaIde - ok
18:57:20.0197 1812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:20.0217 1812 VolSnap - ok
18:57:20.0497 1812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:57:20.0587 1812 VSS - ok
18:57:20.0787 1812 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:57:20.0847 1812 W32Time - ok
18:57:21.0208 1812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:21.0208 1812 Wanarp - ok
18:57:21.0488 1812 WDICA - ok
18:57:21.0749 1812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:21.0759 1812 wdmaud - ok
18:57:22.0009 1812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:57:22.0029 1812 WebClient - ok
18:57:22.0270 1812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:57:22.0380 1812 winmgmt - ok
18:57:22.0760 1812 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
18:57:22.0770 1812 WmdmPmSN - ok
18:57:23.0051 1812 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:57:23.0151 1812 Wmi - ok
18:57:23.0411 1812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:57:23.0451 1812 WmiApSrv - ok
18:57:23.0672 1812 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:57:23.0862 1812 WMPNetworkSvc - ok
18:57:24.0112 1812 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:57:24.0142 1812 wscsvc - ok
18:57:24.0342 1812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:57:24.0393 1812 wuauserv - ok
18:57:24.0683 1812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:24.0693 1812 WudfPf - ok
18:57:25.0144 1812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:25.0154 1812 WudfRd - ok
18:57:25.0374 1812 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:57:25.0394 1812 WudfSvc - ok
18:57:25.0694 1812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:57:25.0835 1812 WZCSVC - ok
18:57:26.0095 1812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:57:26.0125 1812 xmlprov - ok
18:57:26.0295 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:57:26.0546 1812 \Device\Harddisk0\DR0 - ok
18:57:26.0656 1812 Boot (0x1200) (60e9bd8eb0c57e4bb9c75ff2b4a8e196) \Device\Harddisk0\DR0\Partition0
18:57:26.0656 1812 \Device\Harddisk0\DR0\Partition0 - ok
18:57:26.0716 1812 ============================================================
18:57:26.0716 1812 Scan finished
18:57:26.0716 1812 ============================================================
18:57:26.0876 1896 Detected object count: 0
18:57:26.0876 1896 Actual detected object count: 0
18:57:50.0560 1396 ============================================================
18:57:50.0560 1396 Scan started
18:57:50.0560 1396 Mode: Manual; SigCheck; TDLFS;
18:57:50.0560 1396 ============================================================
18:57:50.0770 1396 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:57:52.0663 1396 !SASCORE - ok
18:57:52.0823 1396 Abiosdsk - ok
18:57:53.0044 1396 abp480n5 - ok
18:57:53.0284 1396 ACPI - ok
18:57:53.0434 1396 ACPIEC - ok
18:57:53.0635 1396 adpu160m - ok
18:57:53.0875 1396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:57:59.0253 1396 aec - ok
18:57:59.0553 1396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:57:59.0934 1396 AFD - ok
18:58:00.0204 1396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:58:01.0246 1396 agp440 - ok
18:58:01.0476 1396 Aha154x - ok
18:58:01.0756 1396 aic78u2 - ok
18:58:01.0937 1396 aic78xx - ok
18:58:02.0167 1396 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:58:03.0278 1396 Alerter - ok
18:58:03.0499 1396 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:58:04.0660 1396 ALG - ok
18:58:04.0881 1396 AliIde - ok
18:58:05.0061 1396 amsint - ok
18:58:05.0321 1396 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:58:06.0453 1396 AppMgmt - ok
18:58:06.0733 1396 asc - ok
18:58:06.0914 1396 asc3350p - ok
18:58:07.0114 1396 asc3550 - ok
18:58:07.0384 1396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:58:08.0506 1396 AsyncMac - ok
18:58:08.0766 1396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:58:09.0998 1396 atapi - ok
18:58:10.0198 1396 Atdisk - ok
18:58:10.0399 1396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:58:11.0671 1396 Atmarpc - ok
18:58:11.0941 1396 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:58:13.0163 1396 AudioSrv - ok
18:58:13.0393 1396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:58:14.0655 1396 audstub - ok
18:58:14.0935 1396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:58:16.0117 1396 Beep - ok
18:58:16.0417 1396 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:58:17.0829 1396 BITS - ok
18:58:18.0070 1396 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:58:19.0342 1396 Browser - ok
18:58:19.0542 1396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:58:20.0754 1396 cbidf2k - ok
18:58:20.0964 1396 cd20xrnt - ok
18:58:21.0204 1396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:58:22.0426 1396 Cdaudio - ok
18:58:22.0676 1396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:58:23.0908 1396 Cdfs - ok
18:58:24.0209 1396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:58:25.0490 1396 Cdrom - ok
18:58:25.0751 1396 cerc6 - ok
18:58:25.0971 1396 Changer - ok
18:58:26.0171 1396 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:58:27.0463 1396 CiSvc - ok
18:58:27.0724 1396 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:58:28.0935 1396 ClipSrv - ok
18:58:29.0186 1396 CmdIde - ok
18:58:29.0406 1396 COMSysApp - ok
18:58:29.0757 1396 Cpqarray - ok
18:58:29.0947 1396 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:58:31.0209 1396 CryptSvc - ok
18:58:31.0409 1396 dac2w2k - ok
18:58:31.0579 1396 dac960nt - ok
18:58:31.0870 1396 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:58:32.0150 1396 DcomLaunch - ok
18:58:32.0400 1396 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:58:33.0602 1396 Dhcp - ok
18:58:33.0842 1396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:58:35.0144 1396 Disk - ok
18:58:35.0335 1396 dmadmin - ok
18:58:35.0635 1396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:58:37.0117 1396 dmboot - ok
18:58:37.0398 1396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:58:38.0699 1396 dmio - ok
18:58:38.0960 1396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:58:40.0212 1396 dmload - ok
18:58:40.0422 1396 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:58:41.0704 1396 dmserver - ok
18:58:41.0914 1396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:58:43.0176 1396 DMusic - ok
18:58:43.0376 1396 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:58:43.0556 1396 Dnscache - ok
18:58:43.0757 1396 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:58:45.0039 1396 Dot3svc - ok
18:58:45.0299 1396 dpti2o - ok
18:58:45.0519 1396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:58:46.0771 1396 drmkaud - ok
18:58:46.0991 1396 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:58:48.0323 1396 EapHost - ok
18:58:48.0604 1396 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:58:49.0855 1396 EL90XBC - ok
18:58:50.0016 1396 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:58:51.0257 1396 ERSvc - ok
18:58:51.0528 1396 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
18:58:52.0730 1396 es1371 - ok
18:58:53.0000 1396 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:58:53.0150 1396 Eventlog - ok
18:58:53.0401 1396 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:58:53.0591 1396 EventSystem - ok
18:58:53.0831 1396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:58:55.0053 1396 Fastfat - ok
18:58:55.0363 1396 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:58:55.0564 1396 FastUserSwitchingCompatibility - ok
18:58:55.0784 1396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:58:57.0086 1396 Fdc - ok
18:58:57.0316 1396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:58:58.0578 1396 Fips - ok
18:58:58.0778 1396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:59:00.0040 1396 Flpydisk - ok
18:59:00.0300 1396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:59:01.0542 1396 FltMgr - ok
18:59:01.0773 1396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:59:03.0034 1396 Fs_Rec - ok
18:59:03.0305 1396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:59:04.0567 1396 Ftdisk - ok
18:59:04.0827 1396 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:59:05.0999 1396 gameenum - ok
18:59:06.0219 1396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:59:07.0461 1396 Gpc - ok
18:59:07.0681 1396 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:59:08.0923 1396 helpsvc - ok
18:59:09.0153 1396 HidServ - ok
18:59:09.0464 1396 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:59:10.0715 1396 hkmsvc - ok
18:59:10.0896 1396 hpn - ok
18:59:11.0196 1396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:59:11.0416 1396 HTTP - ok
18:59:11.0667 1396 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:59:12.0798 1396 HTTPFilter - ok
18:59:13.0039 1396 i2omgmt - ok
18:59:13.0249 1396 i2omp - ok
18:59:13.0459 1396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:59:14.0721 1396 i8042prt - ok
18:59:14.0962 1396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:59:16.0213 1396 Imapi - ok
18:59:16.0454 1396 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:59:17.0746 1396 ImapiService - ok
18:59:17.0916 1396 ini910u - ok
18:59:18.0286 1396 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:59:19.0578 1396 IntelIde - ok
18:59:19.0788 1396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:59:21.0060 1396 Ip6Fw - ok
18:59:21.0351 1396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:59:22.0542 1396 IpFilterDriver - ok
18:59:22.0803 1396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:59:24.0015 1396 IpInIp - ok
18:59:24.0295 1396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:59:25.0527 1396 IpNat - ok
18:59:25.0777 1396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:59:27.0099 1396 IPSec - ok
18:59:27.0379 1396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:59:28.0521 1396 IRENUM - ok
18:59:28.0791 1396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:59:30.0023 1396 isapnp - ok
18:59:30.0274 1396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:59:31.0605 1396 Kbdclass - ok
18:59:32.0006 1396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:59:33.0338 1396 kmixer - ok
18:59:33.0588 1396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:59:33.0769 1396 KSecDD - ok
18:59:33.0909 1396 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:59:34.0069 1396 LanmanServer - ok
18:59:34.0319 1396 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:59:34.0530 1396 lanmanworkstation - ok
18:59:34.0660 1396 lbrtfdc - ok
18:59:34.0960 1396 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:59:36.0242 1396 LmHosts - ok
18:59:36.0613 1396 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:59:38.0045 1396 ltmodem5 - ok
18:59:38.0325 1396 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:59:39.0026 1396 MBAMProtector - ok
18:59:39.0267 1396 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:39.0637 1396 MBAMService - ok
18:59:39.0827 1396 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:59:41.0179 1396 Messenger - ok
18:59:44.0134 1396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:59:45.0275 1396 mnmdd - ok
18:59:46.0717 1396 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:59:47.0849 1396 mnmsrvc - ok
18:59:50.0743 1396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:59:51.0945 1396 Modem - ok
18:59:56.0361 1396 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:59:57.0563 1396 MODEMCSA - ok
18:59:58.0825 1396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:00:00.0026 1396 Mouclass - ok
19:00:00.0207 1396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:00:01.0358 1396 MountMgr - ok
19:00:01.0519 1396 mraid35x - ok
19:00:01.0719 1396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:00:02.0890 1396 MRxDAV - ok
19:00:03.0141 1396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:00:03.0441 1396 MRxSmb - ok
19:00:05.0304 1396 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:00:06.0626 1396 MSDTC - ok
19:00:08.0338 1396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:00:10.0031 1396 Msfs - ok
19:00:11.0152 1396 MSIServer - ok
19:00:11.0293 1396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:00:13.0005 1396 MSKSSRV - ok
19:00:13.0165 1396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:00:14.0317 1396 MSPCLOCK - ok
19:00:14.0477 1396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:00:16.0160 1396 MSPQM - ok
19:00:16.0660 1396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:00:18.0172 1396 mssmbios - ok
19:00:18.0383 1396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:00:18.0633 1396 Mup - ok
19:00:18.0833 1396 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:00:20.0596 1396 napagent - ok
19:00:20.0806 1396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:00:21.0988 1396 NDIS - ok
19:00:24.0942 1396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:00:25.0152 1396 NdisTapi - ok
19:00:32.0934 1396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:00:34.0536 1396 Ndisuio - ok
19:00:54.0965 1396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:00:56.0167 1396 NdisWan - ok
19:01:01.0314 1396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:01:01.0535 1396 NDProxy - ok
19:01:02.0196 1396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:01:03.0307 1396 NetBIOS - ok
19:01:03.0758 1396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:01:04.0900 1396 NetBT - ok
19:01:05.0110 1396 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:01:06.0222 1396 NetDDE - ok
19:01:06.0302 1396 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:01:07.0373 1396 NetDDEdsdm - ok
19:01:07.0604 1396 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:01:08.0705 1396 Netlogon - ok
19:01:10.0548 1396 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:01:11.0689 1396 Netman - ok
19:01:11.0890 1396 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:01:12.0090 1396 Nla - ok
19:01:12.0450 1396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:01:13.0492 1396 Npfs - ok
19:01:13.0672 1396 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
19:01:14.0213 1396 NtApm - ok
19:01:14.0483 1396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:01:15.0946 1396 Ntfs - ok
19:01:19.0501 1396 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:01:20.0813 1396 NtLmSsp - ok
19:01:22.0365 1396 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:01:23.0967 1396 NtmsSvc - ok
19:01:28.0053 1396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:01:29.0084 1396 Null - ok
19:01:29.0295 1396 nv3 (fd6d989ad4f14447bc634aa2eba4d169) C:\WINDOWS\system32\DRIVERS\nv3.sys
19:01:29.0735 1396 nv3 - ok
19:01:29.0936 1396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:01:31.0508 1396 NwlnkFlt - ok
19:01:31.0828 1396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:01:33.0290 1396 NwlnkFwd - ok
19:01:33.0631 1396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:01:35.0043 1396 Parport - ok
19:01:35.0253 1396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:01:36.0996 1396 PartMgr - ok
19:01:38.0027 1396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:01:40.0190 1396 ParVdm - ok
19:01:40.0371 1396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:01:42.0003 1396 PCI - ok
19:01:42.0183 1396 PCIDump - ok
19:01:42.0424 1396 PCIIde - ok
19:01:42.0974 1396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:01:44.0066 1396 Pcmcia - ok
19:01:44.0226 1396 PDCOMP - ok
19:01:44.0386 1396 PDFRAME - ok
19:01:44.0557 1396 PDRELI - ok
19:01:44.0687 1396 PDRFRAME - ok
19:01:44.0837 1396 perc2 - ok
19:01:44.0997 1396 perc2hib - ok
19:01:45.0198 1396 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:01:45.0418 1396 PlugPlay - ok
19:01:45.0608 1396 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:01:48.0002 1396 PolicyAgent - ok
19:01:48.0432 1396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:01:50.0185 1396 PptpMiniport - ok
19:01:50.0345 1396 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:01:51.0987 1396 ProtectedStorage - ok
19:01:52.0178 1396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:01:53.0419 1396 PSched - ok
19:01:55.0613 1396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:01:56.0894 1396 Ptilink - ok
19:01:59.0098 1396 ql1080 - ok
19:02:04.0405 1396 Ql10wnt - ok
19:02:05.0767 1396 ql12160 - ok
19:02:05.0907 1396 ql1240 - ok
19:02:06.0028 1396 ql1280 - ok
19:02:11.0596 1396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:25.0986 1396 RasAcd - ok
19:02:29.0301 1396 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:02:33.0547 1396 RasAuto - ok
19:02:35.0971 1396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:37.0553 1396 Rasl2tp - ok
19:02:41.0879 1396 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:02:43.0902 1396 RasMan - ok
19:02:44.0803 1396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:46.0396 1396 RasPppoe - ok
19:02:47.0437 1396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:48.0859 1396 Raspti - ok
19:02:49.0911 1396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:51.0523 1396 Rdbss - ok
19:02:52.0474 1396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:53.0856 1396 RDPCDD - ok
19:02:54.0097 1396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:56.0150 1396 rdpdr - ok
19:02:56.0720 1396 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:56.0961 1396 RDPWD - ok
19:02:57.0341 1396 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:02:58.0904 1396 RDSessMgr - ok
19:02:59.0154 1396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:03:00.0686 1396 redbook - ok
19:03:01.0137 1396 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:03:02.0589 1396 RemoteAccess - ok
19:03:02.0939 1396 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:03:04.0502 1396 RemoteRegistry - ok
19:03:05.0022 1396 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:03:06.0494 1396 RpcLocator - ok
19:03:07.0155 1396 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:03:07.0546 1396 RpcSs - ok
19:03:07.0917 1396 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:03:09.0409 1396 RSVP - ok
19:03:13.0344 1396 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:03:17.0941 1396 SamSs - ok
19:03:18.0882 1396 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:03:19.0924 1396 SASDIFSV - ok
19:03:20.0224 1396 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:03:20.0475 1396 SASKUTIL - ok
19:03:21.0696 1396 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:03:26.0814 1396 SCardSvr - ok
19:03:28.0005 1396 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:03:29.0488 1396 Schedule - ok
19:03:30.0870 1396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:03:32.0262 1396 Secdrv - ok
19:03:33.0363 1396 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:03:34.0595 1396 seclogon - ok
19:03:37.0149 1396 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:03:38.0330 1396 SENS - ok
19:03:39.0202 1396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:03:40.0614 1396 serenum - ok
19:03:42.0556 1396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:03:44.0008 1396 Serial - ok
19:03:48.0725 1396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:03:49.0827 1396 Sfloppy - ok
19:03:52.0981 1396 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:03:55.0004 1396 SharedAccess - ok
19:03:56.0456 1396 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:03:57.0017 1396 ShellHWDetection - ok
19:03:58.0009 1396 Simbad - ok
19:03:59.0411 1396 Sparrow - ok
19:04:00.0382 1396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:04:02.0906 1396 splitter - ok
19:04:03.0697 1396 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:04:04.0318 1396 Spooler - ok
19:04:04.0979 1396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:04:06.0811 1396 sr - ok
19:04:08.0514 1396 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:04:10.0757 1396 srservice - ok
19:04:11.0838 1396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:04:12.0600 1396 Srv - ok
19:04:13.0070 1396 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:04:15.0053 1396 SSDPSRV - ok
19:04:15.0654 1396 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:04:17.0607 1396 stisvc - ok
19:04:18.0488 1396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:04:20.0140 1396 swenum - ok
19:04:21.0582 1396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:04:23.0295 1396 swmidi - ok
19:04:23.0876 1396 SwPrv - ok
19:04:24.0747 1396 symc810 - ok
19:04:25.0148 1396 symc8xx - ok
19:04:26.0199 1396 sym_hi - ok
19:04:26.0740 1396 sym_u3 - ok
19:04:27.0331 1396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:04:29.0554 1396 sysaudio - ok
19:04:30.0195 1396 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:04:31.0627 1396 SysmonLog - ok
19:04:33.0209 1396 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:04:34.0671 1396 TapiSrv - ok
19:04:35.0533 1396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:04:36.0424 1396 Tcpip - ok
19:04:37.0135 1396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:04:38.0737 1396 TDPIPE - ok
19:04:39.0959 1396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:04:41.0351 1396 TDTCP - ok
19:04:42.0442 1396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:04:43.0734 1396 TermDD - ok
19:04:44.0025 1396 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:04:45.0547 1396 TermService - ok
19:04:46.0809 1396 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:04:46.0979 1396 Themes - ok
19:04:47.0179 1396 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:04:48.0972 1396 TlntSvr - ok
19:04:49.0433 1396 TosIde - ok
19:04:49.0913 1396 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:04:52.0217 1396 TrkWks - ok
19:04:52.0938 1396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:04:54.0990 1396 Udfs - ok
19:04:55.0471 1396 ultra - ok
19:04:56.0232 1396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:04:58.0596 1396 Update - ok
19:04:58.0876 1396 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:05:01.0029 1396 upnphost - ok
19:05:01.0850 1396 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:05:03.0573 1396 UPS - ok
19:05:04.0454 1396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:06.0828 1396 usbhub - ok
19:05:07.0158 1396 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:09.0702 1396 usbstor - ok
19:05:09.0972 1396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:12.0055 1396 usbuhci - ok
19:05:12.0285 1396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:13.0647 1396 VgaSave - ok
19:05:13.0838 1396 ViaIde - ok
19:05:13.0988 1396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:15.0620 1396 VolSnap - ok
19:05:16.0171 1396 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:05:18.0414 1396 VSS - ok
19:05:18.0995 1396 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:05:21.0559 1396 W32Time - ok
19:05:22.0410 1396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:24.0233 1396 Wanarp - ok
19:05:24.0423 1396 WDICA - ok
19:05:24.0633 1396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:26.0155 1396 wdmaud - ok
19:05:26.0616 1396 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:05:28.0018 1396 WebClient - ok
19:05:28.0258 1396 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:29.0510 1396 winmgmt - ok
19:05:29.0740 1396 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:05:30.0031 1396 WmdmPmSN - ok
19:05:30.0361 1396 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:05:30.0662 1396 Wmi - ok
19:05:30.0992 1396 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:32.0294 1396 WmiApSrv - ok
19:05:32.0534 1396 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:05:33.0105 1396 WMPNetworkSvc - ok
19:05:33.0276 1396 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:05:34.0597 1396 wscsvc - ok
19:05:34.0808 1396 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:05:36.0019 1396 wuauserv - ok
19:05:36.0240 1396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:05:36.0430 1396 WudfPf - ok
19:05:36.0650 1396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:05:36.0791 1396 WudfRd - ok
19:05:36.0961 1396 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:05:37.0081 1396 WudfSvc - ok
19:05:39.0605 1396 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:05:41.0988 1396 WZCSVC - ok
19:05:43.0831 1396 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:05:45.0293 1396 xmlprov - ok
19:05:45.0373 1396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:05:52.0744 1396 \Device\Harddisk0\DR0 - ok
19:05:52.0794 1396 Boot (0x1200) (60e9bd8eb0c57e4bb9c75ff2b4a8e196) \Device\Harddisk0\DR0\Partition0
19:05:52.0924 1396 \Device\Harddisk0\DR0\Partition0 - ok
19:05:52.0934 1396 ============================================================
19:05:52.0934 1396 Scan finished
19:05:52.0934 1396 ============================================================
19:05:53.0685 1952 Detected object count: 0
19:05:53.0685 1952 Actual detected object count: 0

Anyway, I am at a loss. Please help! Thank you so much.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:35 AM

Posted 27 March 2012 - 09:14 PM

Hello and welcome.

Lets look at a few things.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Delete TDSS from your desktop and rerun it like this. Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:11:35 PM

Posted 27 March 2012 - 09:17 PM

Thanks for replying! I can't get Super to update, load, anything even in safe mode. I did however download and run aswMBR and it picked up something. I just don't know how to clean it. I will try to update Avast in safe mode and see if I can't get it to scan this time. Maybe it will pick them up and I can get rid of it that way. Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 20:44:34
-----------------------------
20:44:34.228 OS Version: Windows 5.1.2600 Service Pack 3
20:44:34.228 Number of processors: 1 586 0x502
20:44:34.418 ComputerName: TAMMY-B259C05FD UserName: Tammy
20:44:46.906 Initialize success
20:50:08.899 AVAST engine defs: 12032702
20:51:08.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:51:08.185 Disk 0 Vendor: QUANTUM_FIREBALL_CX13.6A A3F.0B00 Size: 13066MB BusType: 3
20:51:08.275 Disk 0 MBR read successfully
20:51:08.305 Disk 0 MBR scan
20:51:12.341 Disk 0 Windows XP default MBR code
20:51:12.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 13060 MB offset 63
20:51:16.306 Disk 0 scanning sectors +26748225
20:51:17.608 Disk 0 scanning C:\WINDOWS\system32\drivers
20:52:03.564 Service scanning
20:52:54.267 Modules scanning
20:53:24.651 Disk 0 trace - called modules:
20:53:24.741 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:53:24.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81265030]
20:53:24.901 3 CLASSPNP.SYS[fc4fcfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x812a8030]
20:53:26.183 AVAST engine scan C:\WINDOWS
20:53:30.469 AVAST engine scan C:\WINDOWS\system32
20:59:51.908 AVAST engine scan C:\WINDOWS\system32\drivers
21:00:20.849 AVAST engine scan C:\Documents and Settings\Tammy
21:01:30.610 File: C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe **INFECTED** Win32:Malware-gen
21:01:31.130 File: C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleUpdate.exe **INFECTED** Win32:Trojan-gen
21:01:38.541 File: C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe **INFECTED** Win32:Trojan-gen
21:01:59.822 File: C:\Documents and Settings\Tammy\Local Settings\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
21:02:01.174 File: C:\Documents and Settings\Tammy\Local Settings\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
21:04:08.527 AVAST engine scan C:\Documents and Settings\All Users
21:04:28.015 Scan finished successfully
21:05:13.630 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tammy\My Documents\MBR.dat"
21:05:13.751 The log file has been saved successfully to "C:\Documents and Settings\Tammy\My Documents\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:35 AM

Posted 27 March 2012 - 09:23 PM

Hello try .. Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:11:35 PM

Posted 27 March 2012 - 10:08 PM

The fix button is greyed out.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:35 AM

Posted 27 March 2012 - 10:47 PM

Ugh! then we need to manually get it out.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step.
Instead post the aswMBE log above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:11:35 PM

Posted 27 March 2012 - 11:30 PM

Thank you! All went well. I have moved the topic and posted the requested log files. Thanks so much!

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:35 AM

Posted 28 March 2012 - 12:11 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic447875.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users