Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Hard drive access when wireless is on


  • Please log in to reply
15 replies to this topic

#1 BlueBomber600

BlueBomber600

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 21 April 2012 - 09:42 AM

Hello,

Last week I started getting blue screens just after start-up. I posted over in the Windows XP area and received help. The problem ended up being with Microsoft Security Essentials. After removing it, I have not had any more blue screen issues.

Here is that thread:
Link

I am not sure if the problems that I have been having are related. The computer has been running fine, however as soon as I turn on the wireless, or connect through a cable, the computer slows down. The hard drive light indicates that it is constantly being accessed. I've ran Malwarebytes and Spybot and both give no issues.

Does this sound like a security issue or something hardware related?

Thanks for any help.
Emil

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 21 April 2012 - 12:30 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 22 April 2012 - 11:15 AM

Yesterday I started running the scans on my problematic computer. This morning, after starting up the computer, some new program had been installed - SMART HDD, and it's scanning telling me there are bad sectors of my hard drive. No idea where this came from. The computer hasn't been connected to the internet, except to update Malwarebytes and the aswMBR.

This happened after running everything, except the aswMBR which I did this morning after the SMART HDD appeared.

Here are the log files.

SecuritCheck:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.5
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 30
Out of date Java installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
``````````End of Log````````````



FSS:
Farbar Service Scanner Version: 16-04-2012
Ran by Emil (administrator) on 21-04-2012 at 22:01:57
Running from "C:\Documents and Settings\Emil\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****



MiniToobBox:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Emil (administrator) on 21-04-2012 at 22:03:08
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Laptop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : 00-14-22-F5-31-58 Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-13-02-20-14-66 Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again. Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again. Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 22 f5 31 58 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 13 02 20 14 66 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/17/2012 00:17:50 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x8004ff11common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/16/2012 11:04:11 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/16/2012 10:08:04 PM) (Source: SolidWorks SC) (User: )
Description: 98-166

Error: (04/16/2012 09:31:39 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/16/2012 07:07:51 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/15/2012 08:45:32 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/14/2012 08:05:45 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80240022processdownloadresultsdownload3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/14/2012 07:43:10 AM) (Source: MsiInstaller) (User: Emil)Emil
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/14/2012 07:38:00 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.8202.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (04/14/2012 07:31:31 AM) (Source: MsiInstaller) (User: Emil)Emil
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (04/21/2012 10:03:10 PM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2012 09:53:19 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/21/2012 07:27:22 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (04/21/2012 07:26:30 AM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/20/2012 00:02:43 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/19/2012 07:08:00 AM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/18/2012 10:07:07 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/18/2012 06:15:19 AM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless SSO Service service depends on the following nonexistent service: EvtEng

Error: (04/18/2012 00:52:20 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/18/2012 00:52:13 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (04/17/2012 00:17:50 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe2.1.1116.00x8004ff11common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/16/2012 11:04:11 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/16/2012 10:08:04 PM) (Source: SolidWorks SC)(User: )
Description: 98-166

Error: (04/16/2012 09:31:39 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/16/2012 07:07:51 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/15/2012 08:45:32 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/14/2012 08:05:45 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240022processdownloadresultsdownload3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/14/2012 07:43:10 AM) (Source: MsiInstaller)(User: Emil)Emil
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (04/14/2012 07:38:00 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.8202.0fixed2 _ 10245 _ not bootNILNILNIL

Error: (04/14/2012 07:31:31 AM) (Source: MsiInstaller)(User: Emil)Emil
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

... Files\Onset Computer Corporation\HOBOware
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adolix Split and Merge PDF v1.9
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.3.0.11)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities PhotoStitch (Version: 3.1.17.41)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.7
Dell Photo AIO Printer 966
Dell ResourceCD
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Wireless WLAN Card (Version: 4.10.47.3)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.2)
DNA (Version: 2.2.4 (16502))
DVD Shrink 3.2
Foxit Reader (Version: 4.3.1.323)
Garmin City Navigator North America 2008 (Version: 9.0.0.0)
Garmin Communicator Plugin (Version: 2.5.1)
Garmin MapSource (Version: 6.15.11)
Garmin TOPO U.S. 2008 (Version: 4.0.0.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HOBOware 3.0
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
JDownloader 0.9 (Version: 0.9)
Keyspan USB Serial Adapter (Version: 3.7s)
LuminanceHDR 2.0.2
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
mDrWiFi (Version: 11.02.0000)
mHlpDell (Version: 11.02.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
mIWA (Version: 11.02.0000)
mLogView (Version: 11.02.0000)
mMHouse (Version: 11.02.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
mPfMgr (Version: 11.02.0000)
mPfWiz (Version: 11.02.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 11.02.0000)
mSSO (Version: 11.02.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 11.02.0000)
mZConfig (Version: 11.02.0000)
Picasa 3 (Version: 3.8)
Power Commander Control Center 3.2.0 (Test Build 1)
PowerDVD 5.5
QuickSet (Version: 7.1.12)
QuickTime (Version: 7.71.80.42)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
SigmaTel Audio (Version: 5.10.4803.0)
SolidWorks 2011 SP02 (Version: 19.120.49)
SolidWorks 2011 SP02 (Version: 19.2.0.49)
SolidWorks eDrawings 2011 SP02 (Version: 11.2.113)
SolidWorks Explorer 2011 SP02 (Version: 19.20.49)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.5 (Version: 4.5.0)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TeamViewer 6 (Version: 6.0.10194)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 1.0.2 (Version: 1.0.2)
WD SmartWare (Version: 1.4.1.1)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 24.0.2012.1)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 1014.37 MB
Available physical RAM: 591.38 MB
Total Pagefile: 2441.53 MB
Available Pagefile: 2123.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:87.06 GB) (Free:33.23 GB) NTFS
2 Drive d: (SolidWorks 2011) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:0.96 GB) (Free:0.91 GB) FAT32

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator ASPNET Emil
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****




MBAM:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Emil :: LAPTOP [administrator]

4/21/2012 10:11:34 PM
mbam-log-2012-04-21 (22-11-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241956
Time elapsed: 1 hour(s), 11 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\temp\0.46701767551919016 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)




aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 08:01:00
-----------------------------
08:01:00.468 OS Version: Windows 5.1.2600 Service Pack 3
08:01:00.468 Number of processors: 2 586 0xE08
08:01:00.468 ComputerName: LAPTOP UserName: Emil
08:01:01.546 Initialize success
08:09:19.153 AVAST engine defs: 12042200
08:45:55.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:45:55.811 Disk 0 Vendor: FUJITSU_MHV2100BH 00850028 Size: 93958MB BusType: 3
08:45:55.811 Device \Driver\atapi -> DriverStartIo 86f842c6
08:45:55.998 Disk 0 MBR read successfully
08:45:55.998 Disk 0 MBR scan
08:46:33.045 Disk 0 MBR:Alureon-M [Rtk]
08:47:06.076 Disk 0 TDL4@MBR code has been found
08:47:18.310 Disk 0 Windows XP default MBR code found via API
08:47:18.310 Disk 0 MBR hidden
08:47:18.560 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:48:14.013 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 89149 MB offset 80325
08:48:50.560 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 182675115
08:48:57.747 Disk 0 MBR [TDL4] **ROOTKIT**
08:48:58.044 Disk 0 trace - called modules:
08:48:58.169 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x856f5fd0]<<
08:48:58.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87376ab8]
08:48:58.231 3 CLASSPNP.SYS[f75edfd7] -> nt!IofCallDriver -> [0x86f01900]
08:48:58.231 \Driver\00001765[0x85745bc0] -> IRP_MJ_CREATE -> 0x856f5fd0
08:50:34.872 AVAST engine scan C:\WINDOWS
08:52:20.762 AVAST engine scan C:\WINDOWS\system32
08:55:04.497 File: C:\WINDOWS\system32\mcontrol.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:58:35.997 AVAST engine scan C:\WINDOWS\system32\drivers
08:58:46.184 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Aluroot-C [Rtk]
08:58:59.090 AVAST engine scan C:\Documents and Settings\Emil
09:04:32.231 AVAST engine scan C:\Documents and Settings\All Users
09:05:40.137 Scan finished successfully
09:06:22.294 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Emil\Desktop\MBR.dat"
09:06:22.340 The log file has been saved successfully to "C:\Documents and Settings\Emil\Desktop\aswMBR.txt"



Thanks for the help.
Emil

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 22 April 2012 - 02:09 PM

We have at least couple of issues there.
SMART HDD is a malicious program which has to be removed but you're also infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 23 April 2012 - 01:26 AM

Well I had another blue screen when booting up the computer to run the TDSS Rootkit scanner. Restarted the computer and it didn't happen.

3 files did come up, and I left the default action.


23:05:46.0093 1624 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
23:05:46.0140 1624 ============================================================
23:05:46.0140 1624 Current date / time: 2012/04/22 23:05:46.0140
23:05:46.0140 1624 SystemInfo:
23:05:46.0140 1624
23:05:46.0140 1624 OS Version: 5.1.2600 ServicePack: 3.0
23:05:46.0140 1624 Product type: Workstation
23:05:46.0140 1624 ComputerName: LAPTOP
23:05:46.0140 1624 UserName: Emil
23:05:46.0140 1624 Windows directory: C:\WINDOWS
23:05:46.0140 1624 System windows directory: C:\WINDOWS
23:05:46.0140 1624 Processor architecture: Intel x86
23:05:46.0140 1624 Number of processors: 2
23:05:46.0140 1624 Page size: 0x1000
23:05:46.0140 1624 Boot type: Safe boot
23:05:46.0140 1624 ============================================================
23:05:51.0031 1624 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:05:51.0046 1624 Drive \Device\Harddisk1\DR4 - Size: 0xF4FFE00 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:05:51.0046 1624 \Device\Harddisk0\DR0:
23:05:51.0046 1624 MBR partitions:
23:05:51.0046 1624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xAE1EE25
23:05:51.0046 1624 \Device\Harddisk1\DR4:
23:05:51.0046 1624 MBR partitions:
23:05:51.0046 1624 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x63, BlocksNum 0x7A59D
23:05:51.0265 1624 C: <-> \Device\Harddisk0\DR0\Partition0
23:05:51.0500 1624 Initialize success
23:05:51.0500 1624 ============================================================
23:05:54.0921 1640 ============================================================
23:05:54.0921 1640 Scan started
23:05:54.0921 1640 Mode: Manual;
23:05:54.0921 1640 ============================================================
23:05:56.0625 1640 Abiosdsk - ok
23:05:57.0000 1640 abp480n5 - ok
23:05:57.0562 1640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:05:57.0656 1640 ACPI - ok
23:05:58.0078 1640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:05:58.0078 1640 ACPIEC - ok
23:05:58.0671 1640 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:05:58.0812 1640 AdobeFlashPlayerUpdateSvc - ok
23:05:59.0265 1640 adpu160m - ok
23:05:59.0765 1640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:05:59.0843 1640 aec - ok
23:06:00.0265 1640 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:06:00.0281 1640 AegisP - ok
23:06:00.0765 1640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:06:00.0859 1640 AFD - ok
23:06:01.0312 1640 Aha154x - ok
23:06:01.0703 1640 aic78u2 - ok
23:06:02.0078 1640 aic78xx - ok
23:06:02.0484 1640 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:06:02.0484 1640 Alerter - ok
23:06:02.0890 1640 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:06:02.0921 1640 ALG - ok
23:06:03.0312 1640 AliIde - ok
23:06:03.0718 1640 amsint - ok
23:06:04.0234 1640 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:06:04.0250 1640 APPDRV - ok
23:06:04.0718 1640 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:06:04.0812 1640 AppMgmt - ok
23:06:05.0265 1640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:06:05.0296 1640 Arp1394 - ok
23:06:05.0687 1640 asc - ok
23:06:06.0171 1640 asc3350p - ok
23:06:06.0562 1640 asc3550 - ok
23:06:06.0906 1640 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:06:06.0984 1640 aspnet_state - ok
23:06:07.0515 1640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:06:07.0531 1640 AsyncMac - ok
23:06:07.0953 1640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:06:07.0953 1640 atapi - ok
23:06:08.0375 1640 Atdisk - ok
23:06:08.0812 1640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:06:08.0859 1640 Atmarpc - ok
23:06:09.0281 1640 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:06:09.0296 1640 AudioSrv - ok
23:06:09.0828 1640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:06:09.0828 1640 audstub - ok
23:06:10.0265 1640 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:06:10.0281 1640 bcm4sbxp - ok
23:06:10.0703 1640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:06:10.0703 1640 Beep - ok
23:06:11.0296 1640 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:06:11.0671 1640 BITS - ok
23:06:12.0125 1640 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:06:12.0171 1640 Browser - ok
23:06:12.0718 1640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:06:12.0718 1640 cbidf2k - ok
23:06:12.0921 1640 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
23:06:12.0968 1640 CCALib8 - ok
23:06:13.0515 1640 cd20xrnt - ok
23:06:13.0921 1640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:06:13.0921 1640 Cdaudio - ok
23:06:14.0390 1640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:06:14.0421 1640 Cdfs - ok
23:06:14.0843 1640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:06:14.0875 1640 Cdrom - ok
23:06:15.0359 1640 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
23:06:15.0375 1640 cercsr6 - ok
23:06:15.0796 1640 Changer - ok
23:06:16.0218 1640 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:06:16.0218 1640 CiSvc - ok
23:06:16.0593 1640 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:06:16.0609 1640 ClipSrv - ok
23:06:16.0921 1640 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:06:17.0156 1640 clr_optimization_v2.0.50727_32 - ok
23:06:17.0640 1640 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:06:17.0656 1640 CmBatt - ok
23:06:18.0015 1640 CmdIde - ok
23:06:18.0421 1640 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:06:18.0421 1640 Compbatt - ok
23:06:18.0781 1640 COMSysApp - ok
23:06:19.0328 1640 CoordinatorServiceHost (20c701dcba0704e9d38829bd510cd186) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
23:06:19.0375 1640 CoordinatorServiceHost - ok
23:06:19.0828 1640 Cpqarray - ok
23:06:20.0281 1640 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:06:20.0296 1640 CryptSvc - ok
23:06:20.0671 1640 dac2w2k - ok
23:06:21.0046 1640 dac960nt - ok
23:06:21.0656 1640 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:06:21.0843 1640 DcomLaunch - ok
23:06:22.0406 1640 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:06:22.0453 1640 Dhcp - ok
23:06:22.0953 1640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:06:22.0968 1640 Disk - ok
23:06:23.0437 1640 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:06:23.0453 1640 DLABOIOM - ok
23:06:24.0015 1640 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:06:24.0015 1640 DLACDBHM - ok
23:06:24.0406 1640 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
23:06:24.0406 1640 DLADResN - ok
23:06:24.0859 1640 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:06:24.0906 1640 DLAIFS_M - ok
23:06:25.0312 1640 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:06:25.0328 1640 DLAOPIOM - ok
23:06:25.0718 1640 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:06:25.0718 1640 DLAPoolM - ok
23:06:26.0140 1640 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
23:06:26.0156 1640 DLARTL_N - ok
23:06:26.0546 1640 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:06:26.0625 1640 DLAUDFAM - ok
23:06:27.0078 1640 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:06:27.0125 1640 DLAUDF_M - ok
23:06:27.0531 1640 dlcq_device - ok
23:06:27.0890 1640 dmadmin - ok
23:06:28.0718 1640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:06:29.0140 1640 dmboot - ok
23:06:29.0609 1640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:06:29.0703 1640 dmio - ok
23:06:30.0093 1640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:06:30.0109 1640 dmload - ok
23:06:30.0593 1640 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:06:30.0593 1640 dmserver - ok
23:06:31.0046 1640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:06:31.0062 1640 DMusic - ok
23:06:31.0500 1640 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:06:31.0515 1640 Dnscache - ok
23:06:32.0000 1640 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:06:32.0078 1640 Dot3svc - ok
23:06:32.0578 1640 dpti2o - ok
23:06:33.0000 1640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:06:33.0000 1640 drmkaud - ok
23:06:33.0453 1640 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:06:33.0500 1640 DRVMCDB - ok
23:06:33.0906 1640 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:06:33.0921 1640 DRVNDDM - ok
23:06:34.0343 1640 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:06:34.0359 1640 EapHost - ok
23:06:34.0671 1640 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
23:06:34.0796 1640 ehRecvr - ok
23:06:35.0015 1640 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
23:06:35.0062 1640 ehSched - ok
23:06:35.0515 1640 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:06:35.0515 1640 ERSvc - ok
23:06:35.0968 1640 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:06:36.0000 1640 Eventlog - ok
23:06:36.0515 1640 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:06:36.0640 1640 EventSystem - ok
23:06:37.0156 1640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:06:37.0234 1640 Fastfat - ok
23:06:37.0734 1640 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:06:37.0812 1640 FastUserSwitchingCompatibility - ok
23:06:38.0218 1640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:06:38.0234 1640 Fdc - ok
23:06:38.0687 1640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:06:38.0703 1640 Fips - ok
23:06:39.0375 1640 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:06:39.0890 1640 FLEXnet Licensing Service - ok
23:06:40.0421 1640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:06:40.0421 1640 Flpydisk - ok
23:06:40.0890 1640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:06:40.0953 1640 FltMgr - ok
23:06:41.0281 1640 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:06:41.0312 1640 FontCache3.0.0.0 - ok
23:06:41.0734 1640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:06:41.0750 1640 Fs_Rec - ok
23:06:42.0187 1640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:06:42.0250 1640 Ftdisk - ok
23:06:42.0687 1640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:06:42.0718 1640 Gpc - ok
23:06:43.0171 1640 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
23:06:43.0187 1640 grmnusb - ok
23:06:43.0375 1640 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:06:43.0453 1640 gusvc - ok
23:06:44.0015 1640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:06:44.0015 1640 HDAudBus - ok
23:06:44.0218 1640 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:06:44.0218 1640 helpsvc - ok
23:06:44.0750 1640 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:06:44.0765 1640 HidServ - ok
23:06:45.0281 1640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:06:45.0296 1640 HidUsb - ok
23:06:45.0703 1640 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:06:45.0734 1640 hkmsvc - ok
23:06:46.0171 1640 hpn - ok
23:06:46.0937 1640 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:06:47.0031 1640 HSFHWAZL - ok
23:06:48.0015 1640 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:06:48.0531 1640 HSF_DPV - ok
23:06:49.0093 1640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:06:49.0218 1640 HTTP - ok
23:06:49.0656 1640 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:06:49.0718 1640 HTTPFilter - ok
23:06:50.0140 1640 i2omgmt - ok
23:06:50.0546 1640 i2omp - ok
23:06:51.0000 1640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:06:51.0015 1640 i8042prt - ok
23:06:54.0359 1640 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:06:57.0171 1640 ialm - ok
23:06:57.0937 1640 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:06:58.0375 1640 idsvc - ok
23:06:58.0812 1640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:06:58.0843 1640 Imapi - ok
23:06:59.0312 1640 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:06:59.0375 1640 ImapiService - ok
23:06:59.0812 1640 ini910u - ok
23:07:00.0187 1640 IntelIde - ok
23:07:00.0671 1640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:00.0687 1640 intelppm - ok
23:07:01.0078 1640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:07:01.0109 1640 Ip6Fw - ok
23:07:01.0593 1640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:01.0609 1640 IpInIp - ok
23:07:02.0109 1640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:02.0187 1640 IpNat - ok
23:07:02.0640 1640 IPSec (64a58ab511c2385e80505ea5fecca1a9) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:02.0687 1640 IPSec ( Virus.Win32.ZAccess.k ) - infected
23:07:02.0687 1640 IPSec - detected Virus.Win32.ZAccess.k (0)
23:07:03.0078 1640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:03.0078 1640 IRENUM - ok
23:07:03.0531 1640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:03.0546 1640 isapnp - ok
23:07:04.0015 1640 iwebmsg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mcontrol.dll
23:07:04.0015 1640 iwebmsg ( Backdoor.Multi.ZAccess.gen ) - infected
23:07:04.0015 1640 iwebmsg - detected Backdoor.Multi.ZAccess.gen (0)
23:07:04.0359 1640 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
23:07:04.0468 1640 JavaQuickStarterService - ok
23:07:05.0000 1640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:05.0015 1640 Kbdclass - ok
23:07:05.0437 1640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:07:05.0453 1640 kbdhid - ok
23:07:05.0921 1640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:07:06.0015 1640 kmixer - ok
23:07:06.0468 1640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:06.0515 1640 KSecDD - ok
23:07:07.0062 1640 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:07:07.0109 1640 lanmanserver - ok
23:07:07.0578 1640 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:07:07.0656 1640 lanmanworkstation - ok
23:07:08.0031 1640 lbrtfdc - ok
23:07:08.0515 1640 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:07:08.0531 1640 LmHosts - ok
23:07:08.0921 1640 mcdbus - ok
23:07:09.0156 1640 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
23:07:09.0218 1640 McrdSvc - ok
23:07:09.0671 1640 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:07:09.0671 1640 mdmxsdk - ok
23:07:10.0109 1640 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:07:10.0140 1640 Messenger - ok
23:07:10.0593 1640 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
23:07:10.0640 1640 MHN - ok
23:07:11.0046 1640 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:07:11.0046 1640 MHNDRV - ok
23:07:11.0500 1640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:07:11.0500 1640 mnmdd - ok
23:07:11.0921 1640 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:07:11.0953 1640 mnmsrvc - ok
23:07:12.0406 1640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:07:12.0421 1640 Modem - ok
23:07:12.0875 1640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:12.0875 1640 Mouclass - ok
23:07:13.0296 1640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:07:13.0312 1640 mouhid - ok
23:07:13.0765 1640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:13.0796 1640 MountMgr - ok
23:07:14.0203 1640 mraid35x - ok
23:07:14.0734 1640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:14.0828 1640 MRxDAV - ok
23:07:15.0578 1640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:15.0953 1640 MRxSmb - ok
23:07:16.0343 1640 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:07:16.0343 1640 MSDTC - ok
23:07:16.0781 1640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:07:16.0796 1640 Msfs - ok
23:07:17.0171 1640 MSIServer - ok
23:07:17.0593 1640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:17.0609 1640 MSKSSRV - ok
23:07:18.0031 1640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:18.0031 1640 MSPCLOCK - ok
23:07:18.0468 1640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:18.0468 1640 MSPQM - ok
23:07:18.0859 1640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:18.0875 1640 mssmbios - ok
23:07:20.0421 1640 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
23:07:21.0796 1640 msvsmon80 - ok
23:07:22.0359 1640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:07:22.0406 1640 Mup - ok
23:07:22.0968 1640 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:07:23.0125 1640 napagent - ok
23:07:23.0671 1640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:07:23.0765 1640 NDIS - ok
23:07:24.0218 1640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:24.0218 1640 NdisTapi - ok
23:07:24.0812 1640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:24.0828 1640 Ndisuio - ok
23:07:25.0343 1640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:25.0390 1640 NdisWan - ok
23:07:25.0812 1640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:25.0843 1640 NDProxy - ok
23:07:26.0281 1640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:26.0296 1640 NetBIOS - ok
23:07:26.0812 1640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:26.0906 1640 NetBT - ok
23:07:27.0421 1640 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:07:27.0484 1640 NetDDE - ok
23:07:27.0546 1640 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:07:27.0546 1640 NetDDEdsdm - ok
23:07:28.0031 1640 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:28.0031 1640 Netlogon - ok
23:07:28.0484 1640 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:07:28.0593 1640 Netman - ok
23:07:28.0859 1640 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:07:28.0921 1640 NetTcpPortSharing - ok
23:07:30.0500 1640 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
23:07:31.0593 1640 NETw4x32 - ok
23:07:32.0078 1640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:07:32.0109 1640 NIC1394 - ok
23:07:32.0406 1640 NICCONFIGSVC (3855171a89280fc7860dd17760754603) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
23:07:32.0609 1640 NICCONFIGSVC - ok
23:07:33.0125 1640 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:07:33.0250 1640 Nla - ok
23:07:33.0781 1640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:07:33.0796 1640 Npfs - ok
23:07:34.0625 1640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:34.0921 1640 Ntfs - ok
23:07:35.0328 1640 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:35.0328 1640 NtLmSsp - ok
23:07:35.0937 1640 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:07:36.0156 1640 NtmsSvc - ok
23:07:36.0625 1640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:07:36.0625 1640 Null - ok
23:07:37.0078 1640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:37.0093 1640 NwlnkFlt - ok
23:07:37.0546 1640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:37.0562 1640 NwlnkFwd - ok
23:07:38.0031 1640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:07:38.0062 1640 ohci1394 - ok
23:07:38.0500 1640 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
23:07:38.0515 1640 OMCI - ok
23:07:38.0703 1640 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:07:38.0750 1640 ose - ok
23:07:39.0203 1640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:07:39.0250 1640 Parport - ok
23:07:39.0703 1640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:39.0718 1640 PartMgr - ok
23:07:40.0125 1640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:40.0125 1640 ParVdm - ok
23:07:40.0562 1640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:40.0609 1640 PCI - ok
23:07:41.0046 1640 PCIDump - ok
23:07:41.0500 1640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:07:41.0500 1640 PCIIde - ok
23:07:41.0984 1640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:07:42.0046 1640 Pcmcia - ok
23:07:42.0437 1640 PDCOMP - ok
23:07:42.0828 1640 PDFRAME - ok
23:07:43.0234 1640 PDRELI - ok
23:07:43.0671 1640 PDRFRAME - ok
23:07:44.0046 1640 perc2 - ok
23:07:44.0437 1640 perc2hib - ok
23:07:44.0953 1640 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:07:44.0953 1640 PlugPlay - ok
23:07:45.0343 1640 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:45.0343 1640 PolicyAgent - ok
23:07:45.0906 1640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:45.0921 1640 PptpMiniport - ok
23:07:46.0265 1640 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:46.0265 1640 ProtectedStorage - ok
23:07:46.0828 1640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:46.0859 1640 PSched - ok
23:07:47.0234 1640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:47.0250 1640 Ptilink - ok
23:07:47.0718 1640 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:07:47.0750 1640 PxHelp20 - ok
23:07:48.0125 1640 ql1080 - ok
23:07:48.0500 1640 Ql10wnt - ok
23:07:48.0890 1640 ql12160 - ok
23:07:49.0296 1640 ql1240 - ok
23:07:49.0734 1640 ql1280 - ok
23:07:50.0156 1640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:50.0156 1640 RasAcd - ok
23:07:50.0578 1640 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:07:50.0625 1640 RasAuto - ok
23:07:51.0109 1640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:51.0140 1640 Rasl2tp - ok
23:07:51.0656 1640 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:07:51.0765 1640 RasMan - ok
23:07:52.0234 1640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:52.0250 1640 RasPppoe - ok
23:07:52.0718 1640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:52.0734 1640 Raspti - ok
23:07:53.0265 1640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:53.0359 1640 Rdbss - ok
23:07:53.0781 1640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:53.0781 1640 RDPCDD - ok
23:07:54.0359 1640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:54.0453 1640 rdpdr - ok
23:07:54.0968 1640 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:55.0046 1640 RDPWD - ok
23:07:55.0515 1640 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:07:55.0578 1640 RDSessMgr - ok
23:07:56.0062 1640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:56.0093 1640 redbook - ok
23:07:56.0453 1640 RegSrvc (7274bd434b6165baa382bdd87f6ca4ce) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
23:07:56.0703 1640 RegSrvc - ok
23:07:57.0187 1640 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:07:57.0218 1640 RemoteAccess - ok
23:07:57.0687 1640 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:07:57.0718 1640 RemoteRegistry - ok
23:07:58.0203 1640 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:07:58.0234 1640 RpcLocator - ok
23:07:58.0875 1640 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:07:58.0890 1640 RpcSs - ok
23:07:59.0343 1640 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:07:59.0406 1640 RSVP - ok
23:08:00.0109 1640 S24EventMonitor (20f261e78ccf0ea36d4fe2c363a2ef8a) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
23:08:00.0703 1640 S24EventMonitor - ok
23:08:01.0187 1640 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:08:01.0203 1640 s24trans - ok
23:08:01.0593 1640 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:01.0593 1640 SamSs - ok
23:08:02.0046 1640 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:08:02.0109 1640 SCardSvr - ok
23:08:02.0593 1640 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:08:02.0687 1640 Schedule - ok
23:08:03.0234 1640 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:08:03.0281 1640 sdbus - ok
23:08:03.0687 1640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:08:03.0703 1640 Secdrv - ok
23:08:04.0093 1640 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:08:04.0093 1640 seclogon - ok
23:08:04.0531 1640 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:08:04.0562 1640 SENS - ok
23:08:05.0046 1640 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:08:05.0062 1640 Serenum - ok
23:08:05.0484 1640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:08:05.0531 1640 Serial - ok
23:08:06.0046 1640 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:08:06.0062 1640 sffdisk - ok
23:08:06.0546 1640 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:08:06.0562 1640 sffp_sd - ok
23:08:07.0000 1640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:08:07.0000 1640 Sfloppy - ok
23:08:07.0562 1640 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:08:07.0718 1640 SharedAccess - ok
23:08:08.0296 1640 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:08:08.0296 1640 ShellHWDetection - ok
23:08:08.0671 1640 Simbad - ok
23:08:08.0875 1640 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
23:08:08.0921 1640 SolidWorks Licensing Service - ok
23:08:09.0296 1640 Sparrow - ok
23:08:09.0796 1640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:08:09.0812 1640 splitter - ok
23:08:10.0265 1640 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:08:10.0296 1640 Spooler - ok
23:08:10.0406 1640 sprtsvc_dellsupportcenter - ok
23:08:10.0875 1640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:08:10.0921 1640 sr - ok
23:08:11.0453 1640 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:08:11.0515 1640 srservice - ok
23:08:12.0140 1640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:08:12.0312 1640 Srv - ok
23:08:12.0859 1640 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:08:12.0906 1640 SSDPSRV - ok
23:08:13.0968 1640 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
23:08:14.0546 1640 STHDA - ok
23:08:15.0125 1640 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:08:15.0281 1640 stisvc - ok
23:08:15.0765 1640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:08:15.0765 1640 swenum - ok
23:08:16.0203 1640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:08:16.0234 1640 swmidi - ok
23:08:16.0578 1640 SwPrv - ok
23:08:17.0000 1640 symc810 - ok
23:08:17.0390 1640 symc8xx - ok
23:08:17.0765 1640 sym_hi - ok
23:08:18.0171 1640 sym_u3 - ok
23:08:18.0703 1640 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:08:18.0796 1640 SynTP - ok
23:08:19.0265 1640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:08:19.0296 1640 sysaudio - ok
23:08:19.0718 1640 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:08:19.0765 1640 SysmonLog - ok
23:08:20.0328 1640 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:08:20.0453 1640 TapiSrv - ok
23:08:21.0078 1640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:08:21.0250 1640 Tcpip - ok
23:08:21.0734 1640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:08:21.0750 1640 TDPIPE - ok
23:08:22.0218 1640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:08:22.0234 1640 TDTCP - ok
23:08:22.0656 1640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:08:22.0671 1640 TermDD - ok
23:08:23.0250 1640 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:08:23.0390 1640 TermService - ok
23:08:23.0875 1640 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:08:23.0890 1640 Themes - ok
23:08:24.0343 1640 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:08:24.0390 1640 TlntSvr - ok
23:08:24.0781 1640 TosIde - ok
23:08:25.0234 1640 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:08:25.0281 1640 TrkWks - ok
23:08:25.0750 1640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:08:25.0796 1640 Udfs - ok
23:08:26.0218 1640 ultra - ok
23:08:26.0656 1640 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
23:08:26.0671 1640 UMWdf - ok
23:08:27.0343 1640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:08:27.0531 1640 Update - ok
23:08:28.0031 1640 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:08:28.0125 1640 upnphost - ok
23:08:28.0578 1640 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:08:28.0593 1640 UPS - ok
23:08:29.0515 1640 USA19H (6d1e41657fdb48f9147598c773297513) C:\WINDOWS\system32\DRIVERS\USA19H2k.sys
23:08:29.0906 1640 USA19H - ok
23:08:30.0296 1640 USA19H2KP (8a217fc16dd14ab8ad2eaa1f08b3b5c5) C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS
23:08:30.0312 1640 USA19H2KP - ok
23:08:30.0796 1640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:08:30.0812 1640 usbccgp - ok
23:08:31.0218 1640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:08:31.0234 1640 usbehci - ok
23:08:31.0671 1640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:08:31.0703 1640 usbhub - ok
23:08:32.0171 1640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:08:32.0187 1640 usbprint - ok
23:08:32.0625 1640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:08:32.0640 1640 usbscan - ok
23:08:33.0093 1640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:08:33.0109 1640 USBSTOR - ok
23:08:33.0515 1640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:08:33.0531 1640 usbuhci - ok
23:08:34.0000 1640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:08:34.0000 1640 VgaSave - ok
23:08:34.0359 1640 ViaIde - ok
23:08:34.0812 1640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:08:34.0843 1640 VolSnap - ok
23:08:35.0421 1640 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:08:35.0578 1640 VSS - ok
23:08:36.0062 1640 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:08:36.0156 1640 W32Time - ok
23:08:36.0640 1640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:08:36.0656 1640 Wanarp - ok
23:08:37.0125 1640 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:08:37.0140 1640 WDC_SAM - ok
23:08:37.0375 1640 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
23:08:37.0500 1640 WDDMService - ok
23:08:38.0109 1640 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
23:08:38.0625 1640 WDFME - ok
23:08:39.0078 1640 WDICA - ok
23:08:39.0578 1640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:08:39.0609 1640 wdmaud - ok
23:08:40.0000 1640 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
23:08:40.0250 1640 WDSC - ok
23:08:40.0750 1640 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:08:40.0781 1640 WebClient - ok
23:08:41.0609 1640 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:08:42.0015 1640 winachsf - ok
23:08:42.0500 1640 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:08:42.0562 1640 winmgmt - ok
23:08:42.0875 1640 WLANKEEPER (c2ed9211101f3c9cf70b9cbdb3e99c8c) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
23:08:43.0062 1640 WLANKEEPER - ok
23:08:43.0500 1640 wltrysvc - ok
23:08:43.0906 1640 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
23:08:43.0921 1640 WmdmPmSN - ok
23:08:44.0640 1640 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:08:44.0921 1640 Wmi - ok
23:08:45.0343 1640 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:08:45.0343 1640 WmiAcpi - ok
23:08:45.0906 1640 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:08:45.0968 1640 WmiApSrv - ok
23:08:46.0421 1640 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:08:46.0421 1640 WpdUsb - ok
23:08:46.0937 1640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:08:46.0953 1640 WS2IFSL - ok
23:08:47.0343 1640 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:08:47.0375 1640 wuauserv - ok
23:08:48.0078 1640 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:08:48.0312 1640 WZCSVC - ok
23:08:48.0843 1640 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:08:48.0921 1640 xmlprov - ok
23:08:49.0000 1640 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
23:08:49.0031 1640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:08:49.0031 1640 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:08:49.0046 1640 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR4
23:08:49.0046 1640 \Device\Harddisk1\DR4 - ok
23:08:49.0078 1640 Boot (0x1200) (5d322c4973f1e019da90cc66d3d0d348) \Device\Harddisk0\DR0\Partition0
23:08:49.0093 1640 \Device\Harddisk0\DR0\Partition0 - ok
23:08:49.0093 1640 Boot (0x1200) (cf49749858610a666cad94e2a868a180) \Device\Harddisk1\DR4\Partition0
23:08:49.0109 1640 \Device\Harddisk1\DR4\Partition0 - ok
23:08:49.0109 1640 ============================================================
23:08:49.0109 1640 Scan finished
23:08:49.0109 1640 ============================================================
23:08:49.0140 1632 Detected object count: 3
23:08:49.0140 1632 Actual detected object count: 3
23:13:20.0015 1632 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
23:13:20.0812 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\@ - copied to quarantine
23:13:20.0843 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\cfg.ini - copied to quarantine
23:13:20.0890 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\Desktop.ini - copied to quarantine
23:13:21.0062 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\L\mimjmdbd - copied to quarantine
23:13:21.0125 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000001.@ - copied to quarantine
23:13:21.0328 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000002.@ - copied to quarantine
23:13:21.0375 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000004.@ - copied to quarantine
23:13:21.0468 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000000.@ - copied to quarantine
23:13:21.0562 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000004.@ - copied to quarantine
23:13:21.0640 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000032.@ - copied to quarantine
23:13:21.0671 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\version - copied to quarantine
23:13:23.0765 1632 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
23:13:34.0156 1632 Backup copy found, using it..
23:13:34.0250 1632 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
23:14:06.0218 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\@ - will be deleted on reboot
23:14:06.0218 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\cfg.ini - will be deleted on reboot
23:14:06.0250 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\Desktop.ini - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000001.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000002.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000004.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000000.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000004.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000032.@ - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\3223981931\version - will be deleted on reboot
23:14:06.0281 1632 C:\WINDOWS\$NtUninstallKB53057$\496213597 - will be deleted on reboot
23:14:06.0281 1632 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure
23:14:06.0781 1632 C:\WINDOWS\system32\mcontrol.dll - copied to quarantine
23:14:06.0843 1632 HKLM\SYSTEM\ControlSet003\services\iwebmsg - will be deleted on reboot
23:14:06.0859 1632 HKLM\SYSTEM\ControlSet004\services\iwebmsg - will be deleted on reboot
23:14:06.0859 1632 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
23:14:06.0859 1632 C:\WINDOWS\system32\mcontrol.dll - will be deleted on reboot
23:14:06.0859 1632 iwebmsg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
23:14:08.0203 1632 \Device\Harddisk0\DR0\# - copied to quarantine
23:14:08.0203 1632 \Device\Harddisk0\DR0 - copied to quarantine
23:14:08.0406 1632 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:14:08.0437 1632 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:14:08.0453 1632 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:14:08.0468 1632 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:14:08.0484 1632 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:14:08.0515 1632 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:14:08.0546 1632 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:14:08.0609 1632 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:14:08.0609 1632 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:14:08.0625 1632 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:14:08.0640 1632 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:14:08.0640 1632 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:14:08.0734 1632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:14:08.0734 1632 \Device\Harddisk0\DR0 - ok
23:14:08.0734 1632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:16:11.0187 1616 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 23 April 2012 - 06:05 PM

Good job :)

Please post new aswMBR log.

Also, update MBAM, run another scan and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 24 April 2012 - 12:44 AM

Thanks for all the help again.


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 21:14:52
-----------------------------
21:14:52.000 OS Version: Windows 5.1.2600 Service Pack 3
21:14:52.000 Number of processors: 2 586 0xE08
21:14:52.015 ComputerName: LAPTOP UserName: Emil
21:14:55.406 Initialize success
21:15:15.796 AVAST engine defs: 12042200
21:19:50.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:19:50.843 Disk 0 Vendor: FUJITSU_MHV2100BH 00850028 Size: 93958MB BusType: 3
21:19:50.875 Disk 0 MBR read successfully
21:19:50.875 Disk 0 MBR scan
21:19:50.984 Disk 0 Windows XP default MBR code
21:19:50.984 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:19:51.015 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 89149 MB offset 80325
21:19:51.046 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 182675115
21:19:51.046 Disk 0 scanning sectors +192410505
21:19:51.125 Disk 0 scanning C:\WINDOWS\system32\drivers
21:20:05.125 Service scanning
21:20:28.734 Modules scanning
21:20:36.812 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:20:37.906 Disk 0 trace - called modules:
21:20:37.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:20:37.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8730bab8]
21:20:37.937 3 CLASSPNP.SYS[f75ddfd7] -> nt!IofCallDriver -> \Device\0000006a[0x873e2880]
21:20:37.953 5 ACPI.sys[f7454620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8731b940]
21:20:39.109 AVAST engine scan C:\WINDOWS
21:20:46.750 AVAST engine scan C:\WINDOWS\system32
21:24:06.453 AVAST engine scan C:\WINDOWS\system32\drivers
21:24:25.234 AVAST engine scan C:\Documents and Settings\Emil
21:30:30.906 AVAST engine scan C:\Documents and Settings\All Users
21:32:04.109 Scan finished successfully
21:34:37.656 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:34:37.687 The log file has been saved successfully to "E:\aswMBR.txt"



MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.01

Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
Emil :: LAPTOP [administrator]

4/23/2012 9:39:08 PM
mbam-log-2012-04-23 (22-05-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243690
Time elapsed: 18 minute(s), 47 second(s)

Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe (Trojan.FakeAlert) -> 2900 -> No action taken.
C:\Documents and Settings\All Users\Application Data\oSqz5OiMQlxGOD.exe (Trojan.FakeAlert) -> 3808 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|bTyuRufPNhEo.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe -> No action taken.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\oSqz5OiMQlxGOD.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\temp\hmrkemxoojefxidbrvchg.exe (Malware.Packer.Gen) -> No action taken.

(end)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 24 April 2012 - 08:12 PM

MBAM log says "No action taken".
Re-run it, FIX all issues and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 25 April 2012 - 01:52 PM

Whoops. Copied the wrong log that comes up before selecting what action to take. Sorry about that.

Here's the correct one:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.01

Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
Emil :: LAPTOP [administrator]

4/23/2012 9:39:08 PM
mbam-log-2012-04-23 (21-39-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243690
Time elapsed: 18 minute(s), 47 second(s)

Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe (Trojan.FakeAlert) -> 2900 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\oSqz5OiMQlxGOD.exe (Trojan.FakeAlert) -> 3808 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|bTyuRufPNhEo.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\bTyuRufPNhEo.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\oSqz5OiMQlxGOD.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\temp\hmrkemxoojefxidbrvchg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 25 April 2012 - 09:41 PM

How is computer doing now?

You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 26 April 2012 - 09:01 AM

The Comodo software doesn't seem to have a nice way to export the log file. It only exports to html, so sorry for the crappy format.




COMODO Antivirus - Log Viewer Logs

Table

:

Antivirus Events

Date Created

:

2012-04-26 06:57:42

Records count

:

25
Date Location Malware Name Action Status
2012-04-26 00:04:23 C:\Documents and Settings\All Users\Application Data\-oSqz5OiMQlxGODr Malware@x0ca9pqw1vkh Detect Success
2012-04-26 00:08:46 C:\Documents and Settings\Emil\Desktop\aswMBR.exe Suspicious@o9qn3ikrl1en Detect Success
2012-04-26 00:16:26 C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Google\gdvhniu.dll Malware@bghcplphkhx0 Detect Success
2012-04-26 06:37:54 C:\Documents and Settings\Emil\Desktop\aswMBR.exe Suspicious@#o9qn3ikrl1en Quarantine Success
2012-04-26 06:37:55 C:\WINDOWS\temp\ubyfvriqrbf.exe Malware@#2wkywshz4471i Quarantine Success
2012-04-26 06:37:55 C:\WINDOWS\temp\qneydirbqkbsvimwoqp.exe Malware@#2wkywshz4471i Quarantine Success
2012-04-26 06:37:55 C:\WINDOWS\temp\nsrA2.tmp\txuivci.dll Malware@#13zm46hg0zl7v Quarantine Success
2012-04-26 06:37:55 C:\WINDOWS\temp\nsrA2.tmp\gdvhniu.dll Malware@#bghcplphkhx0 Quarantine Success
2012-04-26 06:37:55 C:\WINDOWS\temp\enadxfxjhrdv.exe Malware@#2wkywshz4471i Quarantine Success
2012-04-26 06:37:55 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0001.dta Malware@#244o2ma2mnlxw Quarantine Success
2012-04-26 06:37:55 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0002.dta Malware@#2rwlqhn8h03ka Quarantine Success
2012-04-26 06:37:57 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0003.dta Malware@#13d71njpaoh2e Quarantine Success
2012-04-26 06:37:58 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0006.dta Malware@#3vawc8i5jwlib Quarantine Success
2012-04-26 06:37:58 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0010.dta Malware@#tddgso3bh95v Quarantine Success
2012-04-26 06:37:58 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0004.dta Malware@#23n8dm43l365 Quarantine Success
2012-04-26 06:37:58 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0011.dta Malware@#35s7is0vpspjh Quarantine Success
2012-04-26 06:37:59 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\zaea0000\svc0000\tsk0000.dta Malware@#2v2ew7chxvxe8 Quarantine Success
2012-04-26 06:37:59 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\mbr0000\tdlfs0000\tsk0005.dta Malware@#uhqq90ruhl4s Quarantine Success
2012-04-26 06:37:59 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\rtkt0000\zafs0000\tsk0005.dta Malware@#1pvprkbk5m3aj Quarantine Success
2012-04-26 06:38:00 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\rtkt0000\zafs0000\tsk0002.dta Malware@#gcrap8od2u9i Quarantine Success
2012-04-26 06:38:00 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\rtkt0000\zafs0000\tsk0009.dta Malware@#1c9fbgt5dfcdm Quarantine Success
2012-04-26 06:38:00 C:\Documents and Settings\All Users\Application Data\-oSqz5OiMQlxGODr Malware@#x0ca9pqw1vkh Quarantine Success
2012-04-26 06:38:00 C:\WINDOWS\temp\jar_cache4739167195613502754.tmp Malware@#1gnmsaynqrcxx Quarantine Success
2012-04-26 06:38:00 C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\rtkt0000\zafs0000\tsk0007.dta Malware@#2v2ew7chxvxe8 Quarantine Success
2012-04-26 06:38:00 C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Google\gdvhniu.dll Malware@#bghcplphkhx0 Quarantine Success
End of The Report

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 26 April 2012 - 10:39 AM

Very well.

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 29 April 2012 - 10:03 PM

Sorry for the delayed response.

The computer is running pretty good now.

I ran TFC and the ESET online scanner, and it found 6 threats. Here's the log:


C:\Documents and Settings\Emil\My Documents\Programs\cnet_eu261en_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D88F6E0E-18E1-4B2F-83A9-8EA4E1C3E896}\RP288\A0083625.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D88F6E0E-18E1-4B2F-83A9-8EA4E1C3E896}\RP288\A0083676.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D88F6E0E-18E1-4B2F-83A9-8EA4E1C3E896}\RP288\A0083687.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.04.2012_23.05.46\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 AM

Posted 29 April 2012 - 11:08 PM

Good news :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 30 April 2012 - 08:57 AM

Incredible. Thank you so much for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users