Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanProxy.Agent, no internet, no cd/dvd drive, no sys restore


  • This topic is locked This topic is locked
12 replies to this topic

#1 OMbleepingG

OMbleepingG

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 20 June 2012 - 11:04 AM

Greetings! Hoping someone can help me. Started with slow internet, popups, was running SAS and AVG and got lots of tracking, but nothing noted as serious, until last weekend when internet stopped responding. Tried first with a system restore to a week earlier but even though the dates are showing as having a restore pt, it does not restore (no error msg, just doesn't do anything). Did google search and read suggestion about renaming system information folder and can't do it (access denied) even though I tried several times/ways to unhide system files. Another google search about both those issues led me here :)

So I've tried to follow the prep guide, but I can't get DDS to do anything (a quick sript window opens, flashes one sentence and then closes...too fast, can't read). Does it matter if I'm trying it in SAFE mode? Ran MBAM and that's when it found TrojanProxy. MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: LIVINGROOM [administrator]

6/18/2012 9:21:42 PM
mbam-log-2012-06-18 (21-21-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227865
Time elapsed: 21 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wipro (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\Owner\LOCALS~1\Temp\wipro.dll",FullViewE010 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\WINDOWS\system32\VCAM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\{D7293762-9884-48E2-B836-E0195B9D91D0}\FBSProtection.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\{D7293762-9884-48E2-B836-E0195B9D91D0}\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\{D7293762-9884-48E2-B836-E0195B9D91D0}\FBSProtection.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\{D7293762-9884-48E2-B836-E0195B9D91D0}\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.

(end)

And I was able to get a GMER log, however I should note that I could not check the boxes for System, Sections, IAT/EAT, Devices, Modules, Processes, Threads or Libraries as everything above Services was grayed out and unchecked. I did have checkmarks for Services, Registry, Files, C:\ (only), ADS and I unchecked Show all. Again, is this because I'm in safe mode? Didn't want to try anything other than safe mode without guidance. So I tried to post log and it said my post is too long (that really isn't comforting). I'm going to try and break log into a couple of posts.

Please note that I have a phone with internet/email, but can only download utilities and save to flash drive M-F 8-5 (at work)

Thanks!!!
Kirsten

BC AdBot (Login to Remove)

 


#2 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 20 June 2012 - 11:12 AM

Sorry, I've tried breaking up GMER Log, but still says too long to post. I'm attaching, but let me know if there's a better way...

Guess not, "This file was too big to upload"...it's 817kb

Have I done something wrong? Should I try to run new log?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 AM

Posted 24 June 2012 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Using Safe mode with internet access download these tools.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Run the DDS tool and attach the log if it's too big to post.
You can you multiple posts if you need.

#4 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 24 June 2012 - 04:17 PM

Thank you nasdaq,

TDSSkiller log:

16:11:29.0328 1164 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:11:29.0343 1164 ============================================================
16:11:29.0343 1164 Current date / time: 2012/06/24 16:11:29.0343
16:11:29.0343 1164 SystemInfo:
16:11:29.0343 1164
16:11:29.0359 1164 OS Version: 5.1.2600 ServicePack: 3.0
16:11:29.0359 1164 Product type: Workstation
16:11:29.0359 1164 ComputerName: LIVINGROOM
16:11:29.0359 1164 UserName: Administrator
16:11:29.0359 1164 Windows directory: C:\WINDOWS
16:11:29.0359 1164 System windows directory: C:\WINDOWS
16:11:29.0359 1164 Processor architecture: Intel x86
16:11:29.0359 1164 Number of processors: 2
16:11:29.0359 1164 Page size: 0x1000
16:11:29.0359 1164 Boot type: Safe boot
16:11:29.0359 1164 ============================================================
16:11:32.0921 1164 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:11:33.0046 1164 Drive \Device\Harddisk5\DR11 - Size: 0xF5000000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:11:33.0046 1164 ============================================================
16:11:33.0046 1164 \Device\Harddisk0\DR0:
16:11:33.0046 1164 MBR partitions:
16:11:33.0046 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
16:11:33.0046 1164 \Device\Harddisk5\DR11:
16:11:33.0046 1164 MBR partitions:
16:11:33.0046 1164 ============================================================
16:11:33.0125 1164 C: <-> \Device\Harddisk0\DR0\Partition0
16:11:33.0203 1164 ============================================================
16:11:33.0203 1164 Initialize success
16:11:33.0203 1164 ============================================================
16:11:43.0328 1240 ============================================================
16:11:43.0328 1240 Scan started
16:11:43.0328 1240 Mode: Manual;
16:11:43.0328 1240 ============================================================
16:11:44.0484 1240 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:11:44.0531 1240 !SASCORE - ok
16:11:44.0968 1240 Abiosdsk - ok
16:11:45.0000 1240 abp480n5 - ok
16:11:45.0125 1240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:11:45.0187 1240 ACPI - ok
16:11:45.0234 1240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:11:45.0250 1240 ACPIEC - ok
16:11:45.0328 1240 ActionReplayDS (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\ActionReplayDS.sys
16:11:45.0328 1240 ActionReplayDS - ok
16:11:45.0406 1240 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:11:45.0421 1240 Adobe LM Service - ok
16:11:45.0437 1240 adpu160m - ok
16:11:45.0531 1240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:11:45.0578 1240 aec - ok
16:11:45.0671 1240 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys
16:11:45.0718 1240 AFD ( Virus.Win32.ZAccess.c ) - infected
16:11:45.0718 1240 AFD - detected Virus.Win32.ZAccess.c (0)
16:11:45.0734 1240 Aha154x - ok
16:11:45.0765 1240 aic78u2 - ok
16:11:45.0781 1240 aic78xx - ok
16:11:45.0843 1240 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:11:45.0859 1240 Alerter - ok
16:11:45.0906 1240 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:11:45.0921 1240 ALG - ok
16:11:45.0937 1240 AliIde - ok
16:11:46.0078 1240 Amazon Download Agent (820ad5c77de87f1986d7efd0b994e613) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
16:11:46.0171 1240 Amazon Download Agent - ok
16:11:46.0187 1240 amsint - ok
16:11:46.0750 1240 AOL ACS (7810fe98adb56a4d908595926d75bc9a) C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
16:11:47.0234 1240 AOL ACS - ok
16:11:47.0296 1240 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:11:47.0328 1240 Apple Mobile Device - ok
16:11:47.0625 1240 AppMgmt - ok
16:11:47.0734 1240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:11:47.0750 1240 Arp1394 - ok
16:11:47.0765 1240 asc - ok
16:11:47.0796 1240 asc3350p - ok
16:11:47.0828 1240 asc3550 - ok
16:11:48.0031 1240 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:11:48.0156 1240 aspnet_state - ok
16:11:48.0187 1240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:11:48.0203 1240 AsyncMac - ok
16:11:48.0265 1240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:11:48.0265 1240 atapi - ok
16:11:48.0281 1240 Atdisk - ok
16:11:48.0343 1240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:11:48.0359 1240 Atmarpc - ok
16:11:48.0421 1240 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:11:48.0453 1240 AudioSrv - ok
16:11:48.0515 1240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:11:48.0515 1240 audstub - ok
16:11:48.0625 1240 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
16:11:48.0625 1240 AVG Anti-Spyware Driver - ok
16:11:48.0750 1240 AVG Anti-Spyware Guard (5dcd235c061022bcda9aa48670b64211) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
16:11:48.0843 1240 AVG Anti-Spyware Guard - ok
16:11:48.0890 1240 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
16:11:48.0890 1240 AvgAsCln - ok
16:11:48.0937 1240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:11:48.0937 1240 Beep - ok
16:11:49.0140 1240 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:11:49.0359 1240 BITS - ok
16:11:49.0562 1240 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:11:49.0687 1240 Bonjour Service - ok
16:11:49.0750 1240 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:11:49.0781 1240 Browser - ok
16:11:50.0203 1240 catchme - ok
16:11:50.0296 1240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:11:50.0312 1240 cbidf2k - ok
16:11:50.0453 1240 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
16:11:50.0484 1240 cbVSCService11 - ok
16:11:50.0546 1240 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:11:50.0546 1240 CCDECODE - ok
16:11:50.0562 1240 cd20xrnt - ok
16:11:50.0640 1240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:11:50.0640 1240 Cdaudio - ok
16:11:50.0687 1240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:11:50.0703 1240 Cdfs - ok
16:11:50.0781 1240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:11:50.0796 1240 Cdrom - ok
16:11:50.0812 1240 Changer - ok
16:11:50.0875 1240 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:11:50.0875 1240 CiSvc - ok
16:11:50.0937 1240 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:11:50.0953 1240 ClipSrv - ok
16:11:51.0125 1240 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:51.0171 1240 clr_optimization_v2.0.50727_32 - ok
16:11:51.0296 1240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:51.0500 1240 clr_optimization_v4.0.30319_32 - ok
16:11:51.0515 1240 CmdIde - ok
16:11:51.0953 1240 CobianBackup11 (5d3f91fdeb28adb57be10afb6e7f89e0) C:\Program Files\Cobian Backup 11\cbService.exe
16:11:52.0281 1240 CobianBackup11 - ok
16:11:52.0312 1240 COMSysApp - ok
16:11:52.0359 1240 Cpqarray - ok
16:11:52.0453 1240 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:11:52.0453 1240 CryptSvc - ok
16:11:52.0515 1240 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:11:52.0546 1240 ctxusbm - ok
16:11:52.0640 1240 CX23880 (4738c943897f84a3fc33781b3d50affc) C:\WINDOWS\system32\drivers\cx88vid.sys
16:11:52.0703 1240 CX23880 - ok
16:11:52.0750 1240 CX88XBAR (243cc69ad24dd71264188d9af1ff1958) C:\WINDOWS\system32\drivers\CX88XBAR.sys
16:11:52.0750 1240 CX88XBAR - ok
16:11:52.0765 1240 dac2w2k - ok
16:11:52.0796 1240 dac960nt - ok
16:11:52.0984 1240 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:11:53.0093 1240 DcomLaunch - ok
16:11:53.0218 1240 Device Manager (a3681abf55113a675325793d34e70813) C:\Documents and Settings\Owner\Application Data\devicemgrsvc.bat
16:11:53.0218 1240 Device Manager - ok
16:11:53.0328 1240 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:11:53.0359 1240 Dhcp - ok
16:11:53.0437 1240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:11:53.0437 1240 Disk - ok
16:11:53.0453 1240 dmadmin - ok
16:11:53.0781 1240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:11:54.0015 1240 dmboot - ok
16:11:54.0109 1240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:11:54.0156 1240 dmio - ok
16:11:54.0187 1240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:11:54.0187 1240 dmload - ok
16:11:54.0234 1240 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:11:54.0250 1240 dmserver - ok
16:11:54.0296 1240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:11:54.0312 1240 DMusic - ok
16:11:54.0359 1240 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:11:54.0375 1240 Dnscache - ok
16:11:54.0453 1240 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:11:54.0484 1240 Dot3svc - ok
16:11:54.0500 1240 dpti2o - ok
16:11:54.0531 1240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:11:54.0531 1240 drmkaud - ok
16:11:54.0625 1240 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:11:54.0671 1240 E100B - ok
16:11:54.0687 1240 EagleNT - ok
16:11:54.0765 1240 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:11:54.0781 1240 EapHost - ok
16:11:54.0828 1240 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:11:54.0828 1240 ERSvc - ok
16:11:54.0937 1240 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:11:54.0953 1240 Eventlog - ok
16:11:55.0078 1240 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
16:11:55.0156 1240 EventSystem - ok
16:11:55.0250 1240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:11:55.0281 1240 Fastfat - ok
16:11:55.0375 1240 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:11:55.0406 1240 FastUserSwitchingCompatibility - ok
16:11:55.0453 1240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:11:55.0453 1240 Fdc - ok
16:11:55.0484 1240 FETNDIS - ok
16:11:55.0531 1240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:11:55.0546 1240 Fips - ok
16:11:55.0578 1240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:11:55.0578 1240 Flpydisk - ok
16:11:55.0671 1240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:11:55.0703 1240 FltMgr - ok
16:11:55.0875 1240 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:11:55.0890 1240 FontCache3.0.0.0 - ok
16:11:55.0937 1240 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:11:55.0953 1240 fssfltr - ok
16:11:56.0281 1240 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:11:56.0453 1240 fsssvc - ok
16:11:56.0484 1240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:11:56.0484 1240 Fs_Rec - ok
16:11:56.0546 1240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:11:56.0578 1240 Ftdisk - ok
16:11:56.0640 1240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:11:56.0640 1240 GEARAspiWDM - ok
16:11:56.0718 1240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:11:56.0734 1240 Gpc - ok
16:11:56.0828 1240 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:11:56.0875 1240 gupdate - ok
16:11:56.0890 1240 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:11:56.0906 1240 gupdatem - ok
16:11:57.0031 1240 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:11:57.0093 1240 gusvc - ok
16:11:57.0156 1240 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
16:11:57.0187 1240 HdAudAddService - ok
16:11:57.0281 1240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:11:57.0281 1240 HDAudBus - ok
16:11:57.0375 1240 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:11:57.0390 1240 helpsvc - ok
16:11:57.0437 1240 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:11:57.0453 1240 HidServ - ok
16:11:57.0484 1240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:11:57.0484 1240 HidUsb - ok
16:11:57.0546 1240 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:11:57.0578 1240 hkmsvc - ok
16:11:57.0593 1240 hpn - ok
16:11:57.0656 1240 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:11:57.0671 1240 HPZid412 - ok
16:11:57.0718 1240 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:11:57.0718 1240 HPZipr12 - ok
16:11:57.0781 1240 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:11:57.0781 1240 HPZius12 - ok
16:11:57.0906 1240 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:11:57.0968 1240 HSFHWBS2 - ok
16:11:58.0343 1240 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:11:58.0671 1240 HSF_DP - ok
16:11:58.0812 1240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:11:58.0906 1240 HTTP - ok
16:11:58.0968 1240 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:11:58.0968 1240 HTTPFilter - ok
16:11:58.0984 1240 i2omgmt - ok
16:11:59.0015 1240 i2omp - ok
16:11:59.0062 1240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:11:59.0078 1240 i8042prt - ok
16:11:59.0375 1240 ialm (2858e04751178a47223e0c5ce495478a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:11:59.0609 1240 ialm - ok
16:11:59.0765 1240 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:11:59.0796 1240 IDriverT - ok
16:12:00.0265 1240 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:12:00.0531 1240 idsvc - ok
16:12:00.0828 1240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:12:00.0828 1240 Imapi - ok
16:12:00.0953 1240 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
16:12:01.0000 1240 ImapiService - ok
16:12:01.0031 1240 ini910u - ok
16:12:01.0812 1240 IntcAzAudAddService (6a00e322875e3b3a074ad6d45e7b7e36) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:12:02.0515 1240 IntcAzAudAddService - ok
16:12:02.0828 1240 IntelIde - ok
16:12:02.0890 1240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:12:02.0906 1240 intelppm - ok
16:12:02.0968 1240 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:12:02.0968 1240 ip6fw - ok
16:12:03.0000 1240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:12:03.0015 1240 IpFilterDriver - ok
16:12:03.0062 1240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:12:03.0062 1240 IpInIp - ok
16:12:03.0156 1240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:12:03.0203 1240 IpNat - ok
16:12:03.0562 1240 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
16:12:03.0812 1240 iPod Service - ok
16:12:03.0828 1240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:12:03.0843 1240 IRENUM - ok
16:12:03.0921 1240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:12:03.0937 1240 isapnp - ok
16:12:04.0109 1240 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
16:12:04.0156 1240 JavaQuickStarterService - ok
16:12:04.0218 1240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:12:04.0218 1240 Kbdclass - ok
16:12:04.0265 1240 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:12:04.0281 1240 kbdhid - ok
16:12:04.0359 1240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:12:04.0406 1240 kmixer - ok
16:12:04.0468 1240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:12:04.0500 1240 KSecDD - ok
16:12:04.0609 1240 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:12:04.0640 1240 lanmanserver - ok
16:12:04.0750 1240 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:12:04.0781 1240 lanmanworkstation - ok
16:12:04.0796 1240 lbrtfdc - ok
16:12:04.0875 1240 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:12:04.0890 1240 LmHosts - ok
16:12:04.0937 1240 LVRS - ok
16:12:04.0953 1240 LVUVC - ok
16:12:05.0140 1240 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
16:12:05.0250 1240 McciCMService - ok
16:12:05.0312 1240 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:12:05.0312 1240 mdmxsdk - ok
16:12:05.0343 1240 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:12:05.0359 1240 Messenger - ok
16:12:05.0390 1240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:12:05.0390 1240 mnmdd - ok
16:12:05.0453 1240 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
16:12:05.0468 1240 mnmsrvc - ok
16:12:05.0500 1240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:12:05.0515 1240 Modem - ok
16:12:05.0546 1240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:12:05.0546 1240 Mouclass - ok
16:12:05.0593 1240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:12:05.0609 1240 mouhid - ok
16:12:05.0640 1240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:12:05.0656 1240 MountMgr - ok
16:12:05.0671 1240 mraid35x - ok
16:12:05.0734 1240 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:12:05.0734 1240 MREMP50 - ok
16:12:05.0765 1240 MREMPR5 - ok
16:12:05.0796 1240 MRENDIS5 - ok
16:12:05.0843 1240 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:12:05.0843 1240 MRESP50 - ok
16:12:05.0937 1240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:12:06.0000 1240 MRxDAV - ok
16:12:06.0046 1240 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:12:06.0062 1240 MSDTC - ok
16:12:06.0140 1240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:12:06.0140 1240 Msfs - ok
16:12:06.0156 1240 MSIServer - ok
16:12:06.0203 1240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:12:06.0203 1240 MSKSSRV - ok
16:12:06.0234 1240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:12:06.0234 1240 MSPCLOCK - ok
16:12:06.0250 1240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:12:06.0250 1240 MSPQM - ok
16:12:06.0312 1240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:12:06.0328 1240 mssmbios - ok
16:12:06.0343 1240 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:12:06.0359 1240 MSTEE - ok
16:12:06.0421 1240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:12:06.0453 1240 Mup - ok
16:12:06.0515 1240 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
16:12:06.0515 1240 MxlW2k - ok
16:12:06.0578 1240 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:12:06.0609 1240 NABTSFEC - ok
16:12:06.0750 1240 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:12:06.0843 1240 napagent - ok
16:12:06.0953 1240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:12:07.0015 1240 NDIS - ok
16:12:07.0046 1240 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:12:07.0046 1240 NdisIP - ok
16:12:07.0078 1240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:07.0078 1240 NdisTapi - ok
16:12:07.0140 1240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:07.0140 1240 Ndisuio - ok
16:12:07.0187 1240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:07.0218 1240 NdisWan - ok
16:12:07.0265 1240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:07.0281 1240 NDProxy - ok
16:12:07.0312 1240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:07.0328 1240 NetBIOS - ok
16:12:07.0453 1240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:07.0500 1240 NetBT - ok
16:12:07.0578 1240 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:12:07.0625 1240 NetDDE - ok
16:12:07.0625 1240 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:12:07.0640 1240 NetDDEdsdm - ok
16:12:07.0687 1240 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
16:12:07.0687 1240 Netlogon - ok
16:12:07.0781 1240 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:12:07.0859 1240 Netman - ok
16:12:08.0093 1240 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:12:08.0140 1240 NetTcpPortSharing - ok
16:12:08.0187 1240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:12:08.0203 1240 NIC1394 - ok
16:12:08.0328 1240 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:12:08.0406 1240 Nla - ok
16:12:08.0437 1240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:12:08.0453 1240 Npfs - ok
16:12:08.0656 1240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:08.0828 1240 Ntfs - ok
16:12:08.0875 1240 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
16:12:08.0875 1240 NtLmSsp - ok
16:12:09.0109 1240 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:12:09.0250 1240 NtmsSvc - ok
16:12:09.0296 1240 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:12:09.0296 1240 NuidFltr - ok
16:12:09.0359 1240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:12:09.0359 1240 Null - ok
16:12:13.0750 1240 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:12:18.0015 1240 nv - ok
16:12:18.0406 1240 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
16:12:18.0468 1240 NVSvc - ok
16:12:18.0531 1240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:18.0546 1240 NwlnkFlt - ok
16:12:18.0578 1240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:18.0593 1240 NwlnkFwd - ok
16:12:18.0656 1240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:12:18.0671 1240 ohci1394 - ok
16:12:18.0718 1240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:12:18.0750 1240 Parport - ok
16:12:18.0796 1240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:18.0796 1240 PartMgr - ok
16:12:18.0843 1240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:18.0843 1240 ParVdm - ok
16:12:18.0906 1240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:18.0921 1240 PCI - ok
16:12:18.0953 1240 PCIDump - ok
16:12:18.0968 1240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:12:18.0968 1240 PCIIde - ok
16:12:19.0046 1240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:19.0078 1240 Pcmcia - ok
16:12:19.0109 1240 PDCOMP - ok
16:12:19.0125 1240 PDFRAME - ok
16:12:19.0156 1240 PDRELI - ok
16:12:19.0187 1240 PDRFRAME - ok
16:12:19.0203 1240 perc2 - ok
16:12:19.0234 1240 perc2hib - ok
16:12:19.0359 1240 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:12:19.0375 1240 PlugPlay - ok
16:12:19.0421 1240 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
16:12:19.0437 1240 Pml Driver HPZ12 - ok
16:12:19.0484 1240 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
16:12:19.0500 1240 PolicyAgent - ok
16:12:19.0546 1240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:19.0562 1240 PptpMiniport - ok
16:12:19.0593 1240 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:12:19.0609 1240 Processor - ok
16:12:19.0625 1240 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:12:19.0625 1240 ProtectedStorage - ok
16:12:19.0671 1240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:19.0703 1240 PSched - ok
16:12:19.0734 1240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:19.0734 1240 Ptilink - ok
16:12:19.0781 1240 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:12:19.0781 1240 PxHelp20 - ok
16:12:19.0812 1240 ql1080 - ok
16:12:19.0828 1240 Ql10wnt - ok
16:12:19.0875 1240 ql12160 - ok
16:12:19.0890 1240 ql1240 - ok
16:12:19.0921 1240 ql1280 - ok
16:12:19.0968 1240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:19.0968 1240 RasAcd - ok
16:12:20.0031 1240 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:12:20.0062 1240 RasAuto - ok
16:12:20.0125 1240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:12:20.0140 1240 Rasl2tp - ok
16:12:20.0250 1240 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:12:20.0296 1240 RasMan - ok
16:12:20.0328 1240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:12:20.0359 1240 RasPppoe - ok
16:12:20.0375 1240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:12:20.0375 1240 Raspti - ok
16:12:20.0468 1240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:12:20.0515 1240 Rdbss - ok
16:12:20.0546 1240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:12:20.0562 1240 RDPCDD - ok
16:12:20.0578 1240 Rdpc_uraasrh - ok
16:12:20.0687 1240 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:12:20.0734 1240 RDPWD - ok
16:12:20.0812 1240 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:12:20.0859 1240 RDSessMgr - ok
16:12:20.0968 1240 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:12:20.0984 1240 RemoteAccess - ok
16:12:21.0031 1240 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
16:12:21.0062 1240 RpcLocator - ok
16:12:21.0218 1240 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:12:21.0234 1240 RpcSs - ok
16:12:21.0296 1240 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
16:12:21.0343 1240 RSVP - ok
16:12:21.0390 1240 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:12:21.0390 1240 SamSs - ok
16:12:21.0531 1240 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:12:21.0546 1240 SASDIFSV - ok
16:12:21.0593 1240 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:12:21.0593 1240 SASENUM - ok
16:12:21.0640 1240 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
16:12:21.0656 1240 SASKUTIL - ok
16:12:21.0718 1240 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:12:21.0750 1240 SCardSvr - ok
16:12:21.0859 1240 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:12:21.0937 1240 Schedule - ok
16:12:22.0046 1240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:12:22.0046 1240 Secdrv - ok
16:12:22.0093 1240 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:12:22.0109 1240 seclogon - ok
16:12:22.0140 1240 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:12:22.0171 1240 SENS - ok
16:12:22.0218 1240 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:12:22.0218 1240 serenum - ok
16:12:22.0343 1240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:12:22.0343 1240 Sfloppy - ok
16:12:22.0500 1240 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:12:22.0593 1240 SharedAccess - ok
16:12:22.0671 1240 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:12:22.0687 1240 ShellHWDetection - ok
16:12:22.0687 1240 Simbad - ok
16:12:22.0765 1240 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:12:22.0765 1240 SLIP - ok
16:12:22.0843 1240 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:12:22.0859 1240 SONYPVU1 - ok
16:12:22.0890 1240 Sparrow - ok
16:12:22.0953 1240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:12:22.0953 1240 splitter - ok
16:12:23.0015 1240 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:12:23.0031 1240 Spooler - ok
16:12:23.0078 1240 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys
16:12:23.0093 1240 SQTECH905C - ok
16:12:23.0156 1240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:12:23.0187 1240 sr - ok
16:12:23.0281 1240 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
16:12:23.0328 1240 srservice - ok
16:12:23.0484 1240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:12:23.0593 1240 Srv - ok
16:12:23.0687 1240 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
16:12:23.0718 1240 ssadbus - ok
16:12:23.0765 1240 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
16:12:23.0781 1240 ssadmdfl - ok
16:12:23.0859 1240 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
16:12:23.0906 1240 ssadmdm - ok
16:12:24.0000 1240 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
16:12:24.0031 1240 ssadserd - ok
16:12:24.0062 1240 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:12:24.0093 1240 SSDPSRV - ok
16:12:24.0250 1240 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:12:24.0359 1240 stisvc - ok
16:12:24.0406 1240 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:12:24.0421 1240 streamip - ok
16:12:24.0468 1240 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
16:12:24.0468 1240 SunkFilt - ok
16:12:24.0515 1240 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
16:12:24.0531 1240 SunkFilt39 - ok
16:12:24.0546 1240 Sunkfiltp - ok
16:12:24.0593 1240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:12:24.0593 1240 swenum - ok
16:12:24.0640 1240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:12:24.0656 1240 swmidi - ok
16:12:24.0671 1240 SwPrv - ok
16:12:24.0703 1240 symc810 - ok
16:12:24.0734 1240 symc8xx - ok
16:12:24.0765 1240 sym_hi - ok
16:12:24.0781 1240 sym_u3 - ok
16:12:24.0875 1240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:12:24.0890 1240 sysaudio - ok
16:12:24.0968 1240 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:12:25.0000 1240 SysmonLog - ok
16:12:25.0109 1240 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:12:25.0187 1240 TapiSrv - ok
16:12:25.0359 1240 Tcpip (456e0f5b9beb184521b0ee8fa7cc92c7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:12:25.0468 1240 Tcpip - ok
16:12:25.0515 1240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:12:25.0531 1240 TDPIPE - ok
16:12:25.0562 1240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:12:25.0562 1240 TDTCP - ok
16:12:25.0609 1240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:12:25.0625 1240 TermDD - ok
16:12:25.0781 1240 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:12:25.0875 1240 TermService - ok
16:12:25.0984 1240 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:12:26.0000 1240 Themes - ok
16:12:26.0000 1240 TosIde - ok
16:12:26.0125 1240 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:12:26.0156 1240 TrkWks - ok
16:12:26.0203 1240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:12:26.0234 1240 Udfs - ok
16:12:26.0359 1240 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:12:26.0390 1240 UleadBurningHelper - ok
16:12:26.0406 1240 ultra - ok
16:12:26.0578 1240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:12:26.0687 1240 Update - ok
16:12:26.0796 1240 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:12:26.0859 1240 upnphost - ok
16:12:26.0921 1240 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:12:26.0921 1240 UPS - ok
16:12:26.0984 1240 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:12:27.0000 1240 USBAAPL - ok
16:12:27.0125 1240 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:12:27.0140 1240 usbaudio - ok
16:12:27.0203 1240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:12:27.0203 1240 usbccgp - ok
16:12:27.0234 1240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:12:27.0250 1240 usbehci - ok
16:12:27.0312 1240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:12:27.0328 1240 usbhub - ok
16:12:27.0375 1240 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
16:12:27.0390 1240 USBIO - ok
16:12:27.0437 1240 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:12:27.0437 1240 usbprint - ok
16:12:27.0468 1240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:12:27.0468 1240 usbscan - ok
16:12:27.0500 1240 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:12:27.0515 1240 usbstor - ok
16:12:27.0546 1240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:12:27.0546 1240 usbuhci - ok
16:12:27.0625 1240 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:12:27.0656 1240 usbvideo - ok
16:12:27.0687 1240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:12:27.0687 1240 VgaSave - ok
16:12:27.0718 1240 ViaIde - ok
16:12:27.0890 1240 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
16:12:27.0906 1240 Viewpoint Manager Service - ok
16:12:27.0953 1240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:12:27.0984 1240 VolSnap - ok
16:12:28.0109 1240 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:12:28.0187 1240 VSS - ok
16:12:28.0281 1240 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
16:12:28.0343 1240 W32Time - ok
16:12:28.0390 1240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:12:28.0406 1240 Wanarp - ok
16:12:28.0468 1240 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:12:28.0468 1240 wanatw - ok
16:12:28.0515 1240 WANMiniportService (eb9a99ab5d17b1727034ff191e6448d7) C:\WINDOWS\wanmpsvc.exe
16:12:28.0875 1240 WANMiniportService - ok
16:12:29.0078 1240 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:12:29.0250 1240 Wdf01000 - ok
16:12:29.0265 1240 WDICA - ok
16:12:29.0359 1240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:12:29.0390 1240 wdmaud - ok
16:12:29.0453 1240 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:12:29.0484 1240 WebClient - ok
16:12:29.0750 1240 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:12:30.0000 1240 winachsf - ok
16:12:30.0156 1240 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:12:30.0187 1240 winmgmt - ok
16:12:30.0609 1240 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
16:12:31.0000 1240 WinRM - ok
16:12:31.0093 1240 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:12:31.0109 1240 WmdmPmSN - ok
16:12:31.0203 1240 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:12:31.0234 1240 WmiApSrv - ok
16:12:31.0656 1240 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:12:31.0953 1240 WMPNetworkSvc - ok
16:12:32.0031 1240 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:12:32.0031 1240 WpdUsb - ok
16:12:32.0468 1240 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:12:32.0703 1240 WPFFontCache_v0400 - ok
16:12:32.0765 1240 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:12:32.0781 1240 WS2IFSL - ok
16:12:32.0796 1240 WSearch - ok
16:12:32.0859 1240 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:12:32.0875 1240 WSTCODEC - ok
16:12:32.0921 1240 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:12:32.0953 1240 wuauserv - ok
16:12:33.0015 1240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:12:33.0031 1240 WudfPf - ok
16:12:33.0093 1240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:12:33.0109 1240 WudfRd - ok
16:12:33.0156 1240 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:12:33.0187 1240 WudfSvc - ok
16:12:33.0390 1240 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:12:33.0546 1240 WZCSVC - ok
16:12:33.0625 1240 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:12:33.0671 1240 xmlprov - ok
16:12:33.0781 1240 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:12:33.0812 1240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
16:12:33.0812 1240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
16:12:33.0828 1240 MBR (0x1B8) (a4321b93982791ad424e663f6b5cd59d) \Device\Harddisk5\DR11
16:12:36.0187 1240 \Device\Harddisk5\DR11 - ok
16:12:36.0218 1240 Boot (0x1200) (51f21af483aab4d9efcb2a214203fab7) \Device\Harddisk0\DR0\Partition0
16:12:36.0218 1240 \Device\Harddisk0\DR0\Partition0 - ok
16:12:36.0218 1240 ============================================================
16:12:36.0218 1240 Scan finished
16:12:36.0218 1240 ============================================================
16:12:36.0265 0956 Detected object count: 2
16:12:36.0265 0956 Actual detected object count: 2
16:12:45.0421 0956 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
16:12:45.0468 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\@ - copied to quarantine
16:12:45.0468 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\cfg.ini - copied to quarantine
16:12:45.0531 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\Desktop.ini - copied to quarantine
16:12:45.0609 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\L\uqhddzmi - copied to quarantine
16:12:45.0703 0956 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
16:12:47.0687 0956 Backup copy found, using it..
16:12:47.0781 0956 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
16:12:50.0734 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\@ - will be deleted on reboot
16:12:50.0734 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\cfg.ini - will be deleted on reboot
16:12:50.0765 0956 C:\WINDOWS\$NtUninstallKB25124$\1124475170\Desktop.ini - will be deleted on reboot
16:12:50.0765 0956 C:\WINDOWS\$NtUninstallKB25124$\2494499368 - will be deleted on reboot
16:12:50.0765 0956 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
16:12:51.0953 0956 \Device\Harddisk0\DR0\# - copied to quarantine
16:12:51.0953 0956 \Device\Harddisk0\DR0 - copied to quarantine
16:12:52.0046 0956 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:12:52.0046 0956 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
16:12:52.0046 0956 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
16:12:52.0046 0956 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
16:12:52.0062 0956 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
16:12:52.0078 0956 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
16:12:52.0156 0956 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
16:12:52.0203 0956 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
16:12:52.0265 0956 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
16:12:52.0281 0956 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:12:52.0328 0956 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:12:52.0421 0956 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:12:52.0453 0956 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:12:52.0484 0956 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
16:12:52.0484 0956 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
16:12:52.0484 0956 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
16:12:52.0640 0956 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
16:12:52.0687 0956 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
16:12:52.0765 0956 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
16:12:52.0890 0956 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
16:12:56.0781 0956 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
16:12:56.0828 0956 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
16:12:59.0953 0956 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
16:13:00.0031 0956 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
16:13:00.0093 0956 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
16:13:00.0093 0956 \Device\Harddisk0\DR0 - ok
16:13:00.0125 0956 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
16:14:23.0375 1160 Deinitialize success

****************************************************************************************

aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 16:52:56
-----------------------------
16:52:56.406 OS Version: Windows 5.1.2600 Service Pack 3
16:52:56.406 Number of processors: 2 586 0x304
16:52:56.406 ComputerName: LIVINGROOM UserName:
16:52:58.687 Initialize success
16:53:33.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
16:53:33.781 Disk 0 Vendor: WDC_WD2000JD-22HBB0 08.02D08 Size: 190782MB BusType: 3
16:53:33.828 Disk 0 MBR read successfully
16:53:33.843 Disk 0 MBR scan
16:53:33.859 Disk 0 Windows XP default MBR code
16:53:33.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190779 MB offset 63
16:53:33.921 Disk 0 scanning sectors +390716865
16:53:34.046 Disk 0 scanning C:\WINDOWS\system32\drivers
16:53:53.500 Service scanning
16:54:30.515 Modules scanning
16:54:35.937 Disk 0 trace - called modules:
16:54:36.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:54:36.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8733cab8]
16:54:36.062 3 CLASSPNP.SYS[f75c3fd7] -> nt!IofCallDriver -> \Device\0000006b[0x873459e8]
16:54:36.093 5 ACPI.sys[f7503620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x87341d98]
16:54:36.125 Scan finished successfully
16:55:28.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:55:28.156 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR_log_6_24_2012.txt"



I've attached the MBR.dat file
DDS does not run, double click opens small window with cmd prompt look and closes immediately. I've tried removing and re-downloading/re-installing, but get same result.
I did another MBAM scan this morning and the new log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: LIVINGROOM [administrator]

6/24/2012 8:53:20 AM
mbam-log-2012-06-24 (08-53-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394945
Time elapsed: 2 hour(s), 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Owner\Application Data\Thinstall\Program Data\40000013a000002i\Illustrator.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP2269\A0554599.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP2269\A0555044.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP2269\A0555054.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{96439F1C-62BE-4598-89D2-C57363B204EC}\RP2275\A0557617.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

Sorry if I am slow to reply - no internet on infected machine, must use flash drive and another computer to download and transfer log files.
Thank you for your help!

#5 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 24 June 2012 - 04:27 PM

Also, forgot to include my GMER log - had to zip and attach...too big

Attached Files

  • Attached File  ark.zip   62.98KB   1 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 AM

Posted 25 June 2012 - 10:00 AM

Try to and see if you get your internet connection back.
Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Edited by nasdaq, 25 June 2012 - 10:02 AM.


#7 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 25 June 2012 - 01:21 PM

Tried the ipconfig commands, but got same error message with both:

Windows IP Configuration
An internal error occurred: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.

c:\Documents and Settings\Administrator>

not sure why I'm at docs & settings, tried cd c:\ but sent me right back to
c:\Documents and Settings\Administrator>

So I went ahead with ComboFix, but now I'm realizing it needs an internet connection (sorry, should have read more carefully)
I'm at the point where it wants to download and install windows recovery console, but needs an active internet connection.

Should I continue without Windows recovery console?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 AM

Posted 26 June 2012 - 07:51 AM

ipconfig /flushdns
ipconfig /renew

You are leaving a space before the Slash /
===

not sure why I'm at docs & settings, tried cd c:\ but sent me right back to
c:\Documents and Settings\Administrator>

At the DOS prompt try CD c:\Windows
If you get to that folder Type DIR and hit the enter key.
Do you see the operating system files?
===



Please download this file using a good computer and place it on your desktop.

MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Minidump Files
  • List Restore Points.
Click Go and copy/paste the log (Result.txt) into your next post.

#9 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 28 June 2012 - 06:42 PM

Sorry, my reply never posted and I didn't realize

Anyway, yes definitely space before slash

Change to C:\windows worked, but I don't think directory is correct:

Directory of C:\WINDOWS

06/24/2012 04:15 PM <DIR> $NtUninstallKB25124$
08/30/2000 08:00 PM 80,412 grep.exe
11/07/2010 01:20 PM 208,896 MBR.exe
06/10/2012 09:22 AM 435 nsw.log
06/26/2011 02:45 AM 256,000 PEV.exe
04/13/2008 08:12 PM 146,432 regedit.exe
08/30/2000 08:00 PM 98,816 sed.exe
08/30/2000 08:00 PM 518,144 SWREG.exe
08/30/2000 08:00 PM 406,528 SWSC.exe
08/30/2000 08:00 PM 212,480 SWXCACLS.exe
08/30/2000 08:00 PM 68,096 zip.exe
10 File(s) 1,996,239 bytes
1 Dir(s) 116,369,858,560 bytes free

and the minitoolbox log:
MiniToolBox by Farbar Version: 25-06-2012
Ran by Administrator (administrator) on 26-06-2012 at 10:56:12
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration


Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Unable to contact IP driver, error code 2,========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/24/2012 08:45:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/17/2012 08:50:41 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/17/2012 10:34:47 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/10/2012 11:26:12 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/10/2012 09:26:59 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/01/2012 08:08:59 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/01/2012 05:52:43 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


System errors:
=============
Error: (06/26/2012 10:55:16 AM) (Source: DCOM) (User: LIVINGROOM)
Description: The server {AE3A66BB-85FE-49B8-BF7B-4DB4E0005091} did not register with DCOM within the required timeout.

Error: (06/26/2012 10:53:12 AM) (Source: DCOM) (User: LIVINGROOM)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/26/2012 10:52:21 AM) (Source: DCOM) (User: LIVINGROOM)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver
ctxusbm
Fips
intelppm
SASDIFSV
SASKUTIL
Tcpip

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live Family Safety service depends on the fssfltr service which failed to start because of the following error:
%%1068

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (06/26/2012 10:46:12 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).


Microsoft Office Sessions:
=========================
Error: (06/24/2012 08:45:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/17/2012 08:50:41 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/17/2012 10:34:47 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/10/2012 11:26:12 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/10/2012 09:26:59 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/01/2012 08:08:59 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (06/01/2012 05:52:43 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010112-01.dmp
C:\WINDOWS\Minidump\Mini011412-01.dmp
C:\WINDOWS\Minidump\Mini012112-01.dmp
C:\WINDOWS\Minidump\Mini020312-01.dmp
C:\WINDOWS\Minidump\Mini020412-01.dmp
C:\WINDOWS\Minidump\Mini022512-01.dmp
C:\WINDOWS\Minidump\Mini022808-01.dmp
C:\WINDOWS\Minidump\Mini031512-01.dmp
C:\WINDOWS\Minidump\Mini032307-01.dmp
C:\WINDOWS\Minidump\Mini040612-01.dmp
C:\WINDOWS\Minidump\Mini040912-01.dmp
C:\WINDOWS\Minidump\Mini042212-01.dmp
C:\WINDOWS\Minidump\Mini042912-01.dmp
C:\WINDOWS\Minidump\Mini043009-01.dmp
C:\WINDOWS\Minidump\Mini050809-01.dmp
C:\WINDOWS\Minidump\Mini051612-01.dmp
C:\WINDOWS\Minidump\Mini102006-01.dmp
C:\WINDOWS\Minidump\Mini102306-01.dmp
C:\WINDOWS\Minidump\Mini121511-01.dmp
C:\WINDOWS\Minidump\Mini121611-01.dmp
C:\WINDOWS\Minidump\Mini122911-01.dmp
========================= Restore Points ==================================

04-03-2012 04:20:05 System Checkpoint
05-03-2012 05:51:40 System Checkpoint
06-03-2012 06:29:20 System Checkpoint
08-03-2012 00:38:50 System Checkpoint
09-03-2012 02:46:37 System Checkpoint
10-03-2012 03:06:09 System Checkpoint
11-03-2012 13:47:39 System Checkpoint
12-03-2012 22:44:14 System Checkpoint
13-03-2012 22:51:01 System Checkpoint
15-03-2012 00:00:41 System Checkpoint
15-03-2012 07:00:21 Software Distribution Service 3.0
16-03-2012 07:31:16 System Checkpoint
17-03-2012 07:32:25 System Checkpoint
18-03-2012 19:20:32 System Checkpoint
20-03-2012 01:23:15 System Checkpoint
21-03-2012 01:47:29 System Checkpoint
22-03-2012 02:16:52 System Checkpoint
23-03-2012 02:54:00 System Checkpoint
24-03-2012 04:01:53 System Checkpoint
25-03-2012 04:31:25 System Checkpoint
26-03-2012 05:26:12 System Checkpoint
27-03-2012 05:41:24 System Checkpoint
28-03-2012 06:41:24 System Checkpoint
29-03-2012 07:17:25 System Checkpoint
30-03-2012 08:29:25 System Checkpoint
31-03-2012 21:34:57 System Checkpoint
02-04-2012 06:10:16 System Checkpoint
03-04-2012 06:45:31 System Checkpoint
04-04-2012 07:30:36 System Checkpoint
05-04-2012 07:50:02 System Checkpoint
06-04-2012 08:28:43 System Checkpoint
09-04-2012 02:04:57 System Checkpoint
10-04-2012 02:30:00 System Checkpoint
11-04-2012 05:34:24 System Checkpoint
12-04-2012 06:09:44 System Checkpoint
13-04-2012 06:30:14 System Checkpoint
13-04-2012 07:00:20 Software Distribution Service 3.0
14-04-2012 07:00:23 Software Distribution Service 3.0
15-04-2012 08:27:54 System Checkpoint
16-04-2012 10:00:10 System Checkpoint
17-04-2012 10:24:10 System Checkpoint
18-04-2012 14:59:27 System Checkpoint
21-04-2012 21:14:29 System Checkpoint
23-04-2012 06:09:33 System Checkpoint
24-04-2012 06:35:56 System Checkpoint
25-04-2012 07:21:24 System Checkpoint
26-04-2012 07:44:27 System Checkpoint
27-04-2012 08:39:36 System Checkpoint
28-04-2012 15:53:50 System Checkpoint
30-04-2012 06:21:54 System Checkpoint
01-05-2012 06:28:13 System Checkpoint
02-05-2012 07:06:20 System Checkpoint
04-05-2012 05:56:39 System Checkpoint
05-05-2012 07:09:05 System Checkpoint
06-05-2012 07:52:56 System Checkpoint
07-05-2012 08:45:46 System Checkpoint
09-05-2012 05:53:14 System Checkpoint
10-05-2012 06:29:07 System Checkpoint
10-05-2012 07:00:19 Software Distribution Service 3.0
11-05-2012 07:00:19 Software Distribution Service 3.0
12-05-2012 07:47:34 System Checkpoint
13-05-2012 08:11:40 System Checkpoint
14-05-2012 08:12:39 System Checkpoint
15-05-2012 09:00:39 System Checkpoint
17-05-2012 00:04:02 System Checkpoint
18-05-2012 07:49:26 System Checkpoint
19-05-2012 08:27:04 System Checkpoint
24-05-2012 22:06:50 Software Distribution Service 3.0
26-05-2012 15:32:18 System Checkpoint
27-05-2012 15:32:51 System Checkpoint
28-05-2012 16:32:53 System Checkpoint
30-05-2012 21:58:42 Restore Operation
30-05-2012 22:43:11 Restore Operation
30-05-2012 22:43:49 Restore Operation
30-05-2012 22:44:53 Restore Operation
31-05-2012 23:24:04 System Checkpoint
02-06-2012 00:05:38 Restore Operation
10-06-2012 13:14:11 Restore Operation
17-06-2012 16:19:36 Restore Operation
17-06-2012 16:30:03 Restore Operation
18-06-2012 00:43:29 Restore Operation
18-06-2012 01:00:11 Restore Operation

**** End of log ****

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 AM

Posted 29 June 2012 - 08:38 AM

Change to C:\windows worked, but I don't think directory is correct:

I agree you should see all the operating system folders and files.

Most files are listed in your logs.

It's possible that they are hidden.


Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
===

Download using a good computer. Copy the file to the problem computer.

Download LSPfix
Unzip the file to a folder on the desktop of the problem computer.
Double-click to run
Select: (Advanced) "I know what I'm doing"
Then click the FINISH button.
Restart your computer.

Is you internet back?

#11 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2012 - 06:14 PM

Display hidden files doesn't work. Same directory list. I actually tried to display hidden files when I started having problems, even directly changing registry entry (for hidden files) didn't worked, deleted and re-added, still didn't work.

LSPfix ran and gave 4 lines of report, but I forgot to save.
No internet still.

#12 OMbleepingG

OMbleepingG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2012 - 06:21 PM

I am still operating only in safe mode...is that correct?
Actually I choose safe with networking. My internet connection is via a router from a dsl line. Router does not show that pc as connected (it's cabled, not wireless). Other pc on same router work fine to internet as do all of our wireless handheld devices. Computers are not networked other than sharing dsl line.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 AM

Posted 30 June 2012 - 08:05 AM

With that information you should start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

I do not think it's malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users