Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Access Internet After Trojan...?


  • Please log in to reply
14 replies to this topic

#1 toicy4ya

toicy4ya

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 08 April 2012 - 02:28 PM

Hi All,

Yesterday I noticed my laptop acting sluggish and getting pop ups on ie. I immediately ran a scan on safemode using Malwarebytes, Avast & SUPERAntiSpyware. As a result several Trojans were picked up by Malwarebytes and SuperAntiSpyware but non from Avast. I ran an additional scan of Malwarebytes just to make sure nothing was missed, on the second scan it came up clean. However, now i cannot access the internet via wifi although i see the wireless connection symbol and it reads Signal Strength: Excellent. However, my ipad, iphone and xbox pick it up the wifi with no problem. I tried connecting the laptop via ethernet cable and still nothing even on safe mode. I checked Internet Connection to make sure the proxy was unchecked. I also tried restoring the laptop to an earlier date three times unsuccessfully.

Anyone know what i need to do to fix this problem?

Thanks in advance.

I noticed Malwarebytes picked up several trojans, some i believe were back door. Spybot picked up several tracking cookies. I asked to remove the offenders and restarted. Now for some reason I cant access the internet. I get the message, page cannot be displayed. Please note, i am accessing the internet via wifi, my iphone & xbox360 picks it up just fine except for my laptop. I ran another scan on safe mode thinking i might have missed something but it came back clean.

In an attempt to possibly fix this problem, i attempted a system restore several times to three previous dates but it kept coming back with a message saying something like, system restore cannot restore to the requested date.

Has anyone ever had this problem? Any feedback or assistance would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 08 April 2012 - 05:07 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Edited by narenxp, 08 April 2012 - 05:07 PM.


#3 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 09 April 2012 - 05:46 PM

Farbar Service Scanner Version: 01-03-2012
Ran by Noel (administrator) on 09-04-2012 at 18:39:43
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2003-07-16 16:26] - [2006-05-19 08:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2003-07-16 16:23] - [2008-08-14 05:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2003-07-16 16:37] - [2004-08-04 03:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2003-07-16 16:47] - [2008-06-20 06:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll
[2003-07-16 16:27] - [2008-02-20 01:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2003-07-16 16:30] - [2004-08-04 04:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2003-07-16 16:38] - [2005-08-22 14:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-11-26 05:37] - [2004-08-04 04:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2011-11-26 05:38] - [2004-08-04 04:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2011-11-26 05:38] - [2004-08-04 03:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2011-11-26 05:57] - [2004-08-04 04:56] - 0081408 ____N (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-11-26 05:37] - [2004-08-04 04:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2011-11-26 05:37] - [2004-08-04 04:56] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2011-11-26 05:38] - [2004-08-04 04:56] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2003-07-16 16:27] - [2008-07-07 16:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2003-07-16 16:26] - [2004-08-04 04:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2003-07-16 16:47] - [2004-08-04 04:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2003-07-16 16:43] - [2009-02-09 06:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2003-07-16 16:44] - [2009-02-06 13:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
aswTdi(8) DNE(10) Gpc(3) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000080000000900000006000000070000000A000000
Attention! IpSec Tag value should be 5. Attention! IpSec Tag value is missing and it should be 5.

**** End of log ****





tdsskiller log

18:42:27.0937 2544 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
18:42:28.0000 2544 ============================================================
18:42:28.0000 2544 Current date / time: 2012/04/09 18:42:28.0000
18:42:28.0000 2544 SystemInfo:
18:42:28.0000 2544
18:42:28.0000 2544 OS Version: 5.1.2600 ServicePack: 2.0
18:42:28.0000 2544 Product type: Workstation
18:42:28.0000 2544 ComputerName: NOEL-MNR7BSKA4M
18:42:28.0000 2544 UserName: Noel
18:42:28.0000 2544 Windows directory: C:\WINDOWS
18:42:28.0000 2544 System windows directory: C:\WINDOWS
18:42:28.0000 2544 Processor architecture: Intel x86
18:42:28.0000 2544 Number of processors: 2
18:42:28.0000 2544 Page size: 0x1000
18:42:28.0000 2544 Boot type: Normal boot
18:42:28.0000 2544 ============================================================
18:42:29.0515 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:42:29.0531 2544 Drive \Device\Harddisk1\DR4 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:42:29.0531 2544 \Device\Harddisk0\DR0:
18:42:29.0531 2544 MBR used
18:42:29.0531 2544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
18:42:29.0531 2544 \Device\Harddisk1\DR4:
18:42:29.0531 2544 MBR used
18:42:29.0531 2544 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xEEA080
18:42:29.0562 2544 Initialize success
18:42:29.0562 2544 ============================================================
18:42:35.0968 1436 ============================================================
18:42:35.0968 1436 Scan started
18:42:35.0968 1436 Mode: Manual; TDLFS;
18:42:35.0968 1436 ============================================================
18:42:36.0359 1436 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:42:36.0359 1436 !SASCORE - ok
18:42:36.0484 1436 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:42:36.0484 1436 Aavmker4 - ok
18:42:36.0500 1436 Abiosdsk - ok
18:42:36.0515 1436 abp480n5 - ok
18:42:36.0562 1436 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:42:36.0562 1436 ACPI - ok
18:42:36.0609 1436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:42:36.0609 1436 ACPIEC - ok
18:42:36.0703 1436 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:42:36.0718 1436 AdobeFlashPlayerUpdateSvc - ok
18:42:36.0718 1436 adpu160m - ok
18:42:36.0796 1436 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:42:36.0796 1436 aec - ok
18:42:36.0828 1436 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
18:42:36.0828 1436 AESTAud - ok
18:42:36.0890 1436 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:42:36.0890 1436 AFD - ok
18:42:36.0890 1436 Aha154x - ok
18:42:36.0906 1436 aic78u2 - ok
18:42:36.0921 1436 aic78xx - ok
18:42:36.0953 1436 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
18:42:36.0953 1436 Alerter - ok
18:42:36.0968 1436 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
18:42:36.0984 1436 ALG - ok
18:42:36.0984 1436 AliIde - ok
18:42:37.0000 1436 amsint - ok
18:42:37.0031 1436 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:42:37.0031 1436 ApfiltrService - ok
18:42:37.0078 1436 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:42:37.0078 1436 APPDRV - ok
18:42:37.0171 1436 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:37.0171 1436 Apple Mobile Device - ok
18:42:37.0171 1436 AppMgmt - ok
18:42:37.0187 1436 asc - ok
18:42:37.0187 1436 asc3350p - ok
18:42:37.0203 1436 asc3550 - ok
18:42:37.0265 1436 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:42:37.0281 1436 aspnet_state - ok
18:42:37.0312 1436 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:42:37.0312 1436 aswFsBlk - ok
18:42:37.0328 1436 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\WINDOWS\system32\drivers\aswKbd.sys
18:42:37.0343 1436 aswKbd - ok
18:42:37.0359 1436 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
18:42:37.0375 1436 aswMon2 - ok
18:42:37.0390 1436 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
18:42:37.0406 1436 AswRdr - ok
18:42:37.0453 1436 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
18:42:37.0468 1436 aswSnx - ok
18:42:37.0500 1436 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
18:42:37.0500 1436 aswSP - ok
18:42:37.0531 1436 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
18:42:37.0531 1436 aswTdi - ok
18:42:37.0578 1436 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:42:37.0578 1436 AsyncMac - ok
18:42:37.0609 1436 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:42:37.0609 1436 atapi - ok
18:42:37.0609 1436 Atdisk - ok
18:42:37.0640 1436 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:42:37.0640 1436 Atmarpc - ok
18:42:37.0656 1436 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
18:42:37.0656 1436 AudioSrv - ok
18:42:37.0703 1436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:42:37.0703 1436 audstub - ok
18:42:37.0796 1436 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:42:37.0796 1436 avast! Antivirus - ok
18:42:37.0828 1436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:42:37.0828 1436 Beep - ok
18:42:37.0875 1436 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
18:42:37.0890 1436 BITS - ok
18:42:37.0937 1436 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:42:37.0953 1436 Bonjour Service - ok
18:42:38.0000 1436 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
18:42:38.0000 1436 Browser - ok
18:42:38.0015 1436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:42:38.0031 1436 cbidf2k - ok
18:42:38.0031 1436 cd20xrnt - ok
18:42:38.0046 1436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:42:38.0046 1436 Cdaudio - ok
18:42:38.0078 1436 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:42:38.0093 1436 Cdfs - ok
18:42:38.0109 1436 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:42:38.0109 1436 Cdrom - ok
18:42:38.0109 1436 Changer - ok
18:42:38.0125 1436 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
18:42:38.0125 1436 CiSvc - ok
18:42:38.0171 1436 ClipSrv (f00ab7543840ac1ca06ad5c155bcc06f) C:\WINDOWS\system32\clipsrv.exe
18:42:38.0171 1436 ClipSrv - ok
18:42:38.0218 1436 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:38.0218 1436 clr_optimization_v2.0.50727_32 - ok
18:42:38.0234 1436 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:42:38.0234 1436 CmBatt - ok
18:42:38.0250 1436 CmdIde - ok
18:42:38.0265 1436 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:42:38.0265 1436 Compbatt - ok
18:42:38.0265 1436 COMSysApp - ok
18:42:38.0281 1436 Cpqarray - ok
18:42:38.0312 1436 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
18:42:38.0312 1436 CryptSvc - ok
18:42:38.0343 1436 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:42:38.0359 1436 CVirtA - ok
18:42:38.0421 1436 CVPND (89c9312de99e00893b5330c762216d7b) C:\Program Files\Affinity\Affinity VPN Client\cvpnd.exe
18:42:38.0437 1436 CVPND - ok
18:42:38.0484 1436 CVPNDRVA (f7eb6ec14c1f614b89abc3c10beb1054) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:42:38.0484 1436 CVPNDRVA - ok
18:42:38.0500 1436 dac2w2k - ok
18:42:38.0500 1436 dac960nt - ok
18:42:38.0546 1436 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
18:42:38.0562 1436 DcomLaunch - ok
18:42:38.0593 1436 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
18:42:38.0593 1436 Dhcp - ok
18:42:38.0625 1436 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:42:38.0625 1436 Disk - ok
18:42:38.0640 1436 dmadmin - ok
18:42:38.0703 1436 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:42:38.0718 1436 dmboot - ok
18:42:38.0734 1436 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:42:38.0734 1436 dmio - ok
18:42:38.0765 1436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:42:38.0765 1436 dmload - ok
18:42:38.0796 1436 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
18:42:38.0812 1436 dmserver - ok
18:42:38.0843 1436 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:42:38.0843 1436 DMusic - ok
18:42:38.0875 1436 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:42:38.0875 1436 DNE - ok
18:42:38.0906 1436 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
18:42:38.0921 1436 Dnscache - ok
18:42:38.0921 1436 dpti2o - ok
18:42:38.0937 1436 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:42:38.0937 1436 drmkaud - ok
18:42:38.0953 1436 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
18:42:38.0968 1436 ERSvc - ok
18:42:39.0000 1436 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
18:42:39.0000 1436 Eventlog - ok
18:42:39.0031 1436 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
18:42:39.0046 1436 EventSystem - ok
18:42:39.0078 1436 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:42:39.0078 1436 Fastfat - ok
18:42:39.0109 1436 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:42:39.0125 1436 FastUserSwitchingCompatibility - ok
18:42:39.0140 1436 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
18:42:39.0140 1436 Fdc - ok
18:42:39.0171 1436 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:42:39.0171 1436 Fips - ok
18:42:39.0171 1436 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:42:39.0171 1436 Flpydisk - ok
18:42:39.0218 1436 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
18:42:39.0234 1436 FltMgr - ok
18:42:39.0281 1436 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:42:39.0281 1436 FontCache3.0.0.0 - ok
18:42:39.0296 1436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:42:39.0296 1436 Fs_Rec - ok
18:42:39.0312 1436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:42:39.0312 1436 Ftdisk - ok
18:42:39.0343 1436 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:42:39.0359 1436 GEARAspiWDM - ok
18:42:39.0375 1436 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:42:39.0390 1436 Gpc - ok
18:42:39.0421 1436 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:42:39.0421 1436 HDAudBus - ok
18:42:39.0468 1436 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:42:39.0468 1436 helpsvc - ok
18:42:39.0500 1436 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
18:42:39.0515 1436 HidServ - ok
18:42:39.0546 1436 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:42:39.0546 1436 hidusb - ok
18:42:39.0562 1436 hpn - ok
18:42:39.0609 1436 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:42:39.0609 1436 HTTP - ok
18:42:39.0640 1436 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
18:42:39.0656 1436 HTTPFilter - ok
18:42:39.0656 1436 i2omgmt - ok
18:42:39.0671 1436 i2omp - ok
18:42:39.0718 1436 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:42:39.0718 1436 i8042prt - ok
18:42:39.0906 1436 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:42:39.0968 1436 ialm - ok
18:42:40.0078 1436 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:42:40.0093 1436 idsvc - ok
18:42:40.0125 1436 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:42:40.0125 1436 Imapi - ok
18:42:40.0156 1436 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
18:42:40.0171 1436 ImapiService - ok
18:42:40.0171 1436 InCDFs - ok
18:42:40.0187 1436 InCDPass - ok
18:42:40.0203 1436 InCDRm - ok
18:42:40.0203 1436 ini910u - ok
18:42:40.0218 1436 IntelIde - ok
18:42:40.0250 1436 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:42:40.0250 1436 intelppm - ok
18:42:40.0265 1436 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
18:42:40.0265 1436 ip6fw - ok
18:42:40.0296 1436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:42:40.0296 1436 IpFilterDriver - ok
18:42:40.0312 1436 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:42:40.0312 1436 IpInIp - ok
18:42:40.0359 1436 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:42:40.0359 1436 IpNat - ok
18:42:40.0437 1436 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:42:40.0437 1436 iPod Service - ok
18:42:40.0484 1436 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:42:40.0484 1436 IRENUM - ok
18:42:40.0515 1436 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:42:40.0531 1436 isapnp - ok
18:42:40.0562 1436 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:42:40.0562 1436 JavaQuickStarterService - ok
18:42:40.0578 1436 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:42:40.0578 1436 Kbdclass - ok
18:42:40.0625 1436 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:42:40.0640 1436 kmixer - ok
18:42:40.0656 1436 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
18:42:40.0671 1436 KSecDD - ok
18:42:40.0703 1436 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
18:42:40.0718 1436 lanmanserver - ok
18:42:40.0796 1436 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
18:42:40.0796 1436 lanmanworkstation - ok
18:42:40.0812 1436 lbrtfdc - ok
18:42:41.0062 1436 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
18:42:41.0125 1436 LeapFrog Connect Device Service - ok
18:42:41.0218 1436 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
18:42:41.0218 1436 Leapfrog-USBLAN - ok
18:42:41.0234 1436 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
18:42:41.0250 1436 LmHosts - ok
18:42:41.0281 1436 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
18:42:41.0281 1436 Messenger - ok
18:42:41.0312 1436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:42:41.0312 1436 mnmdd - ok
18:42:41.0359 1436 mnmsrvc (d1b8d875275b392e46aee85f219b81fc) C:\WINDOWS\System32\mnmsrvc.exe
18:42:41.0359 1436 mnmsrvc - ok
18:42:41.0390 1436 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:42:41.0390 1436 Modem - ok
18:42:41.0421 1436 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:42:41.0421 1436 Mouclass - ok
18:42:41.0468 1436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:42:41.0468 1436 mouhid - ok
18:42:41.0484 1436 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:42:41.0484 1436 MountMgr - ok
18:42:41.0500 1436 mraid35x - ok
18:42:41.0515 1436 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:42:41.0515 1436 MRxDAV - ok
18:42:41.0562 1436 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:42:41.0562 1436 MRxSmb - ok
18:42:41.0609 1436 MSDTC (a82ff842a4a4a6420308ff509e29c51f) C:\WINDOWS\System32\msdtc.exe
18:42:41.0609 1436 MSDTC - ok
18:42:41.0625 1436 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:42:41.0625 1436 Msfs - ok
18:42:41.0640 1436 MSIServer - ok
18:42:41.0703 1436 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:42:41.0703 1436 MSKSSRV - ok
18:42:41.0750 1436 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:42:41.0750 1436 MSPCLOCK - ok
18:42:41.0765 1436 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:42:41.0765 1436 MSPQM - ok
18:42:41.0796 1436 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:42:41.0796 1436 mssmbios - ok
18:42:41.0812 1436 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:42:41.0812 1436 Mup - ok
18:42:41.0828 1436 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:42:41.0843 1436 NDIS - ok
18:42:41.0859 1436 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:42:41.0875 1436 NdisTapi - ok
18:42:41.0890 1436 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:42:41.0890 1436 Ndisuio - ok
18:42:41.0906 1436 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:42:41.0906 1436 NdisWan - ok
18:42:41.0921 1436 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:42:41.0921 1436 NDProxy - ok
18:42:41.0921 1436 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:42:41.0937 1436 NetBIOS - ok
18:42:41.0953 1436 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:42:41.0953 1436 NetBT - ok
18:42:42.0000 1436 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
18:42:42.0000 1436 NetDDE - ok
18:42:42.0015 1436 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
18:42:42.0015 1436 NetDDEdsdm - ok
18:42:42.0062 1436 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
18:42:42.0062 1436 Netlogon - ok
18:42:42.0093 1436 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
18:42:42.0109 1436 Netman - ok
18:42:42.0187 1436 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:42.0187 1436 NetTcpPortSharing - ok
18:42:42.0296 1436 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:42:42.0343 1436 NETw5x32 - ok
18:42:42.0546 1436 NETwNx32 (d51118ea7f2699cce54e9646465c233b) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
18:42:42.0609 1436 NETwNx32 - ok
18:42:42.0640 1436 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
18:42:42.0656 1436 Nla - ok
18:42:42.0859 1436 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:42:42.0859 1436 Npfs - ok
18:42:42.0953 1436 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:42:42.0968 1436 Ntfs - ok
18:42:42.0984 1436 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
18:42:43.0000 1436 NtLmSsp - ok
18:42:43.0031 1436 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
18:42:43.0031 1436 NtmsSvc - ok
18:42:43.0062 1436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:42:43.0062 1436 Null - ok
18:42:43.0093 1436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:42:43.0093 1436 NwlnkFlt - ok
18:42:43.0093 1436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:42:43.0109 1436 NwlnkFwd - ok
18:42:43.0203 1436 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:42:43.0203 1436 odserv - ok
18:42:43.0281 1436 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:43.0281 1436 ose - ok
18:42:43.0390 1436 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
18:42:43.0390 1436 Parport - ok
18:42:43.0421 1436 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:42:43.0421 1436 PartMgr - ok
18:42:43.0453 1436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:42:43.0453 1436 ParVdm - ok
18:42:43.0453 1436 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
18:42:43.0453 1436 PCI - ok
18:42:43.0468 1436 PCIDump - ok
18:42:43.0484 1436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:42:43.0500 1436 PCIIde - ok
18:42:43.0515 1436 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:42:43.0515 1436 Pcmcia - ok
18:42:43.0546 1436 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:42:43.0546 1436 pcouffin - ok
18:42:43.0546 1436 PDCOMP - ok
18:42:43.0562 1436 PDFRAME - ok
18:42:43.0562 1436 PDRELI - ok
18:42:43.0578 1436 PDRFRAME - ok
18:42:43.0593 1436 perc2 - ok
18:42:43.0593 1436 perc2hib - ok
18:42:43.0640 1436 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
18:42:43.0656 1436 PlugPlay - ok
18:42:43.0718 1436 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
18:42:43.0718 1436 PolicyAgent - ok
18:42:43.0734 1436 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:42:43.0734 1436 PptpMiniport - ok
18:42:43.0750 1436 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
18:42:43.0765 1436 Processor - ok
18:42:43.0765 1436 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:42:43.0781 1436 ProtectedStorage - ok
18:42:43.0781 1436 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:42:43.0781 1436 PSched - ok
18:42:43.0812 1436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:42:43.0812 1436 Ptilink - ok
18:42:43.0828 1436 ql1080 - ok
18:42:43.0843 1436 Ql10wnt - ok
18:42:43.0843 1436 ql12160 - ok
18:42:43.0859 1436 ql1240 - ok
18:42:43.0875 1436 ql1280 - ok
18:42:43.0890 1436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:42:43.0890 1436 RasAcd - ok
18:42:43.0906 1436 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
18:42:43.0921 1436 RasAuto - ok
18:42:43.0937 1436 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:42:43.0953 1436 Rasl2tp - ok
18:42:43.0984 1436 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
18:42:44.0000 1436 RasMan - ok
18:42:44.0000 1436 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:42:44.0015 1436 RasPppoe - ok
18:42:44.0015 1436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:42:44.0015 1436 Raspti - ok
18:42:44.0062 1436 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:42:44.0062 1436 Rdbss - ok
18:42:44.0078 1436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:42:44.0093 1436 RDPCDD - ok
18:42:44.0125 1436 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:42:44.0125 1436 RDPWD - ok
18:42:44.0140 1436 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
18:42:44.0156 1436 RDSessMgr - ok
18:42:44.0171 1436 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:42:44.0171 1436 redbook - ok
18:42:44.0218 1436 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
18:42:44.0218 1436 RemoteAccess - ok
18:42:44.0234 1436 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
18:42:44.0234 1436 RpcLocator - ok
18:42:44.0281 1436 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
18:42:44.0296 1436 RpcSs - ok
18:42:44.0343 1436 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
18:42:44.0343 1436 RSUSBSTOR - ok
18:42:44.0359 1436 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
18:42:44.0359 1436 RSVP - ok
18:42:44.0375 1436 Rts516xIR - ok
18:42:44.0406 1436 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:42:44.0406 1436 SamSs - ok
18:42:44.0468 1436 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:42:44.0468 1436 SASDIFSV - ok
18:42:44.0484 1436 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:42:44.0484 1436 SASKUTIL - ok
18:42:44.0515 1436 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
18:42:44.0531 1436 SCardSvr - ok
18:42:44.0546 1436 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
18:42:44.0562 1436 Schedule - ok
18:42:44.0609 1436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:42:44.0609 1436 Secdrv - ok
18:42:44.0640 1436 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
18:42:44.0656 1436 seclogon - ok
18:42:44.0656 1436 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
18:42:44.0671 1436 SENS - ok
18:42:44.0703 1436 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
18:42:44.0703 1436 Serial - ok
18:42:44.0734 1436 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:42:44.0734 1436 Sfloppy - ok
18:42:44.0765 1436 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
18:42:44.0765 1436 SharedAccess - ok
18:42:44.0796 1436 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:42:44.0812 1436 ShellHWDetection - ok
18:42:44.0828 1436 Simbad - ok
18:42:44.0828 1436 Sparrow - ok
18:42:44.0875 1436 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:42:44.0875 1436 splitter - ok
18:42:44.0921 1436 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
18:42:44.0921 1436 Spooler - ok
18:42:45.0031 1436 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
18:42:45.0031 1436 sprtsvc_DellSupportCenter - ok
18:42:45.0062 1436 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:42:45.0062 1436 sr - ok
18:42:45.0078 1436 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
18:42:45.0093 1436 srservice - ok
18:42:45.0109 1436 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:42:45.0125 1436 Srv - ok
18:42:45.0156 1436 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
18:42:45.0171 1436 SSDPSRV - ok
18:42:45.0203 1436 STacSV (12898d947cfcb36cb7a43e8f86a53cbc) c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
18:42:45.0218 1436 STacSV - ok
18:42:45.0265 1436 STHDA (503a4536c83e041ddcdf75b38cd5ecf7) C:\WINDOWS\system32\drivers\sthda.sys
18:42:45.0281 1436 STHDA - ok
18:42:45.0328 1436 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
18:42:45.0343 1436 stisvc - ok
18:42:45.0359 1436 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:42:45.0359 1436 swenum - ok
18:42:45.0375 1436 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:42:45.0375 1436 swmidi - ok
18:42:45.0390 1436 SwPrv - ok
18:42:45.0406 1436 symc810 - ok
18:42:45.0406 1436 symc8xx - ok
18:42:45.0421 1436 sym_hi - ok
18:42:45.0437 1436 sym_u3 - ok
18:42:45.0453 1436 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:42:45.0453 1436 sysaudio - ok
18:42:45.0468 1436 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
18:42:45.0484 1436 SysmonLog - ok
18:42:45.0515 1436 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
18:42:45.0531 1436 TapiSrv - ok
18:42:45.0578 1436 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:42:45.0578 1436 Tcpip - ok
18:42:45.0593 1436 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:42:45.0593 1436 TDPIPE - ok
18:42:45.0625 1436 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:42:45.0625 1436 TDTCP - ok
18:42:45.0640 1436 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:42:45.0640 1436 TermDD - ok
18:42:45.0671 1436 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
18:42:45.0687 1436 TermService - ok
18:42:45.0718 1436 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:42:45.0718 1436 Themes - ok
18:42:45.0734 1436 TosIde - ok
18:42:45.0781 1436 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
18:42:45.0781 1436 TrkWks - ok
18:42:45.0828 1436 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:42:45.0828 1436 Udfs - ok
18:42:45.0843 1436 ultra - ok
18:42:45.0890 1436 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
18:42:45.0890 1436 Update - ok
18:42:45.0937 1436 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
18:42:45.0953 1436 upnphost - ok
18:42:45.0984 1436 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
18:42:46.0000 1436 UPS - ok
18:42:46.0031 1436 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:42:46.0031 1436 USBAAPL - ok
18:42:46.0078 1436 usbccgp (77b3c8f166a6e6f2e834737ab8cac1ca) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:42:46.0078 1436 usbccgp - ok
18:42:46.0093 1436 USBCCID - ok
18:42:46.0109 1436 usbehci (4ffaea1bd071a72dfb76519f5b1da956) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:42:46.0109 1436 usbehci - ok
18:42:46.0125 1436 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:42:46.0125 1436 usbhub - ok
18:42:46.0171 1436 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:42:46.0171 1436 usbscan - ok
18:42:46.0218 1436 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:42:46.0218 1436 usbstor - ok
18:42:46.0250 1436 usbuhci (1590742573fcafdd9c837478eb1846a4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:42:46.0250 1436 usbuhci - ok
18:42:46.0281 1436 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:42:46.0296 1436 VgaSave - ok
18:42:46.0296 1436 ViaIde - ok
18:42:46.0328 1436 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:42:46.0328 1436 VolSnap - ok
18:42:46.0406 1436 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
18:42:46.0421 1436 vsdatant - ok
18:42:46.0453 1436 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
18:42:46.0468 1436 VSS - ok
18:42:46.0500 1436 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
18:42:46.0515 1436 W32Time - ok
18:42:46.0562 1436 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:42:46.0562 1436 Wanarp - ok
18:42:46.0609 1436 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:42:46.0609 1436 Wdf01000 - ok
18:42:46.0625 1436 WDICA - ok
18:42:46.0671 1436 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:42:46.0671 1436 wdmaud - ok
18:42:46.0718 1436 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
18:42:46.0718 1436 WebClient - ok
18:42:46.0781 1436 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:42:46.0781 1436 winmgmt - ok
18:42:46.0828 1436 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:42:46.0843 1436 WmdmPmSN - ok
18:42:46.0875 1436 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:42:46.0875 1436 WmiAcpi - ok
18:42:46.0906 1436 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:42:46.0906 1436 WmiApSrv - ok
18:42:47.0031 1436 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:42:47.0046 1436 WMPNetworkSvc - ok
18:42:47.0093 1436 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
18:42:47.0109 1436 wuauserv - ok
18:42:47.0156 1436 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:42:47.0156 1436 WudfPf - ok
18:42:47.0171 1436 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:42:47.0171 1436 WudfRd - ok
18:42:47.0203 1436 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:42:47.0218 1436 WudfSvc - ok
18:42:47.0250 1436 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
18:42:47.0265 1436 WZCSVC - ok
18:42:47.0296 1436 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
18:42:47.0312 1436 xmlprov - ok
18:42:47.0328 1436 yksvc - ok
18:42:47.0359 1436 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:42:47.0375 1436 yukonwxp - ok
18:42:47.0390 1436 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:42:47.0687 1436 \Device\Harddisk0\DR0 - ok
18:42:47.0703 1436 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
18:42:47.0828 1436 \Device\Harddisk1\DR4 - ok
18:42:47.0828 1436 Boot (0x1200) (fdbc45a418fff205e1e6f1534ff37f73) \Device\Harddisk0\DR0\Partition0
18:42:47.0828 1436 \Device\Harddisk0\DR0\Partition0 - ok
18:42:47.0828 1436 Boot (0x1200) (9c85d33777b4d8edbc7960fa38b5ef2d) \Device\Harddisk1\DR4\Partition0
18:42:47.0843 1436 \Device\Harddisk1\DR4\Partition0 - ok
18:42:47.0843 1436 ============================================================
18:42:47.0843 1436 Scan finished
18:42:47.0843 1436 ============================================================
18:42:47.0859 2792 Detected object count: 0
18:42:47.0859 2792 Actual detected object count: 0

#4 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 10 April 2012 - 01:24 PM

I ran the requested scans listed in the previous post, can anyone offer additional assistance?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 04:16 AM

Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.

Press WIndows+R key and type

dllcache and click ok

Now copy ipsec.sys from the location and save it to C:/WINDOWS/SYSTEM32/drivers folder


Press Windows+R key and type

notepad and click ok

Copy the following script




Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


Click on FILE-SAVE AS

Filename:ipsec.reg
save as type:All types

Launch the ipsec.reg and click YES to import it to registry

Restart the PC and check your browser

good luck

Edited by narenxp, 11 April 2012 - 04:17 AM.


#6 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 April 2012 - 05:19 AM

I attempted to do as you suggested however, I do not have ipsec.sys in the dllcache folder. I only find ipsec6, I don't know if this is the same thing?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 05:22 AM

Launch FSS again and type

ipsec.sys in search BOX and click on search files

Post the generated log

Edited by narenxp, 11 April 2012 - 05:31 AM.


#8 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 April 2012 - 06:26 AM

narenxp,

Here is the log;

Farbar Service Scanner Version: 01-03-2012
Ran by Noel (administrator) on 11-04-2012 at 07:12:16
Microsoft Windows XP Home Edition Service Pack 2 (X86)

************************************************
======== Search: "ipsec.sys" =========

C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys
[2011-11-26 07:18] - [2008-04-13 15:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2011-11-26 05:57] - [2004-08-04 03:14] - 0074752 ____N (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2011-11-26 05:55] - [2003-07-16 16:30] - 0057984 ____C (Microsoft Corporation) 1C4802409CFD4A7051F458B744CFCAA5

====== End Of Search ======

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 06:28 AM

Browse to this folder

C:\WINDOWS\ServicePackFiles\i386

Copy ipsec.sys and paste it in C:/WINDOWS/SYSTEM32/drivers

Follow other instructions as given before

good luck

#10 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 April 2012 - 06:42 AM

Narenxp,

Thanks, that fix the problem. I have one last question, What software security do you recommend i install in hopes that this does not reaccure? Also should i run the software securty upon boot up?

Thanks again

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 06:48 AM

:thumbsup:

Avast is good,make sure to run frequent scans with malwarebytes and super antispyware

good luck

#12 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 April 2012 - 07:20 AM

Is it necessary to have malware bytes and Superantispyware start up with windows and run in the background at all times?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 07:27 AM

Not necessary,avast is enough.Run a scan with malwarebytes and super antispyware only if you feel that PC may be infected

#14 toicy4ya

toicy4ya
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 April 2012 - 07:37 AM

Awesome, thanks for all your help. It was greatly appreciated.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 AM

Posted 11 April 2012 - 08:02 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users