Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus jumping from laptop to laptop? Remote access?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Bobbinet

Bobbinet

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 08 June 2012 - 01:34 PM

First let me say when I have had issues, I have always trusted this site.
I was using a Vista laptop and it started having issues. I went online and tried to fix it myself. It was getting slow and very busy. It started losing internet connectivity, but the router was fine. I would have to reconnect to server, often! Att sent me a new wireless N router. I was able to connect for a few minutes and now not at all. Att wont help as they say it is a "computer issue". They said it was connected to a "group". Well we have a older laptop (the one I am on) and it has issues now. It has not been being used because if it gets bumped it messes up and II have to push on hard-drive and restart, (long story) Anyway... Since I have no other options, I started using it. It is XP. It was running at 100% cpu on the iexplore. I would disable it. I figured it was a virus, went into hklm and changed the shell to correct setting from Explorer to explorer, (This did not matter as the next day it corrected itself) I thought it helped at first as it quieted down and my google page looked different. My speakers were making a noise like someone touching a microphone, The volumn was already choppy when we stopped using it long ago. Most likely a virus even then, as it happened suddenly. While I was checking folders I went into logged firewall events and this computer was hit thousand's of times from my IP address of the Vista, on 5/27. Also today while watching the task manager i saw "ping" flash one time. I dont think thats normal. When looking at networking tab of the Task manager it showes activity at the bottom. I dont want to be part of a group domain. I ran a combo fix, prior to getting the idea of coming for help because I was sick of problems. It seems to have helped some. Can someone help me check this computer and then maybe the vista one next? I think I have multiple viruses. This computer I am using has downloads on it that are for vista?. I tried to uninstall Silverlight and It cant uninstall due to "This patch package could not be opened.......contact the vendor to verify this is a valid windows installer package. There are two Silverlights downloaded today as part of a update. The first one gave this msg, and the second has numbers after it and says it cannot be uninstalled. I uninstalled my avast because it was not acting right. I also uninstalled Malwarebytes, and redownloaded it. I question anything downloaded since I am pretty sure I have a virus. Scans complete too guickly.
I am attaching the two logs requested. I ran the GMER three times. I dont know if it really ever completed. It did not pop open a txt file, I saved it because it quit scanning. Also it only took about 30 minutes to run. When I ran one on the other computer it took about 5 hours. Please let me know if the logs are not ok. Also I have uninstalled a couple of programs since I ran them. I am disable, bedbound with no energy so it took me a while to re-post my problem as requested.
My goal is to check for virus's and check my internet connection for safety.

Attached Files



BC AdBot (Login to Remove)

 


#2 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 08 June 2012 - 04:07 PM

OH MY GOODNESS!!!! HELP!!!!
I just turned of the wifi to my computer. I tried again to save my files using Cobian. Downloaded 9 so I could better understand its use. It created the folder to save to. It then went red letter ACCESS DENIED, then ....PROCESS IN USE BY ANOTHER PROCESS. I then tried to open a tab and it couldnt display. I turned off my wifi and kept hitting the refresh button on the tab and in the address bar at the bottom it reads (I took a Paint picture)
"Waiting for res://ieframe.dll/dnserror.htm" They cant even spell server. I just used paypal. Is my password safe? This thing is jumping our laptops. I am afraid to do anything......

#3 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 08 June 2012 - 04:11 PM

By the way I was in the process of re-running the two scans, till I noticed this. I am familiar with the registry if we can temporarily stop this thing so I can safely get on it.

#4 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 09 June 2012 - 12:47 AM

I went into safe mode to run scans but the dds is not there. I am going to run the gmer. The malwarebytes is still there, so I will also try to run it. Will it hurt to try to disable the scripts again? I dont feel it worked before. In safe mode it should work but I noticed it said not to run twice unless told to. Also The computer is not backed up. Should I run the CB in safe mode? Thanks and I will try to be patient.

#5 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 09 June 2012 - 09:04 PM

I have identified one of my virus's as "Dialer_LinkDotNet".
While trying to backup my registry, it stopped recording the RED data when it got to hyberfil.sys, after much searching and stopping services. I was led to Telnet. I could not delete it without it coming back. I went to regedit to search and found it under "ACMru"., under search assistant. It has the hyberfil.sys, the telnet, the cmdcons, the wkswp, SynTPEhn.exe, and telnetc. Another thing is I am pretty sure I did not have "Word" on this computer originally. It is here now but I think it is a fake.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 11 June 2012 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 11 June 2012 - 07:10 PM

Here is the TDSS, I ran a GMER yesterday. The file is huge. When I tried to do the backup it failed, but all the contents are on the gmer log. It may be too big to post but I will try. I will send one at a time.19:02:13.0250 1304 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:1619:02:13.0625 1304 ============================================================19:02:13.0625 1304 Current date / time: 2012/06/11 19:02:13.062519:02:13.0625 1304 SystemInfo:19:02:13.0625 1304 19:02:13.0625 1304 OS Version: 5.1.2600 ServicePack: 2.019:02:13.0625 1304 Product type: Workstation19:02:13.0625 1304 ComputerName: KENNY19:02:13.0625 1304 UserName: Doris Culbreath19:02:13.0625 1304 Windows directory: C:\WINDOWS19:02:13.0625 1304 System windows directory: C:\WINDOWS19:02:13.0625 1304 Processor architecture: Intel x8619:02:13.0625 1304 Number of processors: 119:02:13.0625 1304 Page size: 0x100019:02:13.0625 1304 Boot type: Normal boot19:02:13.0625 1304 ============================================================19:02:15.0687 1304 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005419:02:15.0687 1304 ============================================================19:02:15.0687 1304 \Device\Harddisk0\DR0:19:02:15.0687 1304 MBR partitions:19:02:15.0687 1304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C119:02:15.0687 1304 ============================================================19:02:15.0718 1304 C: \Device\Harddisk0\DR0\Partition019:02:15.0718 1304 ============================================================19:02:15.0718 1304 Initialize success19:02:15.0718 1304 ============================================================19:02:31.0671 1948 ============================================================19:02:31.0671 1948 Scan started19:02:31.0671 1948 Mode: Manual; 19:02:31.0671 1948 ============================================================19:02:32.0203 1948 Abiosdsk - ok19:02:32.0218 1948 abp480n5 - ok19:02:32.0359 1948 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys19:02:32.0359 1948 ACPI - ok19:02:32.0406 1948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys19:02:32.0406 1948 ACPIEC - ok19:02:32.0656 1948 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe19:02:32.0656 1948 AdobeFlashPlayerUpdateSvc - ok19:02:32.0671 1948 adpu160m - ok19:02:32.0796 1948 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys19:02:32.0812 1948 aec - ok19:02:32.0921 1948 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys19:02:32.0937 1948 AFD - ok19:02:32.0937 1948 Aha154x - ok19:02:32.0953 1948 aic78u2 - ok19:02:32.0968 1948 aic78xx - ok19:02:33.0031 1948 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll19:02:33.0031 1948 Alerter - ok19:02:33.0093 1948 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe19:02:33.0093 1948 ALG - ok19:02:33.0109 1948 AliIde - ok19:02:33.0125 1948 amsint - ok19:02:33.0140 1948 AppMgmt - ok19:02:33.0203 1948 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys19:02:33.0203 1948 Arp1394 - ok19:02:33.0218 1948 asc - ok19:02:33.0234 1948 asc3350p - ok19:02:33.0234 1948 asc3550 - ok19:02:33.0406 1948 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe19:02:33.0406 1948 aspnet_state - ok19:02:33.0437 1948 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys19:02:33.0437 1948 AsyncMac - ok19:02:33.0515 1948 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys19:02:33.0515 1948 atapi - ok19:02:33.0531 1948 Atdisk - ok19:02:33.0578 1948 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys19:02:33.0578 1948 Atmarpc - ok19:02:33.0656 1948 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll19:02:33.0656 1948 AudioSrv - ok19:02:33.0718 1948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys19:02:33.0718 1948 audstub - ok19:02:34.0515 1948 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys19:02:34.0531 1948 BCM43XX - ok19:02:34.0593 1948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys19:02:34.0593 1948 Beep - ok19:02:34.0859 1948 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll19:02:34.0859 1948 BITS - ok19:02:34.0953 1948 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll19:02:34.0953 1948 Browser - ok19:02:35.0015 1948 CAMCAUD (fec118bf2440a2ddc0926501bd9345e0) C:\WINDOWS\system32\drivers\camc6aud.sys19:02:35.0015 1948 CAMCAUD - ok19:02:35.0218 1948 CAMCHALA (f552b917c2f793fd93a74964e3838af8) C:\WINDOWS\system32\drivers\camc6hal.sys19:02:35.0218 1948 CAMCHALA - ok19:02:35.0359 1948 catchme - ok19:02:35.0406 1948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys19:02:35.0406 1948 cbidf2k - ok19:02:35.0421 1948 cd20xrnt - ok19:02:35.0453 1948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys19:02:35.0453 1948 Cdaudio - ok19:02:35.0515 1948 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys19:02:35.0515 1948 Cdfs - ok19:02:35.0562 1948 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys19:02:35.0562 1948 Cdrom - ok19:02:35.0578 1948 Changer - ok19:02:35.0593 1948 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe19:02:35.0593 1948 CiSvc - ok19:02:35.0671 1948 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe19:02:35.0671 1948 ClipSrv - ok19:02:35.0828 1948 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe19:02:35.0828 1948 clr_optimization_v2.0.50727_32 - ok19:02:35.0875 1948 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys19:02:35.0875 1948 CmBatt - ok19:02:35.0890 1948 CmdIde - ok19:02:35.0921 1948 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys19:02:35.0921 1948 Compbatt - ok19:02:35.0937 1948 COMSysApp - ok19:02:35.0968 1948 Cpqarray - ok19:02:36.0031 1948 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll19:02:36.0031 1948 CryptSvc - ok19:02:36.0046 1948 dac2w2k - ok19:02:36.0062 1948 dac960nt - ok19:02:36.0312 1948 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll19:02:36.0312 1948 DcomLaunch - ok19:02:36.0437 1948 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll19:02:36.0437 1948 Dhcp - ok19:02:36.0468 1948 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys19:02:36.0468 1948 Disk - ok19:02:36.0468 1948 dmadmin - ok19:02:36.0921 1948 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys19:02:36.0937 1948 dmboot - ok19:02:37.0046 1948 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys19:02:37.0046 1948 dmio - ok19:02:37.0078 1948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys19:02:37.0093 1948 dmload - ok19:02:37.0140 1948 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll19:02:37.0140 1948 dmserver - ok19:02:37.0203 1948 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys19:02:37.0203 1948 DMusic - ok19:02:37.0265 1948 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll19:02:37.0281 1948 Dnscache - ok19:02:37.0281 1948 dpti2o - ok19:02:37.0312 1948 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys19:02:37.0312 1948 drmkaud - ok19:02:37.0359 1948 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys19:02:37.0359 1948 eabfiltr - ok19:02:37.0390 1948 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys19:02:37.0390 1948 eabusb - ok19:02:37.0437 1948 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll19:02:37.0437 1948 ERSvc - ok19:02:37.0562 1948 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe19:02:37.0562 1948 Eventlog - ok19:02:37.0781 1948 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll19:02:37.0781 1948 EventSystem - ok19:02:37.0890 1948 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys19:02:37.0890 1948 Fastfat - ok19:02:38.0015 1948 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll19:02:38.0015 1948 FastUserSwitchingCompatibility - ok19:02:38.0078 1948 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys19:02:38.0093 1948 Fdc - ok19:02:38.0125 1948 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys19:02:38.0125 1948 Fips - ok19:02:38.0156 1948 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys19:02:38.0156 1948 Flpydisk - ok19:02:38.0265 1948 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys19:02:38.0281 1948 FltMgr - ok19:02:38.0312 1948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys19:02:38.0312 1948 Fs_Rec - ok19:02:38.0390 1948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys19:02:38.0390 1948 Ftdisk - ok19:02:38.0437 1948 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys19:02:38.0437 1948 Gpc - ok19:02:38.0515 1948 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll19:02:38.0515 1948 helpsvc - ok19:02:38.0531 1948 HidServ - ok19:02:38.0546 1948 hpn - ok19:02:38.0750 1948 hpqwmi (61556fa814f907bced618b64da66212a) C:\Program Files\HPQ\shared\hpqwmi.exe19:02:38.0750 1948 hpqwmi - ok19:02:38.0921 1948 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys19:02:38.0921 1948 HSFHWICH - ok19:02:39.0484 1948 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys19:02:39.0500 1948 HSF_DP - ok19:02:39.0718 1948 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys19:02:39.0718 1948 HTTP - ok19:02:39.0781 1948 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll19:02:39.0781 1948 HTTPFilter - ok19:02:39.0796 1948 i2omgmt - ok19:02:39.0812 1948 i2omp - ok19:02:39.0875 1948 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys19:02:39.0875 1948 i8042prt - ok19:02:43.0000 1948 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys19:02:43.0062 1948 ialm - ok19:02:43.0484 1948 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys19:02:43.0484 1948 Imapi - ok19:02:43.0656 1948 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe19:02:43.0656 1948 ImapiService - ok19:02:43.0671 1948 ini910u - ok19:02:43.0718 1948 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys19:02:43.0718 1948 IntelIde - ok19:02:43.0750 1948 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys19:02:43.0750 1948 intelppm - ok19:02:43.0812 1948 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys19:02:43.0812 1948 Ip6Fw - ok19:02:43.0859 1948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys19:02:43.0859 1948 IpFilterDriver - ok19:02:43.0906 1948 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys19:02:43.0906 1948 IpInIp - ok19:02:44.0015 1948 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys19:02:44.0015 1948 IpNat - ok19:02:44.0078 1948 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys19:02:44.0078 1948 IPSec - ok19:02:44.0125 1948 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys19:02:44.0125 1948 IRENUM - ok19:02:44.0156 1948 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys19:02:44.0171 1948 isapnp - ok19:02:44.0375 1948 JavaQuickStarterService (1fdb89b860eb7ba96a45e749a784227e) C:\Program Files\Java\jre7\bin\jqs.exe19:02:44.0375 1948 JavaQuickStarterService - ok19:02:44.0437 1948 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys19:02:44.0437 1948 Kbdclass - ok19:02:44.0578 1948 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys19:02:44.0578 1948 kmixer - ok19:02:44.0687 1948 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys19:02:44.0687 1948 KSecDD - ok19:02:44.0765 1948 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll19:02:44.0765 1948 lanmanserver - ok19:02:44.0890 1948 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll19:02:44.0890 1948 lanmanworkstation - ok19:02:44.0906 1948 lbrtfdc - ok19:02:44.0968 1948 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll19:02:44.0968 1948 LmHosts - ok19:02:45.0031 1948 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys19:02:45.0046 1948 mdmxsdk - ok19:02:45.0093 1948 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll19:02:45.0093 1948 Messenger - ok19:02:45.0156 1948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys19:02:45.0156 1948 mnmdd - ok19:02:45.0218 1948 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe19:02:45.0218 1948 mnmsrvc - ok19:02:45.0265 1948 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys19:02:45.0265 1948 Modem - ok19:02:45.0296 1948 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys19:02:45.0296 1948 Mouclass - ok19:02:45.0359 1948 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys19:02:45.0359 1948 MountMgr - ok19:02:45.0375 1948 mraid35x - ok19:02:45.0500 1948 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys19:02:45.0500 1948 MRxDAV - ok19:02:45.0812 1948 MRxSmb (8623bd528380404a62490a970167690d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys19:02:45.0812 1948 MRxSmb - ok19:02:45.0843 1948 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe19:02:45.0843 1948 MSDTC - ok19:02:45.0875 1948 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys19:02:45.0875 1948 Msfs - ok19:02:45.0890 1948 MSIServer - ok19:02:45.0921 1948 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys19:02:45.0937 1948 MSKSSRV - ok19:02:45.0953 1948 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys19:02:45.0953 1948 MSPCLOCK - ok19:02:45.0984 1948 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys19:02:45.0984 1948 MSPQM - ok19:02:46.0031 1948 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys19:02:46.0031 1948 mssmbios - ok19:02:46.0093 1948 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys19:02:46.0093 1948 Mup - ok19:02:46.0218 1948 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys19:02:46.0234 1948 NDIS - ok19:02:46.0250 1948 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys19:02:46.0265 1948 NdisTapi - ok19:02:46.0296 1948 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys19:02:46.0296 1948 Ndisuio - ok19:02:46.0359 1948 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys19:02:46.0359 1948 NdisWan - ok19:02:46.0390 1948 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys19:02:46.0390 1948 NDProxy - ok19:02:46.0421 1948 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys19:02:46.0421 1948 NetBIOS - ok19:02:46.0515 1948 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys19:02:46.0515 1948 NetBT - ok19:02:46.0625 1948 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe19:02:46.0625 1948 NetDDE - ok19:02:46.0640 1948 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe19:02:46.0640 1948 NetDDEdsdm - ok19:02:46.0687 1948 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe19:02:46.0687 1948 Netlogon - ok19:02:46.0843 1948 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll19:02:46.0843 1948 Netman - ok19:02:46.0906 1948 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys19:02:46.0921 1948 NIC1394 - ok19:02:47.0078 1948 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll19:02:47.0093 1948 Nla - ok19:02:47.0156 1948 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys19:02:47.0156 1948 nm - ok19:02:47.0171 1948 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys19:02:47.0187 1948 Npfs - ok19:02:47.0531 1948 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys19:02:47.0531 1948 Ntfs - ok19:02:47.0546 1948 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe19:02:47.0546 1948 NtLmSsp - ok19:02:47.0828 1948 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll19:02:47.0843 1948 NtmsSvc - ok19:02:47.0859 1948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys19:02:47.0859 1948 Null - ok19:02:47.0906 1948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys19:02:47.0906 1948 NwlnkFlt - ok19:02:47.0937 1948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys19:02:47.0937 1948 NwlnkFwd - ok19:02:47.0968 1948 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys19:02:47.0984 1948 ohci1394 - ok19:02:48.0062 1948 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys19:02:48.0062 1948 Parport - ok19:02:48.0109 1948 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys19:02:48.0109 1948 PartMgr - ok19:02:48.0156 1948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys19:02:48.0156 1948 ParVdm - ok19:02:48.0203 1948 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys19:02:48.0203 1948 PCI - ok19:02:48.0218 1948 PCIDump - ok19:02:48.0250 1948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys19:02:48.0250 1948 PCIIde - ok19:02:48.0328 1948 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys19:02:48.0328 1948 Pcmcia - ok19:02:48.0343 1948 PDCOMP - ok19:02:48.0343 1948 PDFRAME - ok19:02:48.0359 1948 PDRELI - ok19:02:48.0375 1948 PDRFRAME - ok19:02:48.0390 1948 perc2 - ok19:02:48.0390 1948 perc2hib - ok19:02:48.0515 1948 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe19:02:48.0515 1948 PlugPlay - ok19:02:48.0531 1948 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe19:02:48.0531 1948 PolicyAgent - ok19:02:48.0593 1948 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys19:02:48.0593 1948 PptpMiniport - ok19:02:48.0609 1948 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe19:02:48.0609 1948 ProtectedStorage - ok19:02:48.0671 1948 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys19:02:48.0671 1948 PSched - ok19:02:48.0687 1948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys19:02:48.0687 1948 Ptilink - ok19:02:48.0703 1948 ql1080 - ok19:02:48.0718 1948 Ql10wnt - ok19:02:48.0718 1948 ql12160 - ok19:02:48.0734 1948 ql1240 - ok19:02:48.0750 1948 ql1280 - ok19:02:48.0781 1948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys19:02:48.0781 1948 RasAcd - ok19:02:48.0859 1948 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll19:02:48.0875 1948 RasAuto - ok19:02:48.0937 1948 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys19:02:48.0937 1948 Rasl2tp - ok19:02:49.0078 1948 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll19:02:49.0093 1948 RasMan - ok19:02:49.0125 1948 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys19:02:49.0125 1948 RasPppoe - ok19:02:49.0140 1948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys19:02:49.0156 1948 Raspti - ok19:02:49.0281 1948 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys19:02:49.0281 1948 Rdbss - ok19:02:49.0312 1948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys19:02:49.0312 1948 RDPCDD - ok19:02:49.0421 1948 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys19:02:49.0421 1948 RDPWD - ok19:02:49.0515 1948 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe19:02:49.0515 1948 RDSessMgr - ok19:02:49.0578 1948 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys19:02:49.0578 1948 redbook - ok19:02:49.0671 1948 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll19:02:49.0671 1948 RemoteAccess - ok19:02:49.0750 1948 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe19:02:49.0765 1948 RpcLocator - ok19:02:49.0984 1948 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll19:02:49.0984 1948 RpcSs - ok19:02:50.0140 1948 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe19:02:50.0156 1948 RSVP - ok19:02:50.0234 1948 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys19:02:50.0234 1948 RTL8023xp - ok19:02:50.0296 1948 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS19:02:50.0296 1948 rtl8139 - ok19:02:50.0328 1948 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe19:02:50.0328 1948 SamSs - ok19:02:50.0406 1948 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe19:02:50.0406 1948 SCardSvr - ok19:02:50.0562 1948 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll19:02:50.0562 1948 Schedule - ok19:02:50.0687 1948 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys19:02:50.0687 1948 sdbus - ok19:02:50.0750 1948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys19:02:50.0750 1948 Secdrv - ok19:02:50.0796 1948 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll19:02:50.0796 1948 seclogon - ok19:02:50.0843 1948 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll19:02:50.0843 1948 SENS - ok19:02:50.0906 1948 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys19:02:50.0906 1948 Serial - ok19:02:50.0953 1948 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys19:02:50.0953 1948 Sfloppy - ok19:02:51.0187 1948 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll19:02:51.0203 1948 SharedAccess - ok19:02:51.0328 1948 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll19:02:51.0328 1948 ShellHWDetection - ok19:02:51.0343 1948 Simbad - ok19:02:51.0359 1948 Sparrow - ok19:02:51.0421 1948 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys19:02:51.0421 1948 splitter - ok19:02:51.0515 1948 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe19:02:51.0515 1948 Spooler - ok19:02:51.0562 1948 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys19:02:51.0562 1948 sr - ok19:02:51.0718 1948 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll19:02:51.0718 1948 srservice - ok19:02:51.0953 1948 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys19:02:51.0953 1948 Srv - ok19:02:52.0046 1948 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll19:02:52.0046 1948 SSDPSRV - ok19:02:52.0250 1948 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll19:02:52.0250 1948 stisvc - ok19:02:52.0312 1948 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys19:02:52.0312 1948 swenum - ok19:02:52.0375 1948 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys19:02:52.0375 1948 swmidi - ok19:02:52.0390 1948 SwPrv - ok19:02:52.0406 1948 symc810 - ok19:02:52.0406 1948 symc8xx - ok19:02:52.0421 1948 sym_hi - ok19:02:52.0437 1948 sym_u3 - ok19:02:52.0609 1948 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys19:02:52.0609 1948 SynTP - ok19:02:52.0687 1948 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys19:02:52.0687 1948 sysaudio - ok19:02:52.0765 1948 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe19:02:52.0765 1948 SysmonLog - ok19:02:52.0906 1948 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll19:02:52.0921 1948 TapiSrv - ok19:02:53.0171 1948 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys19:02:53.0187 1948 Tcpip - ok19:02:53.0218 1948 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys19:02:53.0218 1948 TDPIPE - ok19:02:53.0265 1948 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys19:02:53.0265 1948 TDTCP - ok19:02:53.0296 1948 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys19:02:53.0296 1948 TermDD - ok19:02:53.0484 1948 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll19:02:53.0484 1948 TermService - ok19:02:53.0625 1948 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll19:02:53.0625 1948 Themes - ok19:02:53.0765 1948 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys19:02:53.0765 1948 tifm21 - ok19:02:53.0781 1948 TosIde - ok19:02:53.0875 1948 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll19:02:53.0890 1948 TrkWks - ok19:02:53.0968 1948 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys19:02:53.0968 1948 Udfs - ok19:02:53.0984 1948 ultra - ok19:02:54.0218 1948 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys19:02:54.0218 1948 Update - ok19:02:54.0343 1948 uploadmgr (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll19:02:54.0343 1948 uploadmgr - ok19:02:54.0484 1948 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll19:02:54.0484 1948 upnphost - ok19:02:54.0531 1948 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe19:02:54.0531 1948 UPS - ok19:02:54.0578 1948 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys19:02:54.0578 1948 usbehci - ok19:02:54.0625 1948 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys19:02:54.0625 1948 usbhub - ok19:02:54.0687 1948 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys19:02:54.0687 1948 usbscan - ok19:02:54.0750 1948 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS19:02:54.0750 1948 USBSTOR - ok19:02:54.0796 1948 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys19:02:54.0796 1948 usbuhci - ok19:02:54.0828 1948 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys19:02:54.0828 1948 VgaSave - ok19:02:54.0843 1948 ViaIde - ok19:02:54.0890 1948 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys19:02:54.0890 1948 VolSnap - ok19:02:55.0109 1948 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe19:02:55.0109 1948 VSS - ok19:02:55.0218 1948 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll19:02:55.0218 1948 W32Time - ok19:02:55.0250 1948 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys19:02:55.0250 1948 Wanarp - ok19:02:55.0265 1948 WDICA - ok19:02:55.0328 1948 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys19:02:55.0343 1948 wdmaud - ok19:02:55.0421 1948 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll19:02:55.0421 1948 WebClient - ok19:02:55.0859 1948 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys19:02:55.0859 1948 winachsf - ok19:02:56.0062 1948 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll19:02:56.0062 1948 winmgmt - ok19:02:56.0140 1948 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll19:02:56.0140 1948 WmdmPmSN - ok19:02:56.0203 1948 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys19:02:56.0203 1948 WmiAcpi - ok19:02:56.0296 1948 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe19:02:56.0296 1948 WmiApSrv - ok19:02:56.0890 1948 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe19:02:56.0906 1948 WMPNetworkSvc - ok19:02:56.0953 1948 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys19:02:56.0953 1948 WpdUsb - ok19:02:57.0000 1948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys19:02:57.0000 1948 WS2IFSL - ok19:02:57.0109 1948 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll19:02:57.0109 1948 wscsvc - ok19:02:57.0125 1948 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll19:02:57.0125 1948 wuauserv - ok19:02:57.0218 1948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys19:02:57.0218 1948 WudfPf - ok19:02:57.0296 1948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys19:02:57.0296 1948 WudfRd - ok19:02:57.0343 1948 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll19:02:57.0343 1948 WudfSvc - ok19:02:57.0609 1948 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll19:02:57.0609 1948 WZCSVC - ok19:02:57.0718 1948 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll19:02:57.0718 1948 xmlprov - ok19:02:57.0765 1948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR019:02:58.0390 1948 \Device\Harddisk0\DR0 - ok19:02:58.0406 1948 Boot (0x1200) (61e61b82e85e2d94652fb5e6587fec11) \Device\Harddisk0\DR0\Partition019:02:58.0406 1948 \Device\Harddisk0\DR0\Partition0 - ok19:02:58.0421 1948 ============================================================19:02:58.0421 1948 Scan finished19:02:58.0421 1948 ============================================================19:02:58.0437 1324 Detected object count: 019:02:58.0437 1324 Actual detected object count: 019:05:44.0781 0576 Deinitialize success

#8 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 11 June 2012 - 08:16 PM

I have tried twice to post the gmer. It is too large. 1st time it froze ieplore, second it froze my entire computer. Please tell me how I can send it. I ran one on 6/9 in safe mode, and it did not take that long so I ran one on 6/10, and it took a good while. The only difference I can tell is at the top. I will copy that to here but the file is too big. It freezes up my computer trying to paste it. I dont see a way to attach file like there was at the start of this. If you want me to run a new one let me know, and if I should use safe mode (which I dont think is really safe mode) and please tell me how to post this big file._________________GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-06-09 01:21:52Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541080G9AT00 rev.MB4OA60ARunning: gmer.exe; Driver: C:\DOCUME~1\DORISC~1\LOCALS~1\Temp\fxtdqpog.sys---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 964---- Files - GMER 1.0.15 ----__________________________________GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-06-10 14:32:46Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541080G9AT00 rev.MB4OA60ARunning: slqf5ext.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdqpog.sys---- System - GMER 1.0.15 ----Code \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver---- Kernel code sections - GMER 1.0.15 ----? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)---- Files - GMER 1.0.15 ----

Edited by Bobbinet, 11 June 2012 - 08:22 PM.


#9 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 11 June 2012 - 08:34 PM

I dont have a mbr.dat. Neither time I ran gmer did it give me one. I waited but ended up just copying the text to file. It had quit the scanning but then did nothing. Should I run again and should I use safe mode? If I wait longer will it ever give the mbr.dat? Sorry I am so much trouble
I will run another one. Not in safe mode. I will post the mbr if I get one :)

Edited by Bobbinet, 11 June 2012 - 08:44 PM.


#10 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 12 June 2012 - 12:22 AM

I ran another gmer. No mbr. But I did find one from yesterday. I dont know why it isnt working. I looked everywhere and even did a search.

#11 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 12 June 2012 - 12:27 AM

Attached File  MBR.zip   499bytes   1 downloads here is yesterdays MBR,

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 12 June 2012 - 10:48 AM

In the submitter format I cannot read the logs.

Please open the TDSSKiller and GMER log with Notepad.

Repeat the posts please.

#13 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 12 June 2012 - 01:15 PM

Please understand I have tried twice to post the notepad og gmer. I cant do it. Iexplore freezes and then computer stops responding. If you are wanting me to paste gmer into this box, I cant do it. The file is very large. Please tell me what I am doing wrong. The tdss is posted above. Is it not readable? Here is the aswMBR___________ aswMBR version 0.9.9.1665 Copyrightę 2011 AVAST Software
Run date: 2012-06-12 13:20:29
-----------------------------
13:20:29.437 OS Version: Windows 5.1.2600 Service Pack 2
13:20:29.437 Number of processors: 1 586 0xD08
13:20:29.437 ComputerName: KENNY UserName:
13:20:33.656 Initialize success
13:20:48.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:20:48.515 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3
13:20:48.546 Disk 0 MBR read successfully
13:20:48.546 Disk 0 MBR scan
13:20:48.562 Disk 0 Windows XP default MBR code
13:20:48.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
13:20:48.593 Disk 0 scanning sectors +156280320
13:20:48.750 Disk 0 scanning C:\WINDOWS\system32\drivers
13:21:11.734 Service scanning
13:21:48.437 Modules scanning
13:22:49.625 Disk 0 trace - called modules:
13:22:49.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
13:22:49.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b85030]
13:22:49.687 3 CLASSPNP.SYS[f84d505b] -> nt!IofCallDriver -> \Device\00000073[0x82bcf338]
13:22:50.218 5 ACPI.sys[f834b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82bcf030]
13:22:50.234 Scan finished successfully
13:23:15.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\\Desktop\MBR.dat"
13:23:15.515 The log file has been saved successfully to "C:\Documents and Settings\\Desktop\aswMBR61212.txt"

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads

Edited by Bobbinet, 12 June 2012 - 01:38 PM.


#14 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 12 June 2012 - 02:33 PM

My computer keeps rebooting. This 2nd time today it booted to a strange screen PXE...? I bought this computer almost new but it had a bad motherboard. Bought a new motherboard, pd a local to install it. When I got it back it worked ok unless bumped, and then it would show a black screen with words I cant remember. To get it to work I would have to press on hard-drive cover and reboot. Shortly after this the hard-drive failed? It again showed a black screen but was quickly dumping files. I shut it off and it would not restart. I bought a "new" hard-drive off ebay. I enstalled it and used my disk to install OS and other OEM items. Is it possible that the new hardrive was formatted with a virus or something? I feel like this computer is just under the control of someone other than me. It it acting up and rebooting during scans and uploads. It has a lot of sp3 files and I am using sp2. It had a lot of changes on a certain date. My installer folder has mostly items with no name in comments. One of them is 123ff9 installer patch 18,754kb...is that a normal file? It takes about 5 minutes to startup and very slow to shutdown. Please forgive me if I am not up-loading things correctly. I am trying.

#15 Bobbinet

Bobbinet
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:03:19 PM

Posted 12 June 2012 - 06:09 PM

I am looking in registry for strange things and under users under internet settings under homepage url is http:..applications.inetconnector....com,,, (edited to not be a link) ( HKEY_USERS\S-1-5-21-527237240-813497703-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Find\inetconnector.com ) I cant find much on it but did find this...from
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365084(v=vs.85).aspx ,, The INetConnection interface provides methods to manage network connections.

The INetConnection interface inherits from the IUnknown interface. INetConnection also has these types of members:
MethodDescriptionConnectEstablish the network connection.

DeleteDelete the network connection from the connections folder.

DisconnectDisconnect the network connection.

DuplicateCreate a duplicate of the network connection.

GetPropertiesRetrieve the properties for the network connection.

GetUiObjectClassIdRetrieve the class identifier of the user interface for the connection.

RenameRename the connection.




My internet download url is "" DownloadUrl = http:..www...ieaddons.com/en/search/?lang=en&search=google&index=12,, (Edited so to not be a link)

I dont think my firewall is doing the firewall job. Before we continue can you please help me disable sharing. My Standard Profile is disabled. But there is a Domain Profile with Global, and then list, which has the following,
445:TCP:*:Enabled:@xpsp2res.dll,-22005,
2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008,
1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007,
139:TCP:*:Enabled:@xpsp2res.dll,-22004,
138:UDP:*:Enabled:@xpsp2res.dll,-22002,
137:UDP:*:Enabled:@xpsp2res.dll,-22001,

Also under this category is " setup InterfacesUnfirewalledAtUpdate "

{B4E64748-A046-4EBD-9F53-D3FE04D48FF3}
{98CCD028-2C13-4E23-B9A8-53DBB14D2044}

These numbers also link to Tcpip, Tcpip linkage
""" Adapters
""" Interfaces


Windows NT
extensions? of .ini, .txt, .wtx

It is these numbers than led me to the inet stuff. How do I disable these from the registry.??? I really need to disable the sharing first thing.

Edited by Bobbinet, 12 June 2012 - 06:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users