Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Randomly Playing Audio Advertisements


  • Please log in to reply
28 replies to this topic

#1 Orgeston

Orgeston

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 28 June 2012 - 04:01 AM

My computer will play what sounds like the audio of TV advertisements when I'm connected to the internet, even when I shut down Chrome. I've run SBSaD and MalBytes multiple times to no avail. It stops when I disconnect from the internet. I think this is also what's redirecting me to adds when I click Google search results.

I'm running XP Media Center.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 28 June 2012 - 04:04 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 28 June 2012 - 10:31 AM

Alright, here's what I got.

TDSS


04:24:57.0503 9744 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
04:24:58.0221 9744 ============================================================
04:24:58.0221 9744 Current date / time: 2012/06/28 04:24:58.0221
04:24:58.0221 9744 SystemInfo:
04:24:58.0221 9744
04:24:58.0221 9744 OS Version: 5.1.2600 ServicePack: 3.0
04:24:58.0221 9744 Product type: Workstation
04:24:58.0221 9744 ComputerName: GLORIFIED-TOAST
04:24:58.0221 9744 UserName: The Realm
04:24:58.0221 9744 Windows directory: C:\WINDOWS
04:24:58.0221 9744 System windows directory: C:\WINDOWS
04:24:58.0221 9744 Processor architecture: Intel x86
04:24:58.0221 9744 Number of processors: 2
04:24:58.0221 9744 Page size: 0x1000
04:24:58.0221 9744 Boot type: Normal boot
04:24:58.0221 9744 ============================================================
04:25:08.0831 9744 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:25:08.0831 9744 ============================================================
04:25:08.0831 9744 \Device\Harddisk0\DR0:
04:25:08.0893 9744 MBR partitions:
04:25:08.0893 9744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x94FAAFC
04:25:08.0893 9744 ============================================================
04:25:09.0518 9744 C: <-> \Device\Harddisk0\DR0\Partition0
04:25:09.0518 9744 ============================================================
04:25:09.0518 9744 Initialize success
04:25:09.0518 9744 ============================================================
04:25:31.0331 1620 ============================================================
04:25:31.0331 1620 Scan started
04:25:31.0331 1620 Mode: Manual; TDLFS;
04:25:31.0331 1620 ============================================================
04:25:34.0190 1620 Abiosdsk - ok
04:25:34.0206 1620 abp480n5 - ok
04:25:34.0378 1620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:25:34.0378 1620 ACPI - ok
04:25:34.0471 1620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:25:34.0471 1620 ACPIEC - ok
04:25:34.0534 1620 ADIHdAudAddService (0bcb5bd6ea1cbf1750d881e0c4e923ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys
04:25:34.0581 1620 ADIHdAudAddService - ok
04:25:34.0643 1620 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:25:34.0643 1620 AdobeFlashPlayerUpdateSvc - ok
04:25:34.0659 1620 adpu160m - ok
04:25:34.0690 1620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:25:34.0690 1620 aec - ok
04:25:34.0753 1620 AFD (986e17e27ba03d76959628b9885e120e) C:\WINDOWS\System32\drivers\afd.sys
04:25:34.0753 1620 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 986e17e27ba03d76959628b9885e120e, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
04:25:34.0753 1620 AFD ( Virus.Win32.ZAccess.k ) - infected
04:25:34.0753 1620 AFD - detected Virus.Win32.ZAccess.k (0)
04:25:34.0768 1620 Aha154x - ok
04:25:34.0768 1620 aic78u2 - ok
04:25:34.0768 1620 aic78xx - ok
04:25:34.0878 1620 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
04:25:34.0878 1620 Alerter - ok
04:25:34.0909 1620 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
04:25:34.0909 1620 ALG - ok
04:25:34.0909 1620 AliIde - ok
04:25:34.0909 1620 AmdLLD - ok
04:25:34.0924 1620 amsint - ok
04:25:34.0971 1620 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
04:25:34.0971 1620 AppMgmt - ok
04:25:34.0971 1620 asc - ok
04:25:34.0987 1620 asc3350p - ok
04:25:34.0987 1620 asc3550 - ok
04:25:35.0081 1620 ASFIPmon (cc184933b1dd73f34db5346515639a59) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
04:25:35.0081 1620 ASFIPmon - ok
04:25:35.0206 1620 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
04:25:35.0268 1620 aspnet_state - ok
04:25:35.0299 1620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:25:35.0315 1620 AsyncMac - ok
04:25:35.0331 1620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:25:35.0331 1620 atapi - ok
04:25:35.0331 1620 Atdisk - ok
04:25:35.0362 1620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:25:35.0362 1620 Atmarpc - ok
04:25:35.0424 1620 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
04:25:35.0424 1620 AudioSrv - ok
04:25:35.0471 1620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:25:35.0471 1620 audstub - ok
04:25:35.0518 1620 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
04:25:35.0534 1620 b57w2k - ok
04:25:35.0534 1620 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
04:25:35.0549 1620 BASFND - ok
04:25:35.0581 1620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:25:35.0581 1620 Beep - ok
04:25:35.0612 1620 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
04:25:35.0674 1620 BITS - ok
04:25:35.0706 1620 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
04:25:35.0706 1620 Browser - ok
04:25:35.0753 1620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:25:35.0753 1620 cbidf2k - ok
04:25:35.0753 1620 cd20xrnt - ok
04:25:35.0768 1620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:25:35.0768 1620 Cdaudio - ok
04:25:35.0784 1620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:25:35.0784 1620 Cdfs - ok
04:25:35.0799 1620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:25:35.0799 1620 Cdrom - ok
04:25:35.0846 1620 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
04:25:35.0846 1620 cercsr6 - ok
04:25:35.0862 1620 Changer - ok
04:25:35.0893 1620 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
04:25:35.0893 1620 CiSvc - ok
04:25:35.0909 1620 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
04:25:35.0909 1620 ClipSrv - ok
04:25:35.0971 1620 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:25:36.0034 1620 clr_optimization_v2.0.50727_32 - ok
04:25:36.0253 1620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:25:36.0315 1620 clr_optimization_v4.0.30319_32 - ok
04:25:36.0315 1620 CmdIde - ok
04:25:36.0331 1620 COMSysApp - ok
04:25:36.0331 1620 Cpqarray - ok
04:25:36.0393 1620 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
04:25:36.0409 1620 cpudrv - ok
04:25:36.0487 1620 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
04:25:36.0503 1620 CryptSvc - ok
04:25:36.0503 1620 dac2w2k - ok
04:25:36.0503 1620 dac960nt - ok
04:25:36.0565 1620 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
04:25:36.0596 1620 DcomLaunch - ok
04:25:36.0643 1620 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
04:25:36.0643 1620 Dhcp - ok
04:25:36.0659 1620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:25:36.0659 1620 Disk - ok
04:25:36.0659 1620 dmadmin - ok
04:25:36.0706 1620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:25:36.0721 1620 dmboot - ok
04:25:36.0753 1620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:25:36.0753 1620 dmio - ok
04:25:36.0784 1620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:25:36.0784 1620 dmload - ok
04:25:36.0815 1620 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
04:25:36.0815 1620 dmserver - ok
04:25:36.0815 1620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:25:36.0815 1620 DMusic - ok
04:25:36.0862 1620 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
04:25:36.0862 1620 Dnscache - ok
04:25:36.0909 1620 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
04:25:36.0909 1620 Dot3svc - ok
04:25:36.0909 1620 dpti2o - ok
04:25:36.0956 1620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:25:36.0956 1620 drmkaud - ok
04:25:36.0971 1620 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
04:25:36.0987 1620 EapHost - ok
04:25:37.0065 1620 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
04:25:37.0065 1620 ehRecvr - ok
04:25:37.0128 1620 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
04:25:37.0143 1620 ehSched - ok
04:25:37.0174 1620 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
04:25:37.0174 1620 ERSvc - ok
04:25:37.0221 1620 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:25:37.0237 1620 Eventlog - ok
04:25:37.0284 1620 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
04:25:37.0299 1620 EventSystem - ok
04:25:37.0346 1620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:25:37.0346 1620 Fastfat - ok
04:25:37.0393 1620 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:25:37.0409 1620 FastUserSwitchingCompatibility - ok
04:25:37.0471 1620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
04:25:37.0471 1620 Fdc - ok
04:25:37.0518 1620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:25:37.0518 1620 Fips - ok
04:25:37.0737 1620 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:25:37.0768 1620 FLEXnet Licensing Service - ok
04:25:37.0815 1620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:25:37.0815 1620 Flpydisk - ok
04:25:37.0862 1620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:25:37.0862 1620 FltMgr - ok
04:25:37.0987 1620 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:25:38.0003 1620 FontCache3.0.0.0 - ok
04:25:38.0003 1620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:25:38.0003 1620 Fs_Rec - ok
04:25:38.0034 1620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:25:38.0034 1620 Ftdisk - ok
04:25:38.0065 1620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:25:38.0065 1620 Gpc - ok
04:25:38.0112 1620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:25:38.0143 1620 HDAudBus - ok
04:25:38.0237 1620 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:25:38.0237 1620 helpsvc - ok
04:25:38.0253 1620 HidServ - ok
04:25:38.0253 1620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:25:38.0253 1620 hidusb - ok
04:25:38.0299 1620 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
04:25:38.0299 1620 hkmsvc - ok
04:25:38.0299 1620 hpn - ok
04:25:38.0346 1620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:25:38.0362 1620 HTTP - ok
04:25:38.0378 1620 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
04:25:38.0378 1620 HTTPFilter - ok
04:25:38.0424 1620 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\WINDOWS\system32\Drivers\hwinterface.sys
04:25:38.0503 1620 hwinterface - ok
04:25:38.0503 1620 i2omgmt - ok
04:25:38.0503 1620 i2omp - ok
04:25:38.0581 1620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
04:25:38.0581 1620 i8042prt - ok
04:25:38.0799 1620 ialm (bd9462e346229f37fd5b95fbcb6d3d34) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
04:25:38.0878 1620 ialm - ok
04:25:39.0034 1620 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:25:39.0065 1620 idsvc - ok
04:25:39.0206 1620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:25:39.0206 1620 Imapi - ok
04:25:39.0253 1620 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
04:25:39.0253 1620 ImapiService - ok
04:25:39.0253 1620 ini910u - ok
04:25:39.0268 1620 IntelIde - ok
04:25:39.0299 1620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:25:39.0299 1620 intelppm - ok
04:25:39.0331 1620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:25:39.0331 1620 Ip6Fw - ok
04:25:39.0346 1620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:25:39.0346 1620 IpFilterDriver - ok
04:25:39.0362 1620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:25:39.0362 1620 IpInIp - ok
04:25:39.0393 1620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:25:39.0409 1620 IpNat - ok
04:25:39.0503 1620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:25:39.0503 1620 IPSec - ok
04:25:39.0518 1620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:25:39.0518 1620 IRENUM - ok
04:25:39.0565 1620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:25:39.0565 1620 isapnp - ok
04:25:39.0706 1620 JavaQuickStarterService (418c2b04e8f21a099abcb5cd8cbab798) C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\jqs.exe
04:25:39.0721 1620 JavaQuickStarterService - ok
04:25:39.0753 1620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:25:39.0753 1620 Kbdclass - ok
04:25:39.0768 1620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:25:39.0768 1620 kbdhid - ok
04:25:39.0784 1620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:25:39.0784 1620 kmixer - ok
04:25:39.0831 1620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:25:39.0846 1620 KSecDD - ok
04:25:39.0893 1620 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
04:25:39.0909 1620 lanmanserver - ok
04:25:39.0971 1620 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
04:25:40.0034 1620 lanmanworkstation - ok
04:25:40.0034 1620 lbrtfdc - ok
04:25:40.0112 1620 LexBceS (bf270f15f6a702444f8ac621bbc30f87) C:\WINDOWS\system32\LEXBCES.EXE
04:25:40.0128 1620 LexBceS - ok
04:25:40.0190 1620 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
04:25:40.0190 1620 LmHosts - ok
04:25:40.0221 1620 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
04:25:40.0221 1620 MBAMSwissArmy - ok
04:25:40.0315 1620 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
04:25:40.0315 1620 McrdSvc - ok
04:25:40.0346 1620 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
04:25:40.0346 1620 Messenger - ok
04:25:40.0362 1620 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
04:25:40.0362 1620 MHN - ok
04:25:40.0378 1620 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
04:25:40.0378 1620 MHNDRV - ok
04:25:40.0581 1620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:25:40.0581 1620 mnmdd - ok
04:25:40.0815 1620 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
04:25:40.0831 1620 mnmsrvc - ok
04:25:40.0893 1620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:25:40.0909 1620 Modem - ok
04:25:40.0971 1620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:25:40.0971 1620 Mouclass - ok
04:25:41.0018 1620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:25:41.0018 1620 mouhid - ok
04:25:41.0034 1620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:25:41.0034 1620 MountMgr - ok
04:25:41.0034 1620 mraid35x - ok
04:25:41.0049 1620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:25:41.0049 1620 MRxDAV - ok
04:25:41.0112 1620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:25:41.0128 1620 MRxSmb - ok
04:25:41.0159 1620 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
04:25:41.0174 1620 MSDTC - ok
04:25:41.0206 1620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:25:41.0206 1620 Msfs - ok
04:25:41.0206 1620 MSIServer - ok
04:25:41.0237 1620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:25:41.0237 1620 MSKSSRV - ok
04:25:41.0253 1620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:25:41.0253 1620 MSPCLOCK - ok
04:25:41.0253 1620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:25:41.0253 1620 MSPQM - ok
04:25:41.0284 1620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:25:41.0284 1620 mssmbios - ok
04:25:41.0331 1620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:25:41.0331 1620 Mup - ok
04:25:41.0378 1620 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
04:25:41.0393 1620 napagent - ok
04:25:41.0612 1620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:25:41.0612 1620 NDIS - ok
04:25:41.0674 1620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:25:41.0674 1620 NdisTapi - ok
04:25:41.0690 1620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:25:41.0690 1620 Ndisuio - ok
04:25:41.0706 1620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:25:41.0721 1620 NdisWan - ok
04:25:41.0737 1620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:25:41.0753 1620 NDProxy - ok
04:25:41.0768 1620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:25:41.0768 1620 NetBIOS - ok
04:25:41.0784 1620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:25:41.0784 1620 NetBT - ok
04:25:41.0831 1620 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:25:41.0831 1620 NetDDE - ok
04:25:41.0831 1620 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:25:41.0831 1620 NetDDEdsdm - ok
04:25:41.0878 1620 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:41.0878 1620 Netlogon - ok
04:25:41.0893 1620 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
04:25:41.0909 1620 Netman - ok
04:25:42.0049 1620 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:25:42.0096 1620 NetTcpPortSharing - ok
04:25:42.0128 1620 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
04:25:42.0143 1620 Nla - ok
04:25:42.0190 1620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:25:42.0190 1620 Npfs - ok
04:25:42.0221 1620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:25:42.0237 1620 Ntfs - ok
04:25:42.0237 1620 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:42.0237 1620 NtLmSsp - ok
04:25:42.0299 1620 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
04:25:42.0315 1620 NtmsSvc - ok
04:25:42.0362 1620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:25:42.0362 1620 Null - ok
04:25:43.0081 1620 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:25:43.0440 1620 nv - ok
04:25:43.0628 1620 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
04:25:43.0628 1620 NVSvc - ok
04:25:43.0799 1620 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
04:25:43.0878 1620 nvUpdatusService - ok
04:25:43.0987 1620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:25:43.0987 1620 NwlnkFlt - ok
04:25:44.0003 1620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:25:44.0003 1620 NwlnkFwd - ok
04:25:44.0034 1620 OverwolfUpdaterService (0e2fde2689340f06e7005bcdc45a5f5a) C:\Program Files\Overwolf\\OverwolfUpdater.exe
04:25:44.0034 1620 OverwolfUpdaterService - ok
04:25:44.0065 1620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:25:44.0065 1620 Parport - ok
04:25:44.0065 1620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:25:44.0081 1620 PartMgr - ok
04:25:44.0128 1620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:25:44.0128 1620 ParVdm - ok
04:25:44.0128 1620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:25:44.0143 1620 PCI - ok
04:25:44.0143 1620 PCIDump - ok
04:25:44.0206 1620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:25:44.0206 1620 PCIIde - ok
04:25:44.0237 1620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:25:44.0237 1620 Pcmcia - ok
04:25:44.0253 1620 PDCOMP - ok
04:25:44.0253 1620 PDFRAME - ok
04:25:44.0253 1620 PDRELI - ok
04:25:44.0268 1620 PDRFRAME - ok
04:25:44.0268 1620 perc2 - ok
04:25:44.0284 1620 perc2hib - ok
04:25:44.0331 1620 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:25:44.0346 1620 PlugPlay - ok
04:25:44.0378 1620 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:44.0378 1620 PolicyAgent - ok
04:25:44.0393 1620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:25:44.0393 1620 PptpMiniport - ok
04:25:44.0393 1620 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:44.0409 1620 ProtectedStorage - ok
04:25:44.0471 1620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:25:44.0471 1620 PSched - ok
04:25:44.0518 1620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:25:44.0518 1620 Ptilink - ok
04:25:44.0565 1620 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:25:44.0565 1620 PxHelp20 - ok
04:25:44.0565 1620 ql1080 - ok
04:25:44.0581 1620 Ql10wnt - ok
04:25:44.0581 1620 ql12160 - ok
04:25:44.0596 1620 ql1240 - ok
04:25:44.0596 1620 ql1280 - ok
04:25:44.0628 1620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:25:44.0628 1620 RasAcd - ok
04:25:44.0659 1620 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
04:25:44.0659 1620 RasAuto - ok
04:25:44.0690 1620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:25:44.0690 1620 Rasl2tp - ok
04:25:44.0737 1620 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
04:25:44.0753 1620 RasMan - ok
04:25:44.0768 1620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:25:44.0768 1620 RasPppoe - ok
04:25:44.0784 1620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:25:44.0784 1620 Raspti - ok
04:25:44.0799 1620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:25:44.0799 1620 Rdbss - ok
04:25:44.0799 1620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:25:44.0815 1620 RDPCDD - ok
04:25:44.0846 1620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:25:44.0846 1620 rdpdr - ok
04:25:44.0893 1620 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
04:25:44.0893 1620 RDPWD - ok
04:25:44.0924 1620 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
04:25:44.0940 1620 RDSessMgr - ok
04:25:44.0971 1620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:25:44.0971 1620 redbook - ok
04:25:45.0003 1620 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
04:25:45.0003 1620 RemoteAccess - ok
04:25:45.0034 1620 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
04:25:45.0034 1620 RemoteRegistry - ok
04:25:45.0065 1620 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
04:25:45.0065 1620 RpcLocator - ok
04:25:45.0143 1620 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
04:25:45.0143 1620 RpcSs - ok
04:25:45.0174 1620 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
04:25:45.0190 1620 RSVP - ok
04:25:45.0253 1620 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
04:25:45.0284 1620 RTL8192cu - ok
04:25:45.0362 1620 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:45.0362 1620 SamSs - ok
04:25:45.0471 1620 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
04:25:45.0471 1620 SCardSvr - ok
04:25:45.0518 1620 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
04:25:45.0534 1620 Schedule - ok
04:25:45.0565 1620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:25:45.0565 1620 Secdrv - ok
04:25:45.0596 1620 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
04:25:45.0596 1620 seclogon - ok
04:25:45.0643 1620 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
04:25:45.0643 1620 SENS - ok
04:25:45.0659 1620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:25:45.0659 1620 serenum - ok
04:25:45.0674 1620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:25:45.0674 1620 Serial - ok
04:25:45.0721 1620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:25:45.0721 1620 Sfloppy - ok
04:25:45.0768 1620 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:25:45.0768 1620 ShellHWDetection - ok
04:25:45.0784 1620 Simbad - ok
04:25:45.0878 1620 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
04:25:45.0878 1620 SkypeUpdate - ok
04:25:45.0893 1620 Sparrow - ok
04:25:45.0909 1620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:25:45.0924 1620 splitter - ok
04:25:45.0956 1620 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
04:25:45.0956 1620 Spooler - ok
04:25:46.0081 1620 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
04:25:46.0081 1620 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
04:25:46.0081 1620 sptd ( LockedFile.Multi.Generic ) - warning
04:25:46.0081 1620 sptd - detected LockedFile.Multi.Generic (1)
04:25:46.0096 1620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:25:46.0096 1620 sr - ok
04:25:46.0112 1620 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
04:25:46.0112 1620 srservice - ok
04:25:46.0159 1620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:25:46.0190 1620 Srv - ok
04:25:46.0190 1620 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
04:25:46.0206 1620 SSDPSRV - ok
04:25:46.0299 1620 Steam Client Service - ok
04:25:46.0346 1620 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
04:25:46.0362 1620 stisvc - ok
04:25:46.0378 1620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:25:46.0378 1620 swenum - ok
04:25:46.0518 1620 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04:25:46.0534 1620 SwitchBoard - ok
04:25:46.0549 1620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:25:46.0549 1620 swmidi - ok
04:25:46.0549 1620 SwPrv - ok
04:25:46.0565 1620 symc810 - ok
04:25:46.0565 1620 symc8xx - ok
04:25:46.0565 1620 sym_hi - ok
04:25:46.0581 1620 sym_u3 - ok
04:25:46.0612 1620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:25:46.0612 1620 sysaudio - ok
04:25:46.0643 1620 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
04:25:46.0643 1620 SysmonLog - ok
04:25:46.0909 1620 TabletServicePen (1ff41723b6cf6ef0d2456691b75131bb) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
04:25:47.0065 1620 TabletServicePen - ok
04:25:47.0253 1620 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
04:25:47.0268 1620 TapiSrv - ok
04:25:47.0378 1620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:25:47.0393 1620 Tcpip - ok
04:25:47.0596 1620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:25:47.0596 1620 TDPIPE - ok
04:25:47.0612 1620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:25:47.0612 1620 TDTCP - ok
04:25:47.0628 1620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:25:47.0628 1620 TermDD - ok
04:25:47.0706 1620 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
04:25:47.0721 1620 TermService - ok
04:25:47.0768 1620 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:25:47.0768 1620 Themes - ok
04:25:47.0799 1620 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
04:25:47.0815 1620 TlntSvr - ok
04:25:47.0815 1620 TosIde - ok
04:25:47.0956 1620 TouchServicePen (c17ea46c3326a951dc3b8e883d661e0c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
04:25:47.0971 1620 TouchServicePen - ok
04:25:48.0034 1620 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
04:25:48.0049 1620 TrkWks - ok
04:25:48.0081 1620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:25:48.0081 1620 Udfs - ok
04:25:48.0081 1620 ultra - ok
04:25:48.0159 1620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:25:48.0174 1620 Update - ok
04:25:48.0206 1620 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
04:25:48.0221 1620 upnphost - ok
04:25:48.0253 1620 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
04:25:48.0253 1620 UPS - ok
04:25:48.0284 1620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:25:48.0284 1620 usbccgp - ok
04:25:48.0331 1620 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
04:25:48.0331 1620 USBCCID - ok
04:25:48.0346 1620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:25:48.0346 1620 usbehci - ok
04:25:48.0393 1620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:25:48.0393 1620 usbhub - ok
04:25:48.0518 1620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:25:48.0518 1620 usbprint - ok
04:25:48.0596 1620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:25:48.0596 1620 usbscan - ok
04:25:48.0628 1620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:25:48.0628 1620 USBSTOR - ok
04:25:48.0628 1620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:25:48.0628 1620 usbuhci - ok
04:25:48.0643 1620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:25:48.0643 1620 VgaSave - ok
04:25:48.0643 1620 ViaIde - ok
04:25:48.0690 1620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:25:48.0690 1620 VolSnap - ok
04:25:48.0737 1620 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
04:25:48.0784 1620 VSS - ok
04:25:48.0815 1620 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
04:25:48.0831 1620 W32Time - ok
04:25:48.0878 1620 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
04:25:48.0878 1620 wacommousefilter - ok
04:25:48.0893 1620 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
04:25:48.0893 1620 wacomvhid - ok
04:25:48.0940 1620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:25:48.0940 1620 Wanarp - ok
04:25:48.0940 1620 WDICA - ok
04:25:48.0956 1620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:25:48.0971 1620 wdmaud - ok
04:25:49.0003 1620 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
04:25:49.0003 1620 WebClient - ok
04:25:49.0112 1620 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
04:25:49.0112 1620 winmgmt - ok
04:25:49.0159 1620 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
04:25:49.0159 1620 WmdmPmSN - ok
04:25:49.0237 1620 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
04:25:49.0253 1620 Wmi - ok
04:25:49.0299 1620 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:25:49.0315 1620 WmiApSrv - ok
04:25:49.0346 1620 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
04:25:49.0346 1620 WpdUsb - ok
04:25:49.0878 1620 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:25:49.0956 1620 WPFFontCache_v0400 - ok
04:25:50.0003 1620 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
04:25:50.0034 1620 wuauserv - ok
04:25:50.0065 1620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:25:50.0065 1620 WudfPf - ok
04:25:50.0081 1620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:25:50.0081 1620 WudfRd - ok
04:25:50.0112 1620 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
04:25:50.0112 1620 WudfSvc - ok
04:25:50.0159 1620 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
04:25:50.0221 1620 WZCSVC - ok
04:25:50.0268 1620 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
04:25:50.0284 1620 xmlprov - ok
04:25:50.0299 1620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
04:25:50.0987 1620 \Device\Harddisk0\DR0 - ok
04:25:51.0003 1620 Boot (0x1200) (8978e6d156b6e3e27f01cae16082a07c) \Device\Harddisk0\DR0\Partition0
04:25:51.0003 1620 \Device\Harddisk0\DR0\Partition0 - ok
04:25:51.0003 1620 ============================================================
04:25:51.0003 1620 Scan finished
04:25:51.0003 1620 ============================================================
04:25:51.0003 9012 Detected object count: 2
04:25:51.0003 9012 Actual detected object count: 2
04:26:17.0987 9012 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
04:26:18.0315 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\@ - copied to quarantine
04:26:18.0346 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\Desktop.ini - copied to quarantine
04:26:18.0346 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\L\00000004.@ - copied to quarantine
04:26:18.0346 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\L\201d3dde - copied to quarantine
04:26:18.0393 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\L\lqsxhfze - copied to quarantine
04:26:18.0409 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\00000004.@ - copied to quarantine
04:26:18.0440 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\00000008.@ - copied to quarantine
04:26:18.0456 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\000000cb.@ - copied to quarantine
04:26:18.0471 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\80000000.@ - copied to quarantine
04:26:18.0487 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\80000032.@ - copied to quarantine
04:26:19.0924 9012 Backup copy found, using it..
04:26:19.0956 9012 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
04:26:21.0487 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\@ - will be deleted on reboot
04:26:21.0487 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\Desktop.ini - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\00000004.@ - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\00000008.@ - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\000000cb.@ - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\80000000.@ - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\2030865014\U\80000032.@ - will be deleted on reboot
04:26:21.0987 9012 C:\WINDOWS\$NtUninstallKB62330$\365839655 - will be deleted on reboot
04:26:22.0237 9012 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
04:26:22.0237 9012 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:26:22.0237 9012 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
04:27:06.0971 5552 Deinitialize success







MBR

3м |PP|PW˽8n | uIt8,t< t NF s*F~ t ~ tuҀFFV
! s뼁>}Ut ~ tȠ멋W˿ V r#$?ފCцֱB9V
w#r9Fs |NV sQOtN2V V `UAr6Uu0t+a`j j v
vj h |jjBaasOt 2V aInvalid partition table Error loading operating system Missing operating system ,Dcf. > O U


I think I did that wrong.








ESET


C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\fakeshutdown\restart.exe Win32/FakeShutdown.A virus deleted - quarantined
C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\pirate\pirate.exe probably a variant of Win32/Agent.GPESDEA trojan cleaned by deleting - quarantined
C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\shakedown\shakedown.exe probably a variant of Win32/Agent.NISCJFT trojan cleaned by deleting - quarantined
C:\Program Files\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.06.2012_04.24.58\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.MT trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.06.2012_04.24.58\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\28.06.2012_04.24.58\rtkt0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.06.2012_04.24.58\rtkt0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4DAB492Z\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IEVW9TG5\celebritybabycraze[1].htm JS/Kryptik.PH trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ORAP0HED\celebritybabycraze[1].htm JS/Kryptik.PH trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WTS1O3IL\3373[1] JS/Kryptik.PH trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:00 PM

Posted 28 June 2012 - 10:38 AM

Your computer is heavily infected with a Rootkit (ZeroAccess/Kryptik).

I see the aswMBR didn't run correctly, try again. Please also rerun TDDSKiller.

#5 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 28 June 2012 - 11:46 AM

TDDS


10:43:58.0878 2996 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:44:00.0393 2996 ============================================================
10:44:00.0393 2996 Current date / time: 2012/06/28 10:44:00.0393
10:44:00.0393 2996 SystemInfo:
10:44:00.0393 2996
10:44:00.0393 2996 OS Version: 5.1.2600 ServicePack: 3.0
10:44:00.0393 2996 Product type: Workstation
10:44:00.0393 2996 ComputerName: GLORIFIED-TOAST
10:44:00.0393 2996 UserName: The Realm
10:44:00.0393 2996 Windows directory: C:\WINDOWS
10:44:00.0393 2996 System windows directory: C:\WINDOWS
10:44:00.0393 2996 Processor architecture: Intel x86
10:44:00.0393 2996 Number of processors: 2
10:44:00.0393 2996 Page size: 0x1000
10:44:00.0393 2996 Boot type: Normal boot
10:44:00.0393 2996 ============================================================
10:44:00.0643 2996 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:44:00.0643 2996 ============================================================
10:44:00.0643 2996 \Device\Harddisk0\DR0:
10:44:00.0643 2996 MBR partitions:
10:44:00.0643 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x94FAAFC
10:44:00.0643 2996 ============================================================
10:44:00.0721 2996 C: <-> \Device\Harddisk0\DR0\Partition0
10:44:00.0721 2996 ============================================================
10:44:00.0721 2996 Initialize success
10:44:00.0721 2996 ============================================================
10:56:55.0784 6848 ============================================================
10:56:55.0784 6848 Scan started
10:56:55.0784 6848 Mode: Manual; TDLFS;
10:56:55.0784 6848 ============================================================
10:57:01.0924 6848 17605686 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\67504943.sys
10:57:01.0940 6848 Abiosdsk - ok
10:57:01.0956 6848 abp480n5 - ok
10:57:02.0018 6848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:57:02.0018 6848 ACPI - ok
10:57:02.0112 6848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:57:02.0112 6848 ACPIEC - ok
10:57:02.0174 6848 ADIHdAudAddService (0bcb5bd6ea1cbf1750d881e0c4e923ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:57:02.0221 6848 ADIHdAudAddService - ok
10:57:02.0378 6848 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:57:02.0378 6848 AdobeFlashPlayerUpdateSvc - ok
10:57:02.0393 6848 adpu160m - ok
10:57:02.0440 6848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:57:02.0440 6848 aec - ok
10:57:02.0674 6848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\system32\drivers\tsk7B1.tmp
10:57:02.0690 6848 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk7B1.tmp. md5: 1e44bc1e83d8fd2305f8d452db109cf9
10:57:02.0690 6848 Aha154x - ok
10:57:02.0706 6848 aic78u2 - ok
10:57:02.0706 6848 aic78xx - ok
10:57:02.0737 6848 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:57:02.0737 6848 Alerter - ok
10:57:02.0768 6848 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:57:02.0768 6848 ALG - ok
10:57:02.0784 6848 AliIde - ok
10:57:02.0784 6848 AmdLLD - ok
10:57:02.0799 6848 amsint - ok
10:57:02.0846 6848 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:57:02.0846 6848 AppMgmt - ok
10:57:02.0862 6848 asc - ok
10:57:02.0878 6848 asc3350p - ok
10:57:02.0878 6848 asc3550 - ok
10:57:03.0049 6848 ASFIPmon (cc184933b1dd73f34db5346515639a59) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:57:03.0049 6848 ASFIPmon - ok
10:57:03.0237 6848 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:57:03.0362 6848 aspnet_state - ok
10:57:03.0487 6848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:57:03.0487 6848 AsyncMac - ok
10:57:03.0503 6848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:57:03.0503 6848 atapi - ok
10:57:03.0518 6848 Atdisk - ok
10:57:03.0565 6848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:57:03.0565 6848 Atmarpc - ok
10:57:03.0674 6848 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:57:03.0674 6848 AudioSrv - ok
10:57:03.0737 6848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:57:03.0737 6848 audstub - ok
10:57:03.0940 6848 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:57:03.0987 6848 b57w2k - ok
10:57:04.0284 6848 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:57:04.0284 6848 BASFND - ok
10:57:04.0565 6848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:57:04.0565 6848 Beep - ok
10:57:05.0690 6848 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:57:05.0690 6848 BITS - ok
10:57:05.0768 6848 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:57:05.0768 6848 Browser - ok
10:57:05.0846 6848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:57:05.0862 6848 cbidf2k - ok
10:57:05.0862 6848 cd20xrnt - ok
10:57:05.0987 6848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:57:05.0987 6848 Cdaudio - ok
10:57:06.0065 6848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:57:06.0065 6848 Cdfs - ok
10:57:06.0206 6848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:57:06.0206 6848 Cdrom - ok
10:57:06.0299 6848 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
10:57:06.0299 6848 cercsr6 - ok
10:57:06.0299 6848 Changer - ok
10:57:06.0346 6848 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:57:06.0346 6848 CiSvc - ok
10:57:07.0049 6848 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:57:07.0049 6848 ClipSrv - ok
10:57:09.0253 6848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:57:09.0299 6848 clr_optimization_v2.0.50727_32 - ok
10:57:09.0424 6848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:57:09.0518 6848 clr_optimization_v4.0.30319_32 - ok
10:57:09.0518 6848 CmdIde - ok
10:57:09.0534 6848 COMSysApp - ok
10:57:09.0534 6848 Cpqarray - ok
10:57:09.0690 6848 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:57:09.0690 6848 cpudrv - ok
10:57:09.0799 6848 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:57:09.0799 6848 CryptSvc - ok
10:57:09.0799 6848 dac2w2k - ok
10:57:09.0815 6848 dac960nt - ok
10:57:10.0065 6848 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:57:10.0112 6848 DcomLaunch - ok
10:57:10.0253 6848 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:57:10.0253 6848 Dhcp - ok
10:57:10.0299 6848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:57:10.0299 6848 Disk - ok
10:57:10.0315 6848 dmadmin - ok
10:57:10.0487 6848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:57:10.0518 6848 dmboot - ok
10:57:10.0596 6848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:57:10.0596 6848 dmio - ok
10:57:10.0628 6848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:57:10.0643 6848 dmload - ok
10:57:10.0753 6848 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:57:10.0753 6848 dmserver - ok
10:57:10.0831 6848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:57:10.0831 6848 DMusic - ok
10:57:10.0940 6848 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:57:10.0940 6848 Dnscache - ok
10:57:11.0128 6848 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:57:11.0128 6848 Dot3svc - ok
10:57:11.0128 6848 dpti2o - ok
10:57:11.0206 6848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:57:11.0206 6848 drmkaud - ok
10:57:11.0268 6848 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:57:11.0268 6848 EapHost - ok
10:57:11.0549 6848 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
10:57:11.0659 6848 ehRecvr - ok
10:57:12.0034 6848 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
10:57:12.0034 6848 ehSched - ok
10:57:12.0159 6848 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:57:12.0159 6848 ERSvc - ok
10:57:12.0690 6848 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:57:12.0690 6848 Eventlog - ok
10:57:12.0753 6848 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:57:12.0799 6848 EventSystem - ok
10:57:13.0206 6848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:57:13.0206 6848 Fastfat - ok
10:57:13.0331 6848 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:57:13.0346 6848 FastUserSwitchingCompatibility - ok
10:57:13.0378 6848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:57:13.0378 6848 Fdc - ok
10:57:13.0456 6848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:57:13.0456 6848 Fips - ok
10:57:13.0753 6848 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:57:13.0815 6848 FLEXnet Licensing Service - ok
10:57:13.0924 6848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:57:13.0924 6848 Flpydisk - ok
10:57:14.0909 6848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:57:14.0909 6848 FltMgr - ok
10:57:15.0096 6848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:57:15.0096 6848 FontCache3.0.0.0 - ok
10:57:15.0112 6848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:57:15.0112 6848 Fs_Rec - ok
10:57:15.0159 6848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:57:15.0159 6848 Ftdisk - ok
10:57:15.0190 6848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:57:15.0190 6848 Gpc - ok
10:57:15.0268 6848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:57:15.0268 6848 HDAudBus - ok
10:57:15.0409 6848 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:57:15.0409 6848 helpsvc - ok
10:57:15.0424 6848 HidServ - ok
10:57:15.0487 6848 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:57:15.0487 6848 hidusb - ok
10:57:15.0518 6848 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:57:15.0518 6848 hkmsvc - ok
10:57:15.0518 6848 hpn - ok
10:57:15.0674 6848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:57:15.0706 6848 HTTP - ok
10:57:15.0721 6848 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:57:15.0721 6848 HTTPFilter - ok
10:57:15.0784 6848 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\WINDOWS\system32\Drivers\hwinterface.sys
10:57:15.0784 6848 hwinterface - ok
10:57:15.0784 6848 i2omgmt - ok
10:57:15.0784 6848 i2omp - ok
10:57:15.0815 6848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:57:15.0815 6848 i8042prt - ok
10:57:16.0081 6848 ialm (bd9462e346229f37fd5b95fbcb6d3d34) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:57:16.0237 6848 ialm - ok
10:57:16.0456 6848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:57:17.0003 6848 idsvc - ok
10:58:10.0471 6848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:58:10.0471 6848 Imapi - ok
10:58:31.0112 6848 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:58:31.0112 6848 ImapiService - ok
10:58:31.0128 6848 ini910u - ok
10:58:31.0128 6848 IntelIde - ok
10:58:32.0096 6848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:58:32.0096 6848 intelppm - ok
10:58:32.0534 6848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:58:32.0549 6848 Ip6Fw - ok
10:58:32.0674 6848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:58:32.0674 6848 IpFilterDriver - ok
10:58:33.0596 6848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:58:33.0612 6848 IpInIp - ok
10:58:38.0565 6848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:58:38.0565 6848 IpNat - ok
10:58:39.0081 6848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:58:39.0128 6848 IPSec - ok
10:58:39.0159 6848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:58:39.0206 6848 IRENUM - ok
10:58:39.0815 6848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:58:39.0846 6848 isapnp - ok
10:58:49.0206 6848 JavaQuickStarterService (418c2b04e8f21a099abcb5cd8cbab798) C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\jqs.exe
10:58:49.0315 6848 JavaQuickStarterService - ok
10:58:49.0503 6848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:58:49.0503 6848 Kbdclass - ok
10:58:49.0862 6848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:58:49.0893 6848 kbdhid - ok
10:58:51.0409 6848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:58:51.0424 6848 kmixer - ok
10:58:51.0471 6848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:58:51.0487 6848 KSecDD - ok
10:58:51.0612 6848 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:58:51.0628 6848 lanmanserver - ok
10:58:51.0706 6848 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:58:51.0721 6848 lanmanworkstation - ok
10:58:51.0737 6848 lbrtfdc - ok
10:58:52.0190 6848 LexBceS (bf270f15f6a702444f8ac621bbc30f87) C:\WINDOWS\system32\LEXBCES.EXE
10:58:52.0299 6848 LexBceS - ok
10:58:52.0456 6848 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:58:52.0456 6848 LmHosts - ok
10:58:52.0549 6848 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10:58:52.0549 6848 MBAMSwissArmy - ok
10:58:52.0878 6848 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
10:58:52.0940 6848 McrdSvc - ok
10:58:53.0018 6848 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:58:53.0018 6848 Messenger - ok
10:58:54.0018 6848 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
10:58:54.0034 6848 MHN - ok
10:58:54.0159 6848 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:58:54.0159 6848 MHNDRV - ok
10:58:54.0815 6848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:58:54.0815 6848 mnmdd - ok
10:58:55.0862 6848 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:58:55.0862 6848 mnmsrvc - ok
10:58:56.0112 6848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:58:56.0112 6848 Modem - ok
10:58:56.0159 6848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:58:56.0159 6848 Mouclass - ok
10:58:56.0424 6848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:58:56.0424 6848 mouhid - ok
10:58:56.0487 6848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:58:56.0487 6848 MountMgr - ok
10:58:56.0487 6848 mraid35x - ok
10:58:56.0534 6848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:58:56.0581 6848 MRxDAV - ok
10:58:56.0674 6848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:58:56.0753 6848 MRxSmb - ok
10:58:56.0815 6848 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:58:56.0815 6848 MSDTC - ok
10:58:57.0034 6848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:58:57.0034 6848 Msfs - ok
10:58:57.0049 6848 MSIServer - ok
10:58:57.0081 6848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:58:57.0081 6848 MSKSSRV - ok
10:58:57.0081 6848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:58:57.0081 6848 MSPCLOCK - ok
10:58:57.0096 6848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:58:57.0096 6848 MSPQM - ok
10:58:57.0159 6848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:58:57.0159 6848 mssmbios - ok
10:58:57.0378 6848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:58:57.0378 6848 Mup - ok
10:58:57.0409 6848 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:58:57.0456 6848 napagent - ok
10:58:57.0503 6848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:58:57.0518 6848 NDIS - ok
10:58:57.0612 6848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:58:57.0612 6848 NdisTapi - ok
10:58:57.0612 6848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:58:57.0612 6848 Ndisuio - ok
10:58:57.0784 6848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:58:57.0784 6848 NdisWan - ok
10:58:57.0815 6848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:58:57.0815 6848 NDProxy - ok
10:58:57.0862 6848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:58:57.0862 6848 NetBIOS - ok
10:58:57.0909 6848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:58:57.0924 6848 NetBT - ok
10:58:59.0096 6848 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:58:59.0096 6848 NetDDE - ok
10:58:59.0096 6848 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:58:59.0112 6848 NetDDEdsdm - ok
10:58:59.0143 6848 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:58:59.0143 6848 Netlogon - ok
10:58:59.0284 6848 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:58:59.0346 6848 Netman - ok
10:58:59.0581 6848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:58:59.0690 6848 NetTcpPortSharing - ok
10:59:00.0471 6848 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:59:00.0534 6848 Nla - ok
10:59:00.0596 6848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:59:00.0596 6848 Npfs - ok
10:59:00.0690 6848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:59:00.0721 6848 Ntfs - ok
10:59:00.0721 6848 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:00.0721 6848 NtLmSsp - ok
10:59:00.0831 6848 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:59:00.0956 6848 NtmsSvc - ok
10:59:00.0987 6848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:59:00.0987 6848 Null - ok
10:59:02.0206 6848 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:59:03.0221 6848 nv - ok
10:59:03.0690 6848 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
10:59:03.0737 6848 NVSvc - ok
10:59:05.0034 6848 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:59:05.0346 6848 nvUpdatusService - ok
10:59:05.0753 6848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:05.0753 6848 NwlnkFlt - ok
10:59:05.0846 6848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:05.0862 6848 NwlnkFwd - ok
10:59:06.0018 6848 OverwolfUpdaterService (0e2fde2689340f06e7005bcdc45a5f5a) C:\Program Files\Overwolf\\OverwolfUpdater.exe
10:59:06.0034 6848 OverwolfUpdaterService - ok
10:59:06.0378 6848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:59:06.0378 6848 Parport - ok
10:59:06.0503 6848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:59:06.0503 6848 PartMgr - ok
10:59:06.0549 6848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:59:06.0549 6848 ParVdm - ok
10:59:06.0628 6848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:59:06.0628 6848 PCI - ok
10:59:06.0628 6848 PCIDump - ok
10:59:06.0706 6848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:59:06.0706 6848 PCIIde - ok
10:59:06.0737 6848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:06.0737 6848 Pcmcia - ok
10:59:06.0753 6848 PDCOMP - ok
10:59:06.0753 6848 PDFRAME - ok
10:59:06.0768 6848 PDRELI - ok
10:59:06.0768 6848 PDRFRAME - ok
10:59:06.0768 6848 perc2 - ok
10:59:06.0784 6848 perc2hib - ok
10:59:06.0831 6848 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:59:06.0831 6848 PlugPlay - ok
10:59:06.0909 6848 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:06.0909 6848 PolicyAgent - ok
10:59:06.0940 6848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:06.0940 6848 PptpMiniport - ok
10:59:06.0956 6848 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:06.0956 6848 ProtectedStorage - ok
10:59:07.0034 6848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:59:07.0034 6848 PSched - ok
10:59:07.0096 6848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:07.0096 6848 Ptilink - ok
10:59:07.0643 6848 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:59:07.0643 6848 PxHelp20 - ok
10:59:07.0659 6848 ql1080 - ok
10:59:07.0674 6848 Ql10wnt - ok
10:59:07.0674 6848 ql12160 - ok
10:59:07.0690 6848 ql1240 - ok
10:59:07.0690 6848 ql1280 - ok
10:59:07.0753 6848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:07.0753 6848 RasAcd - ok
10:59:07.0862 6848 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:59:07.0862 6848 RasAuto - ok
10:59:07.0909 6848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:07.0909 6848 Rasl2tp - ok
10:59:08.0003 6848 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:59:08.0003 6848 RasMan - ok
10:59:08.0049 6848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:08.0049 6848 RasPppoe - ok
10:59:08.0081 6848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:08.0081 6848 Raspti - ok
10:59:08.0424 6848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:08.0424 6848 Rdbss - ok
10:59:08.0487 6848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:08.0487 6848 RDPCDD - ok
10:59:08.0518 6848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:08.0534 6848 rdpdr - ok
10:59:08.0628 6848 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:59:08.0628 6848 RDPWD - ok
10:59:08.0659 6848 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:59:08.0674 6848 RDSessMgr - ok
10:59:08.0909 6848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:08.0909 6848 redbook - ok
10:59:08.0924 6848 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:59:08.0940 6848 RemoteAccess - ok
10:59:08.0971 6848 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:59:08.0971 6848 RemoteRegistry - ok
10:59:09.0018 6848 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:59:09.0018 6848 RpcLocator - ok
10:59:09.0081 6848 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:59:09.0081 6848 RpcSs - ok
10:59:09.0159 6848 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:59:09.0221 6848 RSVP - ok
10:59:10.0128 6848 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
10:59:10.0174 6848 RTL8192cu - ok
10:59:10.0331 6848 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:59:10.0331 6848 SamSs - ok
10:59:10.0487 6848 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:59:10.0487 6848 SCardSvr - ok
10:59:10.0799 6848 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:59:10.0815 6848 Schedule - ok
10:59:10.0846 6848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:10.0846 6848 Secdrv - ok
10:59:10.0893 6848 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:59:10.0909 6848 seclogon - ok
10:59:10.0956 6848 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:59:10.0956 6848 SENS - ok
10:59:10.0987 6848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:59:10.0987 6848 serenum - ok
10:59:11.0081 6848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:59:11.0081 6848 Serial - ok
10:59:11.0128 6848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:11.0128 6848 Sfloppy - ok
10:59:11.0378 6848 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:11.0378 6848 ShellHWDetection - ok
10:59:11.0393 6848 Simbad - ok
10:59:11.0659 6848 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
10:59:11.0659 6848 SkypeUpdate - ok
10:59:11.0674 6848 Sparrow - ok
10:59:11.0753 6848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:59:11.0768 6848 splitter - ok
10:59:11.0940 6848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:59:11.0940 6848 Spooler - ok
10:59:12.0534 6848 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
10:59:12.0534 6848 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
10:59:12.0549 6848 sptd ( LockedFile.Multi.Generic ) - warning
10:59:12.0549 6848 sptd - detected LockedFile.Multi.Generic (1)
10:59:12.0581 6848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:59:12.0596 6848 sr - ok
10:59:12.0784 6848 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:59:12.0831 6848 srservice - ok
10:59:13.0143 6848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:59:13.0174 6848 Srv - ok
10:59:13.0753 6848 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:59:13.0768 6848 SSDPSRV - ok
10:59:13.0940 6848 Steam Client Service - ok
10:59:14.0034 6848 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:59:14.0049 6848 stisvc - ok
10:59:14.0096 6848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:14.0096 6848 swenum - ok
10:59:14.0409 6848 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:59:14.0503 6848 SwitchBoard - ok
10:59:14.0549 6848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:59:14.0549 6848 swmidi - ok
10:59:14.0549 6848 SwPrv - ok
10:59:14.0565 6848 symc810 - ok
10:59:14.0565 6848 symc8xx - ok
10:59:14.0565 6848 sym_hi - ok
10:59:14.0581 6848 sym_u3 - ok
10:59:14.0737 6848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:59:14.0737 6848 sysaudio - ok
10:59:14.0768 6848 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:59:14.0768 6848 SysmonLog - ok
10:59:15.0549 6848 TabletServicePen (1ff41723b6cf6ef0d2456691b75131bb) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
10:59:15.0987 6848 TabletServicePen - ok
10:59:16.0456 6848 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:59:16.0518 6848 TapiSrv - ok
10:59:16.0674 6848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:16.0721 6848 Tcpip - ok
10:59:16.0768 6848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:16.0768 6848 TDPIPE - ok
10:59:16.0784 6848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:59:16.0784 6848 TDTCP - ok
10:59:16.0831 6848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:16.0831 6848 TermDD - ok
10:59:16.0956 6848 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:59:17.0018 6848 TermService - ok
10:59:17.0112 6848 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:59:17.0128 6848 Themes - ok
10:59:17.0174 6848 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:59:17.0174 6848 TlntSvr - ok
10:59:17.0174 6848 TosIde - ok
10:59:17.0659 6848 TouchServicePen (c17ea46c3326a951dc3b8e883d661e0c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
10:59:17.0737 6848 TouchServicePen - ok
10:59:17.0831 6848 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:59:17.0831 6848 TrkWks - ok
10:59:17.0862 6848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:59:17.0862 6848 Udfs - ok
10:59:17.0862 6848 ultra - ok
10:59:17.0956 6848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:59:17.0956 6848 Update - ok
10:59:18.0049 6848 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:59:18.0065 6848 upnphost - ok
10:59:18.0096 6848 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:59:18.0096 6848 UPS - ok
10:59:18.0128 6848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:18.0128 6848 usbccgp - ok
10:59:18.0190 6848 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
10:59:18.0190 6848 USBCCID - ok
10:59:18.0331 6848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:18.0346 6848 usbehci - ok
10:59:18.0362 6848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:18.0362 6848 usbhub - ok
10:59:18.0909 6848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:59:18.0956 6848 usbprint - ok
10:59:18.0956 6848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:18.0956 6848 usbscan - ok
10:59:19.0018 6848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:19.0018 6848 USBSTOR - ok
10:59:19.0049 6848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:59:19.0049 6848 usbuhci - ok
10:59:19.0049 6848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:59:19.0065 6848 VgaSave - ok
10:59:19.0065 6848 ViaIde - ok
10:59:19.0190 6848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:59:19.0206 6848 VolSnap - ok
10:59:19.0268 6848 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:59:19.0284 6848 VSS - ok
10:59:19.0393 6848 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:59:19.0409 6848 W32Time - ok
10:59:19.0518 6848 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
10:59:19.0518 6848 wacommousefilter - ok
10:59:19.0534 6848 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
10:59:19.0534 6848 wacomvhid - ok
10:59:19.0612 6848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:19.0612 6848 Wanarp - ok
10:59:19.0628 6848 WDICA - ok
10:59:19.0643 6848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:59:19.0643 6848 wdmaud - ok
10:59:19.0753 6848 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:59:19.0753 6848 WebClient - ok
10:59:20.0003 6848 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:59:20.0003 6848 winmgmt - ok
10:59:20.0096 6848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:59:20.0112 6848 WmdmPmSN - ok
10:59:20.0659 6848 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:59:20.0737 6848 Wmi - ok
10:59:20.0784 6848 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:59:20.0784 6848 WmiApSrv - ok
10:59:20.0831 6848 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:59:20.0831 6848 WpdUsb - ok
10:59:21.0206 6848 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:59:21.0518 6848 WPFFontCache_v0400 - ok
10:59:21.0612 6848 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:59:21.0612 6848 wuauserv - ok
10:59:21.0659 6848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:59:21.0659 6848 WudfPf - ok
10:59:21.0674 6848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:59:21.0690 6848 WudfRd - ok
10:59:21.0737 6848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:59:21.0753 6848 WudfSvc - ok
10:59:21.0846 6848 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:59:21.0893 6848 WZCSVC - ok
10:59:21.0940 6848 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:59:21.0940 6848 xmlprov - ok
10:59:21.0971 6848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:59:22.0768 6848 \Device\Harddisk0\DR0 - ok
10:59:22.0799 6848 Boot (0x1200) (8978e6d156b6e3e27f01cae16082a07c) \Device\Harddisk0\DR0\Partition0
10:59:22.0799 6848 \Device\Harddisk0\DR0\Partition0 - ok
10:59:22.0799 6848 ============================================================
10:59:22.0799 6848 Scan finished
10:59:22.0799 6848 ============================================================
10:59:22.0815 3728 Detected object count: 1
10:59:22.0815 3728 Actual detected object count: 1
11:05:01.0846 3728 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:05:01.0846 3728 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:07:33.0284 0124 Deinitialize success





MBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 04:27:15
-----------------------------
04:27:15.299 OS Version: Windows 5.1.2600 Service Pack 3
04:27:15.299 Number of processors: 2 586 0xF0D
04:27:15.299 ComputerName: GLORIFIED-TOAST UserName: The Realm
04:27:28.315 Initialize success
04:50:07.674 AVAST engine defs: 12062800
04:50:32.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
04:50:32.565 Disk 0 Vendor: ST380815AS 3.ADA Size: 76293MB BusType: 3
04:50:33.471 Disk 0 MBR read successfully
04:50:33.471 Disk 0 MBR scan
04:50:33.549 Disk 0 Windows XP default MBR code
04:50:33.581 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76277 MB offset 16065
04:50:33.581 Disk 0 scanning sectors +156232125
04:50:33.674 Disk 0 scanning C:\WINDOWS\system32\drivers
04:50:37.331 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-YQ [Rtk]
04:50:48.003 Disk 0 trace - called modules:
04:50:48.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89cd6698]<<
04:50:48.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a344ab8]
04:50:48.034 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x89db6030]
04:50:48.034 \Driver\00001161[0x8a223950] -> IRP_MJ_CREATE -> 0x89cd6698
04:50:54.393 AVAST engine scan C:\WINDOWS
04:51:06.612 AVAST engine scan C:\WINDOWS\system32
04:55:58.081 AVAST engine scan C:\WINDOWS\system32\drivers
04:56:01.924 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-YQ [Rtk]
04:56:51.299 AVAST engine scan C:\Documents and Settings\The Realm
05:10:42.065 File: C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\screenscrew\screenscrew.exe **INFECTED** Win32:Finaldo-S [Joke]
05:10:42.315 File: C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\shakedown\shakedown.exe **INFECTED** Win32:Malware-gen
05:12:37.815 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
05:15:47.737 Scan finished successfully
05:32:57.971 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The Realm\Desktop\MBR.dat"
05:32:58.003 The log file has been saved successfully to "C:\Documents and Settings\The Realm\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 10:43:01
-----------------------------
10:43:01.909 OS Version: Windows 5.1.2600 Service Pack 3
10:43:01.909 Number of processors: 2 586 0xF0D
10:43:01.909 ComputerName: GLORIFIED-TOAST UserName: The Realm
10:43:10.878 Initialize success
10:43:35.565 AVAST engine defs: 12062800
10:43:36.893 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:43:36.893 Disk 0 Vendor: ST380815AS 3.ADA Size: 76293MB BusType: 3
10:43:36.909 Disk 0 MBR read successfully
10:43:36.909 Disk 0 MBR scan
10:43:36.956 Disk 0 Windows XP default MBR code
10:43:36.987 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76277 MB offset 16065
10:43:36.987 Disk 0 scanning sectors +156232125
10:43:37.112 Disk 0 scanning C:\WINDOWS\system32\drivers
10:43:41.284 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-YQ [Rtk]
10:44:05.362 Disk 0 trace - called modules:
10:44:05.378 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89cd6698]<<
10:44:05.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a344ab8]
10:44:05.378 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x89db6030]
10:44:05.393 \Driver\00001161[0x8a223950] -> IRP_MJ_CREATE -> 0x89cd6698
10:44:09.674 AVAST engine scan C:\WINDOWS
10:44:45.565 AVAST engine scan C:\WINDOWS\system32
10:53:48.331 AVAST engine scan C:\WINDOWS\system32\drivers
10:53:52.706 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-YQ [Rtk]
10:54:43.143 AVAST engine scan C:\Documents and Settings\The Realm
11:23:11.284 File: C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\screenscrew\screenscrew.exe **INFECTED** Win32:Finaldo-S [Joke]
11:25:05.878 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
11:29:52.878 Scan finished successfully
11:45:49.206 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The Realm\Desktop\MBR.dat"
11:45:49.237 The log file has been saved successfully to "C:\Documents and Settings\The Realm\Desktop\aswMBR.txt"

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:00 PM

Posted 28 June 2012 - 12:11 PM

A driver has been patched by malware;

04:50:37.331 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-YQ [Rtk]

04:50:48.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89cd6698]<<

Files that are infected;

05:10:42.065 File: C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\screenscrew\screenscrew.exe **INFECTED** Win32:Finaldo-S [Joke]
05:10:42.315 File: C:\Documents and Settings\The Realm\My Documents\Downloads\Pranks\shakedown\shakedown.exe **INFECTED** Win32:Malware-gen

The driver needs to be replaced and the infected files need to be deleted (safely).

Edited by ElFasso, 28 June 2012 - 12:12 PM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 28 June 2012 - 12:15 PM

ESET online scanner log?

#8 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 28 June 2012 - 12:18 PM

I got rid of the infected files (Didn't need 'em). But how would I go about replacing AFD.SYS?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 28 June 2012 - 12:21 PM

Can you post the ESET log

#10 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 28 June 2012 - 03:07 PM

Sorry it took so long, but this is all it gave me.


Operating memory multiple threats

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 28 June 2012 - 03:32 PM

Do not follow instructions from others.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Remove infections and post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 30 June 2012 - 07:13 PM.


#12 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 29 June 2012 - 02:58 AM

It got to my wireless internet driver (I'm working on that), but I can still transfer programs to my computer through this one. Do I still follow through with the last instructions?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 29 June 2012 - 04:11 AM

Copy this tool to the PC

Farbar Service Scanner

Launch it and type

afd.sys in search BOX,click on search files

Post the generated log

Edited by narenxp, 29 June 2012 - 11:49 AM.


#14 Orgeston

Orgeston
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 29 June 2012 - 11:17 AM

Here you are.

Farbar Service Scanner Version: 25-06-2012 01
Ran by The Realm (administrator) on 29-06-2012 at 11:07:25
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "afd.sys" =========

C:\WINDOWS\system32\drivers\afd.sys
[2004-08-10 06:00] - [2012-06-28 15:37] - 0138496 ____A (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\system32\dllcache\afd.sys
[2008-06-20 06:40] - [2011-08-17 08:49] - 0138496 ____C (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-04-13 14:19] - [2008-04-13 14:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2012-01-23 13:58] - [2008-06-20 05:44] - 0138368 ____C (Microsoft Corporation) 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2012-01-24 03:41] - [2008-06-20 06:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2012-01-23 13:51] - [2004-08-10 06:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2012-01-24 03:41] - [2008-04-13 14:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2012-01-25 13:03] - [2008-10-16 09:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2012-01-25 13:01] - [2008-08-14 05:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2012-01-24 03:32] - [2008-08-14 04:51] - 0138368 ____C (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2012-01-23 13:29] - [2008-08-14 05:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2012-01-23 13:29] - [2008-08-14 05:04] - 0138496 ___AC (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2012-01-23 13:29] - [2008-08-14 04:48] - 0138368 ___AC (Microsoft Corporation) 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 06:48] - [2008-06-20 06:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008-06-20 06:40] - [2008-06-20 06:40] - 0138496 ___AC (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008-06-20 05:44] - [2008-06-20 05:44] - 0138368 ___AC (Microsoft Corporation) D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2012-01-24 16:13] - [2011-08-17 08:41] - 0138496 ___AC (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ___AC (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

====== End Of Search ======

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:00 AM

Posted 29 June 2012 - 11:32 AM

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users