Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirect virus?


  • Please log in to reply
11 replies to this topic

#1 Boris4ka

Boris4ka

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 29 April 2012 - 09:13 PM

I am cleaning an infected Windows XP SP3 computer for someone. It had the Smart HDD virus which I was able to remove only manually using RKill and then deleting the virus files and registry entries. However, something remains. IE Windows open randomly trying to load Twitter, Facebook, and malicious websites. Whenever I search for anything using either IE, Chrome, or Firefox, it redirects to malicious websites.

I have run MSE, AVG, Malwarebytes, SuperAntiSpyware, SpyHunter, Hitman Pro, Adaware, and maybe something else I'm forgetting. None of these programs have detected anything. I have checked proxy settings, browser extensions and toolbars, DNS settings, and hosts. Atapi.sys says it's been last modified in 2008. I've run CCleaner and checked all startup items.

I cannot open TDSSKiller. I tried renaming it, downloading on a different computer, but it just doesn't open.

What next step can I take?

Edited by Boris4ka, 29 April 2012 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 29 April 2012 - 09:18 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot,click on REPAIR


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Boris4ka

Boris4ka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 April 2012 - 12:56 AM

Thank you for the reply. FIXTDSS seems to have found an mbr rootkit and removed it (just mentioning this since there's no log for it). I have followed your directions and here are the logs:

TDSSkiller

19:37:33.0484 2536 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:37:35.0937 2536 ============================================================
19:37:35.0937 2536 Current date / time: 2012/04/29 19:37:35.0937
19:37:35.0937 2536 SystemInfo:
19:37:35.0937 2536
19:37:35.0937 2536 OS Version: 5.1.2600 ServicePack: 3.0
19:37:35.0937 2536 Product type: Workstation
19:37:35.0984 2536 ComputerName: DHGD7B11
19:37:35.0984 2536 UserName: John Mc
19:37:35.0984 2536 Windows directory: C:\WINDOWS
19:37:35.0984 2536 System windows directory: C:\WINDOWS
19:37:35.0984 2536 Processor architecture: Intel x86
19:37:35.0984 2536 Number of processors: 1
19:37:35.0984 2536 Page size: 0x1000
19:37:35.0984 2536 Boot type: Normal boot
19:37:36.0015 2536 ============================================================
19:37:51.0406 2536 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:37:51.0531 2536 Drive \Device\Harddisk1\DR4 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:51.0531 2536 ============================================================
19:37:51.0531 2536 \Device\Harddisk0\DR0:
19:37:51.0531 2536 MBR partitions:
19:37:51.0531 2536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3FFAC5, BlocksNum 0x12618FFC
19:37:51.0531 2536 \Device\Harddisk1\DR4:
19:37:51.0546 2536 MBR partitions:
19:37:51.0546 2536 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D11AC1
19:37:51.0546 2536 ============================================================
19:37:51.0656 2536 C: <-> \Device\Harddisk0\DR0\Partition0
19:37:51.0656 2536 ============================================================
19:37:51.0656 2536 Initialize success
19:37:51.0656 2536 ============================================================
19:38:51.0640 2412 ============================================================
19:38:51.0671 2412 Scan started
19:38:51.0671 2412 Mode: Manual; TDLFS;
19:38:51.0671 2412 ============================================================
19:38:53.0078 2412 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:38:53.0093 2412 !SASCORE - ok
19:38:53.0125 2412 .mrxsmb - ok
19:38:53.0375 2412 Abiosdsk - ok
19:38:53.0437 2412 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
19:38:59.0593 2412 abp480n5 - ok
19:38:59.0765 2412 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
19:39:02.0718 2412 ac97intc - ok
19:39:02.0859 2412 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:39:02.0890 2412 ACDaemon - ok
19:39:03.0062 2412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:39:03.0062 2412 ACPI - ok
19:39:03.0171 2412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:39:04.0000 2412 ACPIEC - ok
19:39:04.0234 2412 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:04.0250 2412 AdobeFlashPlayerUpdateSvc - ok
19:39:04.0343 2412 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
19:39:04.0796 2412 adpu160m - ok
19:39:04.0921 2412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:39:04.0921 2412 aec - ok
19:39:05.0062 2412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:39:05.0062 2412 AFD - ok
19:39:05.0171 2412 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:39:05.0781 2412 AFS2K - ok
19:39:05.0812 2412 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:39:06.0203 2412 agp440 - ok
19:39:06.0296 2412 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
19:39:06.0375 2412 agpCPQ - ok
19:39:06.0468 2412 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
19:39:06.0640 2412 Aha154x - ok
19:39:06.0687 2412 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
19:39:06.0828 2412 aic78u2 - ok
19:39:06.0906 2412 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
19:39:07.0000 2412 aic78xx - ok
19:39:07.0093 2412 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:39:07.0984 2412 Alerter - ok
19:39:08.0218 2412 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:39:08.0234 2412 ALG - ok
19:39:08.0406 2412 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
19:39:08.0546 2412 AliIde - ok
19:39:08.0718 2412 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
19:39:08.0828 2412 alim1541 - ok
19:39:08.0859 2412 alknlehv - ok
19:39:09.0000 2412 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
19:39:09.0125 2412 amdagp - ok
19:39:09.0234 2412 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
19:39:09.0265 2412 amsint - ok
19:39:09.0296 2412 AppMgmt - ok
19:39:09.0359 2412 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
19:39:09.0421 2412 asc - ok
19:39:09.0468 2412 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
19:39:09.0515 2412 asc3350p - ok
19:39:09.0562 2412 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
19:39:09.0625 2412 asc3550 - ok
19:39:09.0687 2412 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:39:09.0687 2412 ASCTRM - ok
19:39:09.0906 2412 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:39:10.0718 2412 aspnet_state - ok
19:39:10.0781 2412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:39:10.0859 2412 AsyncMac - ok
19:39:10.0953 2412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:39:10.0953 2412 atapi - ok
19:39:11.0000 2412 Atdisk - ok
19:39:11.0187 2412 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
19:39:11.0421 2412 ati2mpaa - ok
19:39:11.0562 2412 ati2mtaa (7e49ca74ad10ab761d620db5b02765cf) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
19:39:11.0609 2412 ati2mtaa - ok
19:39:11.0703 2412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:39:11.0843 2412 Atmarpc - ok
19:39:11.0921 2412 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:39:12.0203 2412 AudioSrv - ok
19:39:12.0265 2412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:39:12.0296 2412 audstub - ok
19:39:12.0390 2412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:39:12.0546 2412 Beep - ok
19:39:12.0718 2412 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:39:13.0062 2412 BITS - ok
19:39:13.0187 2412 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
19:39:13.0281 2412 brfilt - ok
19:39:13.0375 2412 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:39:13.0484 2412 Browser - ok
19:39:13.0562 2412 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:39:13.0593 2412 BrScnUsb - ok
19:39:13.0703 2412 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:39:13.0828 2412 BrSerIf - ok
19:39:13.0906 2412 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
19:39:14.0093 2412 BrSerWDM - ok
19:39:14.0140 2412 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
19:39:14.0203 2412 BrUsbMdm - ok
19:39:14.0296 2412 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
19:39:14.0328 2412 BrUsbScn - ok
19:39:14.0437 2412 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:39:14.0500 2412 BrUsbSer - ok
19:39:14.0562 2412 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
19:39:14.0593 2412 bvrp_pci - ok
19:39:14.0734 2412 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
19:39:14.0781 2412 cbidf - ok
19:39:14.0812 2412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:39:14.0812 2412 cbidf2k - ok
19:39:14.0906 2412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:39:15.0000 2412 CCDECODE - ok
19:39:15.0031 2412 ccujjldy - ok
19:39:15.0093 2412 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
19:39:15.0156 2412 cd20xrnt - ok
19:39:15.0218 2412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:39:15.0375 2412 Cdaudio - ok
19:39:15.0453 2412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:39:15.0609 2412 Cdfs - ok
19:39:15.0718 2412 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:39:15.0750 2412 Cdr4_xp - ok
19:39:15.0781 2412 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:39:15.0812 2412 Cdralw2k - ok
19:39:15.0859 2412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:39:15.0968 2412 Cdrom - ok
19:39:16.0093 2412 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
19:39:16.0296 2412 cdudf_xp - ok
19:39:16.0328 2412 Changer - ok
19:39:16.0406 2412 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
19:39:16.0578 2412 cisvc - ok
19:39:16.0671 2412 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:39:17.0140 2412 ClipSrv - ok
19:39:17.0250 2412 CLTNetCnService - ok
19:39:17.0343 2412 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
19:39:17.0406 2412 CmdIde - ok
19:39:17.0437 2412 COMSysApp - ok
19:39:17.0531 2412 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
19:39:17.0593 2412 Cpqarray - ok
19:39:17.0687 2412 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:39:17.0687 2412 CryptSvc - ok
19:39:17.0765 2412 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
19:39:17.0890 2412 dac2w2k - ok
19:39:17.0937 2412 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
19:39:17.0984 2412 dac960nt - ok
19:39:18.0187 2412 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:39:18.0234 2412 DcomLaunch - ok
19:39:18.0312 2412 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:39:18.0421 2412 Dhcp - ok
19:39:18.0500 2412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:39:18.0593 2412 Disk - ok
19:39:18.0625 2412 dmadmin - ok
19:39:18.0906 2412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:39:19.0171 2412 dmboot - ok
19:39:19.0250 2412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:39:19.0359 2412 dmio - ok
19:39:19.0453 2412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:39:19.0515 2412 dmload - ok
19:39:19.0578 2412 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:39:19.0687 2412 dmserver - ok
19:39:19.0812 2412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:39:19.0828 2412 DMusic - ok
19:39:19.0906 2412 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:39:19.0921 2412 Dnscache - ok
19:39:20.0015 2412 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:39:20.0546 2412 Dot3svc - ok
19:39:20.0640 2412 Dot4 HPH11 (02e5d9216994b7c77bbfe01adcb783a4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
19:39:20.0734 2412 Dot4 HPH11 - ok
19:39:20.0781 2412 Dot4Print HPH11 (0fcc3ed5a97260eec98ceae8167e940a) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
19:39:20.0875 2412 Dot4Print HPH11 - ok
19:39:20.0953 2412 Dot4Usb HPH11 (08b9bf9c88867d3b70473657ae4307b3) C:\WINDOWS\system32\drivers\hphius11.sys
19:39:21.0015 2412 Dot4Usb HPH11 - ok
19:39:21.0109 2412 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
19:39:21.0156 2412 dpti2o - ok
19:39:21.0218 2412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:39:21.0234 2412 drmkaud - ok
19:39:21.0312 2412 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
19:39:21.0390 2412 dvd_2K - ok
19:39:21.0453 2412 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:39:21.0703 2412 EapHost - ok
19:39:21.0812 2412 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
19:39:21.0921 2412 EL90XBC - ok
19:39:21.0968 2412 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:39:21.0984 2412 ERSvc - ok
19:39:22.0187 2412 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
19:39:22.0359 2412 esgiguard - ok
19:39:22.0468 2412 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:39:22.0468 2412 Eventlog - ok
19:39:22.0625 2412 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
19:39:22.0656 2412 EventSystem - ok
19:39:22.0750 2412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:39:22.0812 2412 Fastfat - ok
19:39:22.0921 2412 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:39:22.0937 2412 FastUserSwitchingCompatibility - ok
19:39:23.0062 2412 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:39:23.0125 2412 Fax - ok
19:39:23.0218 2412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:39:23.0312 2412 Fdc - ok
19:39:23.0375 2412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:39:23.0468 2412 Fips - ok
19:39:23.0515 2412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:39:23.0578 2412 Flpydisk - ok
19:39:23.0718 2412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:39:23.0812 2412 FltMgr - ok
19:39:23.0906 2412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:39:24.0000 2412 Fs_Rec - ok
19:39:24.0109 2412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:39:24.0359 2412 Ftdisk - ok
19:39:24.0421 2412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:39:24.0609 2412 Gpc - ok
19:39:24.0796 2412 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:39:24.0937 2412 gusvc - ok
19:39:25.0062 2412 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:39:25.0062 2412 helpsvc - ok
19:39:25.0093 2412 HidServ - ok
19:39:25.0203 2412 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:39:25.0296 2412 HidUsb - ok
19:39:25.0406 2412 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:39:25.0671 2412 hkmsvc - ok
19:39:25.0765 2412 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
19:39:25.0828 2412 hpn - ok
19:39:25.0968 2412 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
19:39:26.0062 2412 hpt3xx - ok
19:39:26.0281 2412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:39:26.0328 2412 HTTP - ok
19:39:26.0437 2412 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:39:26.0515 2412 HTTPFilter - ok
19:39:26.0609 2412 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:39:26.0640 2412 i2omgmt - ok
19:39:26.0718 2412 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
19:39:26.0781 2412 i2omp - ok
19:39:27.0578 2412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:39:27.0781 2412 i8042prt - ok
19:39:27.0843 2412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:39:27.0921 2412 Imapi - ok
19:39:28.0062 2412 ImapiService (e3fcaedb786eadb9d3983de60ae57946) C:\WINDOWS\System32\ImapiRox.exe
19:39:28.0093 2412 ImapiService - ok
19:39:28.0171 2412 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
19:39:28.0218 2412 ini910u - ok
19:39:28.0296 2412 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:39:28.0343 2412 IntelIde - ok
19:39:28.0406 2412 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
19:39:28.0421 2412 io.sys - ok
19:39:28.0468 2412 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:39:28.0593 2412 ip6fw - ok
19:39:28.0656 2412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:39:28.0718 2412 IpFilterDriver - ok
19:39:28.0765 2412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:39:28.0859 2412 IpInIp - ok
19:39:28.0921 2412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:39:28.0937 2412 IpNat - ok
19:39:29.0000 2412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:39:29.0156 2412 IPSec - ok
19:39:29.0187 2412 IPVNMon - ok
19:39:29.0265 2412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:39:29.0312 2412 IRENUM - ok
19:39:29.0390 2412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:39:29.0468 2412 isapnp - ok
19:39:29.0609 2412 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
19:39:29.0625 2412 JavaQuickStarterService - ok
19:39:29.0671 2412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:39:29.0734 2412 Kbdclass - ok
19:39:29.0812 2412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:39:29.0828 2412 kmixer - ok
19:39:29.0859 2412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:39:29.0875 2412 KSecDD - ok
19:39:29.0968 2412 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:39:29.0984 2412 lanmanserver - ok
19:39:30.0093 2412 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:39:30.0109 2412 lanmanworkstation - ok
19:39:30.0156 2412 Lbd - ok
19:39:30.0187 2412 lbrtfdc - ok
19:39:30.0265 2412 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:39:30.0312 2412 LmHosts - ok
19:39:30.0421 2412 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
19:39:30.0421 2412 LMIInfo - ok
19:39:30.0484 2412 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe
19:39:30.0484 2412 LMIMaint - ok
19:39:30.0546 2412 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
19:39:30.0546 2412 lmimirr - ok
19:39:30.0578 2412 LMIRfsClientNP - ok
19:39:30.0625 2412 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
19:39:30.0625 2412 LMIRfsDriver - ok
19:39:30.0687 2412 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe
19:39:30.0687 2412 LogMeIn - ok
19:39:30.0812 2412 ltmodem5 (e9ebe8ccd1e5b3ca2ddf1765147caca0) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
19:39:30.0906 2412 ltmodem5 - ok
19:39:30.0937 2412 MBAMProtector - ok
19:39:31.0093 2412 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:39:31.0156 2412 MBAMService - ok
19:39:31.0203 2412 MBAMSwissArmy - ok
19:39:31.0281 2412 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:39:31.0343 2412 Messenger - ok
19:39:31.0453 2412 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
19:39:31.0562 2412 mf - ok
19:39:31.0625 2412 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
19:39:31.0687 2412 mmc_2K - ok
19:39:31.0734 2412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:39:31.0781 2412 mnmdd - ok
19:39:31.0843 2412 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
19:39:32.0031 2412 mnmsrvc - ok
19:39:32.0078 2412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:39:32.0093 2412 Modem - ok
19:39:32.0125 2412 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:39:32.0171 2412 MODEMCSA - ok
19:39:32.0234 2412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:39:32.0312 2412 Mouclass - ok
19:39:32.0359 2412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:39:32.0406 2412 mouhid - ok
19:39:32.0453 2412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:39:32.0546 2412 MountMgr - ok
19:39:32.0625 2412 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:39:32.0625 2412 MpFilter - ok
19:39:32.0859 2412 MpKslbf6d1a94 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C5DC4F7-265B-4910-8999-4CA66CAD3CCE}\MpKslbf6d1a94.sys
19:39:32.0859 2412 MpKslbf6d1a94 - ok
19:39:32.0953 2412 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
19:39:33.0000 2412 mraid35x - ok
19:39:33.0281 2412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:39:33.0296 2412 MRxDAV - ok
19:39:33.0343 2412 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
19:39:33.0437 2412 MSDTC - ok
19:39:33.0500 2412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:39:33.0703 2412 Msfs - ok
19:39:33.0781 2412 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
19:39:33.0812 2412 Msikbd2k - ok
19:39:33.0843 2412 MSIServer - ok
19:39:33.0906 2412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:39:33.0937 2412 MSKSSRV - ok
19:39:34.0125 2412 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:39:34.0125 2412 MsMpSvc - ok
19:39:34.0156 2412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:39:34.0187 2412 MSPCLOCK - ok
19:39:34.0234 2412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:39:34.0281 2412 MSPQM - ok
19:39:34.0359 2412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:39:34.0375 2412 mssmbios - ok
19:39:34.0421 2412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:39:34.0468 2412 MSTEE - ok
19:39:34.0531 2412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:39:34.0546 2412 Mup - ok
19:39:34.0593 2412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:39:34.0687 2412 NABTSFEC - ok
19:39:34.0781 2412 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:39:34.0968 2412 napagent - ok
19:39:35.0031 2412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:39:35.0171 2412 NDIS - ok
19:39:35.0250 2412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:39:35.0296 2412 NdisIP - ok
19:39:35.0343 2412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:39:35.0359 2412 NdisTapi - ok
19:39:35.0406 2412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:39:35.0453 2412 Ndisuio - ok
19:39:35.0500 2412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:39:35.0656 2412 NdisWan - ok
19:39:35.0750 2412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:39:35.0750 2412 NDProxy - ok
19:39:35.0796 2412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:39:35.0875 2412 NetBIOS - ok
19:39:35.0968 2412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:39:36.0062 2412 NetBT - ok
19:39:36.0156 2412 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:39:36.0515 2412 NetDDE - ok
19:39:36.0546 2412 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:39:36.0546 2412 NetDDEdsdm - ok
19:39:36.0609 2412 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:39:36.0609 2412 Netlogon - ok
19:39:36.0703 2412 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:39:36.0718 2412 Netman - ok
19:39:36.0796 2412 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:39:36.0812 2412 Nla - ok
19:39:36.0890 2412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:39:36.0953 2412 Npfs - ok
19:39:37.0062 2412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:39:37.0156 2412 Ntfs - ok
19:39:37.0203 2412 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:39:37.0203 2412 NtLmSsp - ok
19:39:37.0281 2412 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:39:37.0453 2412 NtmsSvc - ok
19:39:37.0515 2412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:39:37.0531 2412 Null - ok
19:39:37.0765 2412 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:39:37.0921 2412 nv - ok
19:39:38.0156 2412 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
19:39:38.0234 2412 nv4 - ok
19:39:38.0281 2412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:39:38.0343 2412 NwlnkFlt - ok
19:39:38.0375 2412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:39:38.0453 2412 NwlnkFwd - ok
19:39:38.0531 2412 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
19:39:38.0593 2412 P3 - ok
19:39:38.0640 2412 PalmUSBD - ok
19:39:38.0703 2412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:39:38.0812 2412 Parport - ok
19:39:38.0859 2412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:39:38.0906 2412 PartMgr - ok
19:39:38.0953 2412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:39:38.0953 2412 ParVdm - ok
19:39:39.0000 2412 PCAMPR5 - ok
19:39:39.0062 2412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:39:39.0156 2412 PCI - ok
19:39:39.0203 2412 PCIDump - ok
19:39:39.0265 2412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
19:39:39.0281 2412 PCIIde - ok
19:39:39.0328 2412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:39:39.0484 2412 Pcmcia - ok
19:39:39.0656 2412 PCToolsSSDMonitorSvc (984fcaf5834bdea232822ef5ca20ec4e) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
19:39:39.0703 2412 PCToolsSSDMonitorSvc - ok
19:39:39.0750 2412 PDCOMP - ok
19:39:39.0781 2412 PDFRAME - ok
19:39:39.0812 2412 PDRELI - ok
19:39:39.0843 2412 PDRFRAME - ok
19:39:39.0906 2412 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
19:39:39.0953 2412 perc2 - ok
19:39:39.0984 2412 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
19:39:40.0046 2412 perc2hib - ok
19:39:40.0203 2412 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:39:40.0203 2412 PlugPlay - ok
19:39:40.0281 2412 Pml Driver HPH11 (e5204e28a4c7e8eca7f558e2fab92a89) C:\WINDOWS\System32\HPHipm11.exe
19:39:40.0531 2412 Pml Driver HPH11 - ok
19:39:40.0609 2412 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:39:40.0625 2412 PolicyAgent - ok
19:39:40.0687 2412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:39:40.0812 2412 PptpMiniport - ok
19:39:40.0859 2412 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:39:40.0921 2412 Processor - ok
19:39:40.0968 2412 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:40.0968 2412 ProtectedStorage - ok
19:39:41.0000 2412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:39:41.0140 2412 PSched - ok
19:39:41.0171 2412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:39:41.0203 2412 Ptilink - ok
19:39:41.0281 2412 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
19:39:41.0328 2412 pwd_2K - ok
19:39:41.0406 2412 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:39:41.0406 2412 PxHelp20 - ok
19:39:41.0468 2412 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
19:39:41.0531 2412 ql1080 - ok
19:39:41.0578 2412 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
19:39:41.0625 2412 Ql10wnt - ok
19:39:41.0671 2412 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
19:39:41.0703 2412 ql12160 - ok
19:39:41.0734 2412 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
19:39:41.0796 2412 ql1240 - ok
19:39:41.0843 2412 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
19:39:41.0906 2412 ql1280 - ok
19:39:41.0953 2412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:39:41.0968 2412 RasAcd - ok
19:39:42.0078 2412 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:39:42.0218 2412 RasAuto - ok
19:39:42.0281 2412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:39:42.0359 2412 Rasl2tp - ok
19:39:42.0421 2412 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:39:42.0437 2412 RasMan - ok
19:39:42.0468 2412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:39:42.0546 2412 RasPppoe - ok
19:39:42.0593 2412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:39:42.0625 2412 Raspti - ok
19:39:42.0687 2412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:39:42.0937 2412 Rdbss - ok
19:39:42.0984 2412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:39:43.0000 2412 RDPCDD - ok
19:39:43.0093 2412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:39:43.0343 2412 rdpdr - ok
19:39:43.0406 2412 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:39:43.0421 2412 RDPWD - ok
19:39:43.0500 2412 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:39:43.0734 2412 RDSessMgr - ok
19:39:43.0812 2412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:39:43.0890 2412 redbook - ok
19:39:43.0968 2412 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:39:44.0109 2412 RemoteAccess - ok
19:39:44.0187 2412 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
19:39:44.0312 2412 RpcLocator - ok
19:39:44.0390 2412 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:39:44.0406 2412 RpcSs - ok
19:39:44.0453 2412 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
19:39:44.0593 2412 RSVP - ok
19:39:44.0656 2412 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:39:44.0703 2412 rtl8139 - ok
19:39:44.0750 2412 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:44.0765 2412 SamSs - ok
19:39:44.0937 2412 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:39:44.0937 2412 SASDIFSV - ok
19:39:45.0031 2412 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:39:45.0031 2412 SASKUTIL - ok
19:39:45.0140 2412 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
19:39:45.0156 2412 SbFw - ok
19:39:45.0218 2412 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
19:39:45.0218 2412 sbhips - ok
19:39:45.0281 2412 SBRE - ok
19:39:45.0343 2412 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
19:39:45.0359 2412 SbTis - ok
19:39:45.0437 2412 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:39:45.0578 2412 SCardSvr - ok
19:39:45.0671 2412 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:39:45.0781 2412 Schedule - ok
19:39:45.0859 2412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:39:45.0953 2412 Secdrv - ok
19:39:46.0015 2412 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:39:46.0031 2412 seclogon - ok
19:39:46.0234 2412 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:39:46.0234 2412 SENS - ok
19:39:46.0312 2412 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:39:46.0359 2412 serenum - ok
19:39:46.0406 2412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:39:46.0593 2412 Serial - ok
19:39:46.0640 2412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:39:46.0687 2412 Sfloppy - ok
19:39:46.0765 2412 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:39:46.0781 2412 SharedAccess - ok
19:39:46.0859 2412 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:39:46.0875 2412 ShellHWDetection - ok
19:39:46.0906 2412 Simbad - ok
19:39:46.0968 2412 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
19:39:47.0062 2412 sisagp - ok
19:39:47.0156 2412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:39:47.0203 2412 SLIP - ok
19:39:47.0281 2412 smwdm (bd3e236281547c681dfc7c947531b726) C:\WINDOWS\system32\drivers\smwdm.sys
19:39:47.0312 2412 smwdm - ok
19:39:47.0375 2412 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
19:39:47.0437 2412 Sparrow - ok
19:39:47.0468 2412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:39:47.0484 2412 splitter - ok
19:39:47.0546 2412 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:39:47.0546 2412 Spooler - ok
19:39:47.0796 2412 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
19:39:48.0140 2412 SpyHunter 4 Service - ok
19:39:48.0218 2412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:39:48.0375 2412 sr - ok
19:39:48.0437 2412 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
19:39:48.0453 2412 srservice - ok
19:39:48.0531 2412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:39:48.0546 2412 Srv - ok
19:39:48.0625 2412 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:39:48.0625 2412 SSDPSRV - ok
19:39:48.0703 2412 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:39:48.0734 2412 StillCam - ok
19:39:48.0812 2412 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:39:48.0828 2412 stisvc - ok
19:39:48.0875 2412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:39:48.0906 2412 streamip - ok
19:39:48.0968 2412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:39:48.0984 2412 swenum - ok
19:39:49.0062 2412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:39:49.0078 2412 swmidi - ok
19:39:49.0093 2412 SwPrv - ok
19:39:49.0328 2412 Symantec Core LC (43cfca936d211bf7f1cde1ddf807cb76) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
19:39:49.0390 2412 Symantec Core LC - ok
19:39:49.0484 2412 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
19:39:49.0515 2412 symc810 - ok
19:39:49.0578 2412 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
19:39:49.0656 2412 symc8xx - ok
19:39:49.0750 2412 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
19:39:49.0750 2412 symlcbrd - ok
19:39:49.0796 2412 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
19:39:49.0843 2412 sym_hi - ok
19:39:49.0890 2412 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
19:39:49.0953 2412 sym_u3 - ok
19:39:50.0015 2412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:39:50.0015 2412 sysaudio - ok
19:39:50.0109 2412 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:39:50.0312 2412 SysmonLog - ok
19:39:50.0390 2412 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:39:50.0421 2412 TapiSrv - ok
19:39:50.0500 2412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:39:50.0531 2412 Tcpip - ok
19:39:50.0578 2412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:39:50.0578 2412 TDPIPE - ok
19:39:50.0625 2412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:39:50.0640 2412 TDTCP - ok
19:39:50.0687 2412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:39:50.0703 2412 TermDD - ok
19:39:50.0781 2412 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:39:50.0812 2412 TermService - ok
19:39:50.0890 2412 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:39:50.0890 2412 Themes - ok
19:39:50.0953 2412 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
19:39:50.0984 2412 TosIde - ok
19:39:51.0093 2412 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:39:51.0093 2412 TrkWks - ok
19:39:51.0203 2412 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
19:39:51.0296 2412 UdfReadr_xp - ok
19:39:51.0359 2412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:39:51.0468 2412 Udfs - ok
19:39:51.0515 2412 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
19:39:51.0562 2412 ultra - ok
19:39:51.0640 2412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:39:51.0703 2412 Update - ok
19:39:51.0781 2412 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:39:51.0890 2412 upnphost - ok
19:39:51.0937 2412 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:39:52.0140 2412 UPS - ok
19:39:52.0250 2412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:39:52.0312 2412 usbccgp - ok
19:39:52.0375 2412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:39:52.0500 2412 usbhub - ok
19:39:52.0562 2412 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:39:52.0625 2412 usbprint - ok
19:39:52.0703 2412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:39:52.0750 2412 usbscan - ok
19:39:52.0796 2412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:39:52.0859 2412 USBSTOR - ok
19:39:52.0890 2412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:39:52.0953 2412 usbuhci - ok
19:39:53.0015 2412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:39:53.0062 2412 VgaSave - ok
19:39:53.0109 2412 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
19:39:53.0187 2412 viaagp - ok
19:39:53.0218 2412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:39:53.0250 2412 ViaIde - ok
19:39:53.0312 2412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:39:53.0406 2412 VolSnap - ok
19:39:53.0468 2412 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:39:53.0718 2412 VSS - ok
19:39:53.0781 2412 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
19:39:53.0812 2412 W32Time - ok
19:39:53.0859 2412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:39:53.0953 2412 Wanarp - ok
19:39:54.0046 2412 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:39:54.0109 2412 wanatw - ok
19:39:54.0187 2412 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:39:54.0250 2412 wceusbsh - ok
19:39:54.0281 2412 WDICA - ok
19:39:54.0359 2412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:39:54.0359 2412 wdmaud - ok
19:39:54.0437 2412 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:39:54.0437 2412 WebClient - ok
19:39:54.0500 2412 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:39:54.0515 2412 winmgmt - ok
19:39:54.0609 2412 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:39:54.0750 2412 WmdmPmSN - ok
19:39:54.0828 2412 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:39:55.0015 2412 WmiApSrv - ok
19:39:55.0203 2412 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:39:56.0046 2412 WMPNetworkSvc - ok
19:39:56.0156 2412 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:39:56.0234 2412 WS2IFSL - ok
19:39:56.0296 2412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:39:56.0343 2412 WSTCODEC - ok
19:39:56.0406 2412 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:39:56.0421 2412 wuauserv - ok
19:39:56.0500 2412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:39:56.0640 2412 WudfPf - ok
19:39:56.0703 2412 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:39:56.0812 2412 WudfRd - ok
19:39:56.0906 2412 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:39:56.0984 2412 WudfSvc - ok
19:39:57.0093 2412 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:39:57.0265 2412 WZCSVC - ok
19:39:57.0375 2412 XIRLINK (57fa8fde401b35216e687d5c32d0632b) C:\WINDOWS\system32\DRIVERS\ucdnt.sys
19:39:57.0484 2412 XIRLINK - ok
19:39:57.0578 2412 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:39:57.0671 2412 xmlprov - ok
19:39:57.0843 2412 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:39:57.0859 2412 YahooAUService - ok
19:39:57.0984 2412 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
19:39:58.0093 2412 ZD1211BU(ZyDAS) - ok
19:39:58.0218 2412 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:39:58.0484 2412 \Device\Harddisk0\DR0 - ok
19:39:58.0546 2412 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR4
19:39:59.0921 2412 \Device\Harddisk1\DR4 - ok
19:39:59.0953 2412 Boot (0x1200) (14c8dd1efda9d4112e21ca4750cf82f7) \Device\Harddisk0\DR0\Partition0
19:39:59.0968 2412 \Device\Harddisk0\DR0\Partition0 - ok
19:40:00.0000 2412 Boot (0x1200) (48f40cb1390cf4793e17cab07a3d5acf) \Device\Harddisk1\DR4\Partition0
19:40:00.0015 2412 \Device\Harddisk1\DR4\Partition0 - ok
19:40:00.0015 2412 ============================================================
19:40:00.0015 2412 Scan finished
19:40:00.0015 2412 ============================================================
19:40:00.0093 3164 Detected object count: 0
19:40:00.0093 3164 Actual detected object count: 0
19:40:54.0781 2320 Deinitialize success


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-29 21:36:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJB-00PVA0 rev.00.07H00
Running: eh6n0urz.exe; Driver: C:\DOCUME~1\JOHNMC~1\LOCALS~1\Temp\uwtyapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF44B4640]

---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket F8C76345 45 Bytes [F6, C1, 01, 74, 0A, D1, E9, ...]
.text KDCOM.DLL!KdSendPacket F8C76373 8 Bytes [55, 8B, EC, 51, 51, 83, 65, ...]
.text KDCOM.DLL!KdSendPacket F8C7637C 9 Bytes [83, 7D, 0C, 00, 8A, 81, 00, ...]
.text KDCOM.DLL!KdD0Transition F8C76386 26 Bytes [8A, 91, 01, 01, 00, 00, 0F, ...]
.text KDCOM.DLL!KdD0Transition + 1C F8C763A2 27 Bytes [80, 79, 07, 48, 0D, 00, FF, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 18 F8C763BE 111 Bytes [00, 80, 79, 08, 4A, 81, CA, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 88 F8C7642E 22 Bytes [56, 57, 85, DB, 75, 07, B8, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 9F F8C76445 10 Bytes [A0, 00, C0, EB, 34, FF, 73, ...]
.text KDCOM.DLL!KdDebuggerInitialize1 + 5 F8C76451 84 Bytes [00, 8B, F3, 8D, BD, 00, FE, ...]
.text KDCOM.DLL!KdRestore + 46 F8C764A6 135 Bytes [03, 45, FC, 6A, 10, 50, FF, ...]
.text KDCOM.DLL!KdRestore + CE F8C7652E 37 Bytes [BF, 00, 00, 00, C0, 8B, C8, ...]
.text KDCOM.DLL!KdRestore + F4 F8C76554 39 Bytes [2A, FF, FF, FF, 8B, C8, 23, ...]
.text KDCOM.DLL!KdRestore + 11D F8C7657D 122 Bytes CALL F8C76482 \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text KDCOM.DLL!KdRestore + 198 F8C765F8 4 Bytes [C6, 05, 80, 78]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 3D F8C76F89 55 Bytes [F8, 89, 5F, 78, C6, 47, 7C, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 75 F8C76FC1 96 Bytes [00, 00, 53, FF, 15, AC, 62, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D6 F8C77022 40 Bytes [E4, 33, C0, EB, 05, 1B, C0, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + FF F8C7704B 4 Bytes [EB, 0B, 0F, B7]
PAGEKD KDCOM.DLL!KdReceivePacket + 104 F8C77050 1 Byte [FC]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 39 F8C771EB 34 Bytes [8A, 08, 40, 84, C9, 75, F9, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 5C F8C7720E 57 Bytes [00, 6A, 64, 8D, 45, 98, 6A, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 97 F8C77249 134 Bytes [59, 8B, D0, 66, 8B, 08, 83, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [F8C765A6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [F8C765B0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [F8C765E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [F8C765D4] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [F8C765BA] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [F8C765EC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [F8C765C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [F8C765F8] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F8C765E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!WRITE_REGISTER_UCHAR] 006C6C64
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!READ_REGISTER_UCHAR] 6C6C642E
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!HalPrivateDispatchTable] 8B550000
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KeFindConfigurationEntry] C88351EC
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!InbvDisplayString] 087D83FF
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KdDebuggerNotPresent] 573E7400
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!_strupr] FF3AB60F
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!strstr] B60F084D
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!MmMapIoSpace] 42CF33C8
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!atol] 00FC45C7
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 00000032
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 00000000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs F30F5400

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB28352$\1681001202 0 bytes
File C:\WINDOWS\$NtUninstallKB28352$\1681001202\L 0 bytes
File C:\WINDOWS\$NtUninstallKB28352$\1681001202\U 0 bytes
File C:\WINDOWS\$NtUninstallKB28352$\3700525371 0 bytes

---- EOF - GMER 1.0.15 ----


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 21:38:25
-----------------------------
21:38:25.203 OS Version: Windows 5.1.2600 Service Pack 3
21:38:25.203 Number of processors: 1 586 0x102
21:38:25.203 ComputerName: DHGD7B11 UserName:
21:38:26.062 Initialize success
21:41:22.765 AVAST engine defs: 12042901
21:41:49.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:41:49.109 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
21:41:49.218 Disk 0 MBR read successfully
21:41:49.218 Disk 0 MBR scan
21:41:49.312 Disk 0 Windows XP default MBR code
21:41:49.359 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 2047 MB offset 63
21:41:49.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 150577 MB offset 4192965
21:41:49.484 Disk 0 scanning sectors +312581792
21:41:49.890 Disk 0 scanning C:\WINDOWS\system32\drivers
21:43:06.703 Service scanning
21:43:07.281 Service .mrxsmb \? **LOCKED** 123
21:43:16.640 Service MpKslbf6d1a94 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C5DC4F7-265B-4910-8999-4CA66CAD3CCE}\MpKslbf6d1a94.sys **LOCKED** 32
21:43:30.000 Modules scanning
21:44:37.031 Disk 0 trace - called modules:
21:44:37.125 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:44:37.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833a1ab8]
21:44:37.156 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833ed030]
21:44:38.468 AVAST engine scan C:\WINDOWS
21:45:18.921 File: C:\WINDOWS\TrueInstall.exe **INFECTED** Win32:Malware-gen
21:46:14.593 AVAST engine scan C:\WINDOWS\system32
22:00:14.718 AVAST engine scan C:\WINDOWS\system32\drivers
22:02:57.953 AVAST engine scan C:\Documents and Settings\John Mc
22:28:46.593 AVAST engine scan C:\Documents and Settings\All Users
22:34:29.109 Scan finished successfully
22:36:23.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Mc\Desktop\MBR.dat"
22:36:23.890 The log file has been saved successfully to "C:\Documents and Settings\John Mc\Desktop\aswMBR.txt"

Edited by Boris4ka, 30 April 2012 - 01:00 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 30 April 2012 - 01:02 AM

Download

Fix zero access

launch it,allow it to restart the PC,let me know if it finds infections in reboot

Rerun aswmbr again and post the new log

Run malwarebytes in normal mode(full scan),post the clean log alone

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Boris4ka

Boris4ka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 April 2012 - 01:12 AM

Thanks, I'll have to do that tomorrow. For now, aswMBR did find something as you can see in the logs - can I remove it manually, or should I just follow your new instructions? Or did aswMBR remove that infection and the locked file?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 30 April 2012 - 01:23 AM

Do not remove anything.I would give you next set of instructions tomorrow :thumbup2:

good luck

#7 Boris4ka

Boris4ka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 April 2012 - 06:37 PM

Fix Zero Access found no infections. Here are the logs:

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 09:02:32
-----------------------------
09:02:32.359 OS Version: Windows 5.1.2600 Service Pack 3
09:02:32.359 Number of processors: 1 586 0x102
09:02:32.359 ComputerName: DHGD7B11 UserName:
09:02:32.765 Initialize success
09:02:50.812 AVAST engine defs: 12042901
09:03:53.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:03:53.484 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
09:03:53.500 Disk 0 MBR read successfully
09:03:53.515 Disk 0 MBR scan
09:03:53.578 Disk 0 Windows XP default MBR code
09:03:53.593 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 2047 MB offset 63
09:03:53.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 150577 MB offset 4192965
09:03:53.625 Disk 0 scanning sectors +312576705
09:03:53.750 Disk 0 scanning C:\WINDOWS\system32\drivers
09:04:15.843 Service scanning
09:04:16.468 Service .mrxsmb \? **LOCKED** 123
09:04:39.625 Modules scanning
09:04:47.578 Disk 0 trace - called modules:
09:04:47.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
09:04:47.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83360ab8]
09:04:47.640 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833e5030]
09:04:48.859 AVAST engine scan C:\WINDOWS
09:04:56.968 File: C:\WINDOWS\TrueInstall.exe **INFECTED** Win32:Malware-gen
09:04:59.265 AVAST engine scan C:\WINDOWS\system32
09:08:12.390 AVAST engine scan C:\WINDOWS\system32\drivers
09:08:37.828 AVAST engine scan C:\Documents and Settings\John Mc
09:14:05.421 AVAST engine scan C:\Documents and Settings\All Users
09:15:29.218 Scan finished successfully
09:18:53.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Mc\Desktop\MBR.dat"
09:18:53.140 The log file has been saved successfully to "C:\Documents and Settings\John Mc\Desktop\aswMBR2.txt"


MBAM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John Mc :: DHGD7B11 [administrator]

Protection: Disabled

4/30/2012 9:20:37 AM
mbam-log-2012-04-30 (09-20-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 288817
Time elapsed: 31 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1907\A0101627.exe a variant of Win32/Kryptik.AEXD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1907\A0101693.exe a variant of Win32/Kryptik.AEWT trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1907\A0101694.exe a variant of Win32/Kryptik.AEWT trojan cleaned by deleting - quarantined


mini toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by John Mc (administrator) on 30-04-2012 at 16:14:04
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DHGD7B11

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-40-05-04-39-9D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.116

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.201.224.11

208.201.224.33

Lease Obtained. . . . . . . . . . : Monday, April 30, 2012 2:57:19 PM

Lease Expires . . . . . . . . . . : Tuesday, May 01, 2012 2:57:19 PM

Server: ns1.sonic.net
Address: 208.201.224.11

Name: google.com
Addresses: 74.125.224.136, 74.125.224.133, 74.125.224.129, 74.125.224.132
74.125.224.131, 74.125.224.128, 74.125.224.135, 74.125.224.130, 74.125.224.137
74.125.224.134, 74.125.224.142



Pinging google.com [74.125.224.110] with 32 bytes of data:



Reply from 74.125.224.110: bytes=32 time=22ms TTL=55

Reply from 74.125.224.110: bytes=32 time=22ms TTL=55



Ping statistics for 74.125.224.110:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 22ms, Average = 22ms

Server: ns1.sonic.net
Address: 208.201.224.11

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=21ms TTL=54

Reply from 72.30.38.140: bytes=32 time=47ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 47ms, Average = 34ms

Server: ns1.sonic.net
Address: 208.201.224.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 05 04 39 9d ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.116 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.116 192.168.1.116 20
192.168.1.116 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.116 192.168.1.116 20
224.0.0.0 240.0.0.0 192.168.1.116 192.168.1.116 20
255.255.255.255 255.255.255.255 192.168.1.116 192.168.1.116 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/29/2012 02:28:59 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8304.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/28/2012 05:21:46 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8304.0, P3 1.125.749.0, P4 1.125.749.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (04/28/2012 04:09:12 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8304.0, P3 1.125.749.0, P4 1.125.749.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (04/27/2012 02:30:06 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8304.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/26/2012 05:53:55 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (04/26/2012 04:52:32 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070005morrobootstraper__cinstallflow__internalrun - getbackupactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (04/26/2012 04:52:24 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/24/2012 03:53:27 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/24/2012 03:53:26 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/24/2012 03:53:21 PM) (Source: Microsoft Security Client) (User: )
Description: Microsoft Security ClientFEP clean-up policy0x80040154


System errors:
=============
Error: (04/30/2012 02:56:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (04/30/2012 09:00:29 AM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (04/30/2012 08:59:02 AM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.

Error: (04/30/2012 08:57:04 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (04/30/2012 08:57:04 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/29/2012 02:28:59 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8304.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (04/28/2012 05:21:46 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8304.01.125.749.01.125.749.0trojan_win32_fakesysdefNILNILNILNILNIL

Error: (04/28/2012 04:09:12 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8304.01.125.749.01.125.749.0trojan_win32_fakesysdefNILNILNILNILNIL

Error: (04/27/2012 02:30:06 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8304.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (04/26/2012 05:53:55 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (04/26/2012 04:52:32 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070005morrobootstraper__cinstallflow__internalrun - getbackupactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (04/26/2012 04:52:24 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.0.1526.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/24/2012 03:53:27 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/24/2012 03:53:26 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (04/24/2012 03:53:21 PM) (Source: Microsoft Security Client)(User: )
Description: Microsoft Security ClientFEP clean-up policy0x80040154


=========================== Installed Programs ============================

2WIRE Wireless LAN - USB Driver
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
ArcSoft MediaImpression 2 (Version: 2.0.47.514)
ArcSoft Panorama Maker 3
ATI Display Driver
ATT-RemoteControl
att.net Toolbar
Brother MFL-Pro Suite (Version: 1.00.000)
Carbonite Online Backup Setup (Version: 3.7.3)
CCleaner (Version: 2.35)
CleanUp!
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (Version: 1.21)
Dell Picture Studio - Image Expert 2000
Dell Solution Center (Version: 1.00.0000)
DellTouch
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
ESET Online Scanner v3
Family Tree Maker 7.5
Form Viewer (Version: 3.2.4)
Google Chrome (Version: 18.0.1025.162)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
Help and Support Customization (Version: 1.00.0000)
hp instant support (Version: 4.03.03)
HP Photo and Imaging 1.0 - HP Photosmart Printer Series (Version: 1.1.0000)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
KODAK EASYSHARE Gallery Upload ActiveX Control
LogMeIn (Version: 4.0.784)
Lucent Win Modem
Macromedia Shockwave Player
Magellan RoadMate Tools
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Easy Assist (Version: 1.0.2028.0)
Microsoft Encarta Encyclopedia Standard 2002 (Version: 2002)
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002 (Version: 10.0.50)
Microsoft Money 2002 System Pack (Version: 10.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Picture It! Photo 2002 (Version: 6.0.0.0000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Streets and Trips 2002 (Version: 9.00.17.0200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.0000)
Modem Helper
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Nikon Message Center (Version: 0.91.000)
Norton 360 (Version: 1.0.0.184)
PaperPort (Version: 9.02.0827)
PC Access for Windows
PDFCreator (Version: 0.9.9)
PhoneTools
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 3 (Version: 3.8)
PictureProject In Touch 1.0 (Version: 1.0)
PictureProject In Touch Downloader 1.0 (Version: 1.0)
QuickTime
RealPlayer Basic
Registry Mechanic 9.0 (Version: 9.0)
SBC Yahoo! DSL Utilities
Shockwave Player (Version: 8.5.0.326)
Spybot - Search & Destroy (Version: 1.6.0)
SpyHunter (Version: 4.8.13.3861)
Stamps.com (Version: 7.2.0.1757)
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003 (Version: 6.2.1.1489)
Stamps.com support for Microsoft Word 2000-2007
SUPERAntiSpyware (Version: 5.0.1148)
System Checkup 3.1 (Version: 3.1.0.37)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoLAN VLC media player 0.8.6f (Version: 0.8.6f)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.5318)
Windows Defender (Version: 1.1.1593.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WINForms Desktop
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Yahoo! BrowserPlus 2.8.1
Yahoo! Software Update
zipForm6 (Version: 1.0.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 511.01 MB
Available physical RAM: 329.35 MB
Total Pagefile: 863.46 MB
Available Pagefile: 629.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.15 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:147.05 GB) (Free:130.7 GB) NTFS
4 Drive e: () (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant John Mc LogMeInRemoteUser
SUPPORT_388945a0 SUPPORT_3f151ab9


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 30 April 2012 - 07:10 PM

Browse to this location and delete the file

C:\WINDOWS\TrueInstall.exe

Download

FSS

Launch it and type

mrxsmb.sys in search box and click on search files

Post the generated log

#9 Boris4ka

Boris4ka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 April 2012 - 07:56 PM

File deleted. I also noticed there is a file there called TrueProcess.exe. Should I delete that one too?

FSS log:

Farbar Service Scanner Version: 30-04-2012 01
Ran by John Mc (administrator) on 30-04-2012 at 17:50:32
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "mrxsmb.sys" =========

C:\WINDOWS\SYSTEM32\DLLCACHE\mrxsmb.sys
[2003-02-05 17:12] - [2011-07-15 06:29] - 0456320 ____A (Microsoft Corporation) 7D304A5EB4344EBEEAB53A2FE3FFB9F0

C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2004-05-03 12:40] - [2008-04-14 00:47] - 0456576 ____N (Microsoft Corporation) 68755F0FF16070178B54674FE5B847B0

C:\WINDOWS\Driver Cache\I386\mrxsmb.sys
[2008-11-12 12:48] - [2011-07-15 06:29] - 0456320 ____N (Microsoft Corporation) 7D304A5EB4344EBEEAB53A2FE3FFB9F0

C:\WINDOWS\$xpsp1hfm$\Q810577\mrxsmb.sys
[2003-02-05 17:11] - [2002-11-18 11:27] - 0392576 ___AC (Microsoft Corporation) D4BD5EF775AD4FB0B8E3786F674DABDD

C:\WINDOWS\$NtUninstallQ810577_RTM$\mrxsmb.sys
[2003-02-05 17:12] - [2001-08-18 05:00] - 0407680 ____C (Microsoft Corporation) A3AD34D36242E92C86B0C1BFBD131255

C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
[2004-05-03 13:28] - [2002-08-29 01:59] - 0407552 ____C (Microsoft Corporation) 7A3A2BE44E12E2ABDE1AF891E83AC130

C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2010-04-13 17:13] - [2009-12-04 11:22] - 0455424 ____C (Microsoft Corporation) 421F7B922CEC5A5F340E7574A98F7B7C

C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2010-02-10 17:34] - [2008-10-24 04:21] - 0455296 ____C (Microsoft Corporation) 60AE98742484E7AB80C3C1450E708148

C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008-11-12 18:08] - [2008-04-14 00:47] - 0456576 ____C (Microsoft Corporation) 68755F0FF16070178B54674FE5B847B0

C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2006-06-15 03:01] - [2005-01-18 21:26] - 0451584 ____C (Microsoft Corporation) 5DDC9A1B2EB5A4BF010CE8C019A18C1F

C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2004-12-17 04:00] - [2004-08-03 23:15] - 0451456 ____C (Microsoft Corporation) 1FD607FC67F7F7C633C3DA65BFC53D18

C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
[2005-02-11 04:01] - [2004-10-27 18:14] - 0448128 ____C (Microsoft Corporation) C9D17DAA82B917CF2FD6E4F595974934

C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys
[2011-08-12 08:42] - [2011-04-29 09:19] - 0456320 ____C (Microsoft Corporation) 0DC719E9B15E902346E87E9DCD5751FA

C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2011-06-15 10:41] - [2011-02-17 06:18] - 0455936 ____C (Microsoft Corporation) 0EA4D8ED179B75F8AFA7998BA22285CA

C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2011-04-14 17:39] - [2010-02-24 06:11] - 0455680 ____C (Microsoft Corporation) F3AEFB11ABC521122B67095044169E98

C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2008-07-18 17:54] - [2006-05-05 02:41] - 0453120 ____C (Microsoft Corporation) 025AF03CE51645C62F3B6907A7E2BE5E

C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010-04-13 12:39] - [2010-02-24 04:57] - 0457216 ____A (Microsoft Corporation) D09B9F0B9960DD41E73127B7814C115F

C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2010-02-10 10:56] - [2009-12-04 10:25] - 0456832 ____A (Microsoft Corporation) 602549D1E8A622E5746991F6C56B21CA

C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2008-11-12 12:48] - [2008-10-24 04:41] - 0455936 ____A (Microsoft Corporation) 7170AB42B51954DEF2781A4D1CCE65F4

C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2006-05-05 03:16] - [2006-05-05 03:16] - 0454400 ____A (Microsoft Corporation) 7412CE77C6FD823F8889B4DF420C680B

C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004-10-27 18:15] - [2004-10-27 18:15] - 0448128 ____A (Microsoft Corporation) A1BE3CB080DCC0A8270D21E3CA3B7005

C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2005-01-18 20:51] - [2005-01-18 20:51] - 0451584 ____A (Microsoft Corporation) 7B195060FF456FA65954C72C5C1640FF

C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
[2011-08-11 10:44] - [2011-07-15 06:29] - 0457856 ____A (Microsoft Corporation) FB2FCCC70F7174C7BF64F48E96D3ADF4

C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2011-06-14 11:53] - [2011-04-29 09:47] - 0457856 ____A (Microsoft Corporation) 8DD801E28EB76FDA2A38907882A0036F

C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
[2011-04-14 10:50] - [2011-02-17 06:19] - 0457472 ____A (Microsoft Corporation) FB7DFD15D760AD339837A470F0E780D3

C:\I386\MRXSMB.SYS
[2002-03-26 12:45] - [2001-08-18 05:00] - 0407680 ____A (Microsoft Corporation) A3AD34D36242E92C86B0C1BFBD131255

====== End Of Search ======

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 30 April 2012 - 08:31 PM

Copy this file

C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys

to C:\WINDOWS\system32\drivers folder

Delete the true process file too

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Your System memory is low(512 MB)and you have multiple security softwares:norton 360,spybot,super antispyware,spyhunter,microsoft security essentials,ad aware.This may degrade system performance.Upgrade your RAM and make sure to uninstall unwanted softwares.

Safe surfing :)

#11 Boris4ka

Boris4ka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 30 April 2012 - 09:43 PM

Thanks! It seems to be working now, nothing's being redirected anymore.

The only active antivirus program is MSE, the rest have been uninstalled throughout this computer's life. I'm about to remove the few I did install just for this task. And as I said, this is not my computer, I'm just doing this for someone I know. I've tried convincing them to upgrade before.

Now I'm curious, what exactly was wrong and what fixed it? I'm an expert computer user with both hardware and software, but I've never had to deal with such serious infections before, because my own computers are always clean - the last virus I got was 10 years ago.

Thanks again for the help! :thumbsup:

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 30 April 2012 - 10:56 PM

what exactly was wrong and what fixed it?

master boot record(MBR) was infected by the rootkit which was repaired by FIXTDSS tool.

You were infected by the SMART HDD which usually bundles itself with a rootkit.Hope that clears your doubt.

safe surfing :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users