Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.al & sirefef.aq


  • Please log in to reply
19 replies to this topic

#1 oldgeek53

oldgeek53

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 28 July 2012 - 06:33 PM

Seems I picked this up earlier looking for a Motorola USB smartphone driver. :angry:
Anyway, I need ya'lls help getting rid of it. :thumbsup: I'm going for smokes and a flash drive. Be right back!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 28 July 2012 - 06:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 28 July 2012 - 09:57 PM

TDSSKiller log

19:35:47.0656 3796 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:35:47.0703 3796 ============================================================
19:35:47.0703 3796 Current date / time: 2012/07/28 19:35:47.0703
19:35:47.0703 3796 SystemInfo:
19:35:47.0703 3796
19:35:47.0703 3796 OS Version: 5.1.2600 ServicePack: 3.0
19:35:47.0703 3796 Product type: Workstation
19:35:47.0703 3796 ComputerName: HPCOMPAQ
19:35:47.0703 3796 UserName: David
19:35:47.0703 3796 Windows directory: C:\WINDOWS
19:35:47.0703 3796 System windows directory: C:\WINDOWS
19:35:47.0703 3796 Processor architecture: Intel x86
19:35:47.0703 3796 Number of processors: 2
19:35:47.0703 3796 Page size: 0x1000
19:35:47.0703 3796 Boot type: Normal boot
19:35:47.0703 3796 ============================================================
19:35:51.0171 3796 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:35:51.0203 3796 Drive \Device\Harddisk2\DR6 - Size: 0x73A58000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:51.0203 3796 ============================================================
19:35:51.0203 3796 \Device\Harddisk0\DR0:
19:35:51.0203 3796 MBR partitions:
19:35:51.0203 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
19:35:51.0218 3796 \Device\Harddisk2\DR6:
19:35:51.0218 3796 MBR partitions:
19:35:51.0218 3796 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x6, StartLBA 0x1F80, BlocksNum 0x39B340
19:35:51.0218 3796 ============================================================
19:35:51.0218 3796 C: <-> \Device\Harddisk0\DR0\Partition0
19:35:51.0218 3796 ============================================================
19:35:51.0218 3796 Initialize success
19:35:51.0218 3796 ============================================================
19:36:12.0828 3780 ============================================================
19:36:12.0828 3780 Scan started
19:36:12.0828 3780 Mode: Manual; TDLFS;
19:36:12.0828 3780 ============================================================
19:36:13.0125 3780 Abiosdsk - ok
19:36:13.0125 3780 abp480n5 - ok
19:36:13.0156 3780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:13.0156 3780 ACPI - ok
19:36:13.0187 3780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:13.0187 3780 ACPIEC - ok
19:36:13.0265 3780 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:13.0265 3780 AdobeFlashPlayerUpdateSvc - ok
19:36:13.0265 3780 adpu160m - ok
19:36:13.0296 3780 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
19:36:13.0296 3780 aeaudio - ok
19:36:13.0328 3780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:36:13.0328 3780 aec - ok
19:36:13.0375 3780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:36:13.0375 3780 AFD - ok
19:36:13.0375 3780 Aha154x - ok
19:36:13.0390 3780 aic78u2 - ok
19:36:13.0390 3780 aic78xx - ok
19:36:13.0421 3780 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:36:13.0421 3780 Alerter - ok
19:36:13.0437 3780 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:36:13.0437 3780 ALG - ok
19:36:13.0453 3780 AliIde - ok
19:36:13.0453 3780 amsint - ok
19:36:13.0484 3780 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:36:13.0484 3780 AppMgmt - ok
19:36:13.0500 3780 asc - ok
19:36:13.0500 3780 asc3350p - ok
19:36:13.0515 3780 asc3550 - ok
19:36:13.0593 3780 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:13.0609 3780 aspnet_state - ok
19:36:13.0625 3780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:13.0625 3780 AsyncMac - ok
19:36:13.0671 3780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:13.0671 3780 atapi - ok
19:36:13.0671 3780 Atdisk - ok
19:36:13.0703 3780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:13.0703 3780 Atmarpc - ok
19:36:13.0734 3780 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:36:13.0734 3780 AudioSrv - ok
19:36:13.0765 3780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:13.0765 3780 audstub - ok
19:36:13.0796 3780 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:36:13.0812 3780 b57w2k - ok
19:36:13.0843 3780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:36:13.0843 3780 Beep - ok
19:36:13.0875 3780 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:36:13.0875 3780 Browser - ok
19:36:13.0906 3780 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
19:36:13.0906 3780 BTCFilterService - ok
19:36:13.0921 3780 C-Dilla - ok
19:36:13.0921 3780 catchme - ok
19:36:13.0953 3780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:13.0953 3780 cbidf2k - ok
19:36:13.0984 3780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:13.0984 3780 CCDECODE - ok
19:36:13.0984 3780 cd20xrnt - ok
19:36:14.0031 3780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:14.0031 3780 Cdaudio - ok
19:36:14.0046 3780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:14.0046 3780 Cdfs - ok
19:36:14.0078 3780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:14.0078 3780 Cdrom - ok
19:36:14.0078 3780 Changer - ok
19:36:14.0109 3780 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:36:14.0125 3780 CiSvc - ok
19:36:14.0156 3780 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:36:14.0156 3780 ClipSrv - ok
19:36:14.0187 3780 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:14.0187 3780 clr_optimization_v2.0.50727_32 - ok
19:36:14.0250 3780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:14.0250 3780 clr_optimization_v4.0.30319_32 - ok
19:36:14.0265 3780 CmdIde - ok
19:36:14.0265 3780 COMSysApp - ok
19:36:14.0281 3780 Cpqarray - ok
19:36:14.0328 3780 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:36:14.0328 3780 cpudrv - ok
19:36:14.0375 3780 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:36:14.0375 3780 CryptSvc - ok
19:36:14.0375 3780 dac2w2k - ok
19:36:14.0390 3780 dac960nt - ok
19:36:14.0437 3780 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:36:14.0453 3780 DcomLaunch - ok
19:36:14.0468 3780 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:36:14.0468 3780 Dhcp - ok
19:36:14.0484 3780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:14.0484 3780 Disk - ok
19:36:14.0484 3780 dmadmin - ok
19:36:14.0546 3780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:36:14.0562 3780 dmboot - ok
19:36:14.0593 3780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:36:14.0593 3780 dmio - ok
19:36:14.0625 3780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:36:14.0625 3780 dmload - ok
19:36:14.0656 3780 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:36:14.0656 3780 dmserver - ok
19:36:14.0687 3780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:36:14.0687 3780 DMusic - ok
19:36:14.0718 3780 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:36:14.0718 3780 Dnscache - ok
19:36:14.0765 3780 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:36:14.0765 3780 Dot3svc - ok
19:36:14.0765 3780 dpti2o - ok
19:36:14.0796 3780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:14.0796 3780 drmkaud - ok
19:36:14.0828 3780 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:36:14.0828 3780 EapHost - ok
19:36:14.0875 3780 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:36:14.0875 3780 ERSvc - ok
19:36:14.0937 3780 esgiguard - ok
19:36:14.0953 3780 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:36:14.0953 3780 Eventlog - ok
19:36:15.0000 3780 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
19:36:15.0000 3780 EventSystem - ok
19:36:15.0031 3780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:15.0031 3780 Fastfat - ok
19:36:15.0062 3780 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:36:15.0062 3780 FastUserSwitchingCompatibility - ok
19:36:15.0078 3780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:15.0093 3780 Fdc - ok
19:36:15.0093 3780 FilterService - ok
19:36:15.0109 3780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:36:15.0109 3780 Fips - ok
19:36:15.0109 3780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:36:15.0109 3780 Flpydisk - ok
19:36:15.0140 3780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:15.0156 3780 FltMgr - ok
19:36:15.0265 3780 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:15.0265 3780 FontCache3.0.0.0 - ok
19:36:15.0296 3780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:15.0296 3780 Fs_Rec - ok
19:36:15.0312 3780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:15.0328 3780 Ftdisk - ok
19:36:15.0359 3780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:15.0359 3780 Gpc - ok
19:36:15.0437 3780 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:15.0453 3780 gupdate - ok
19:36:15.0468 3780 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:36:15.0484 3780 gusvc - ok
19:36:15.0531 3780 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:36:15.0531 3780 helpsvc - ok
19:36:15.0562 3780 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:36:15.0562 3780 HidServ - ok
19:36:15.0578 3780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:15.0578 3780 hidusb - ok
19:36:15.0609 3780 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:36:15.0609 3780 hkmsvc - ok
19:36:15.0625 3780 hpn - ok
19:36:15.0640 3780 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:36:15.0656 3780 HPZid412 - ok
19:36:15.0671 3780 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:36:15.0671 3780 HPZipr12 - ok
19:36:15.0703 3780 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:36:15.0703 3780 HPZius12 - ok
19:36:15.0734 3780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:15.0750 3780 HTTP - ok
19:36:15.0781 3780 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:36:15.0781 3780 HTTPFilter - ok
19:36:15.0781 3780 i2omgmt - ok
19:36:15.0796 3780 i2omp - ok
19:36:15.0812 3780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:15.0812 3780 i8042prt - ok
19:36:15.0906 3780 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:36:15.0921 3780 ialm - ok
19:36:16.0062 3780 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:16.0078 3780 idsvc - ok
19:36:16.0156 3780 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
19:36:16.0156 3780 IISADMIN - ok
19:36:16.0218 3780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:16.0218 3780 Imapi - ok
19:36:16.0250 3780 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:36:16.0265 3780 ImapiService - ok
19:36:16.0265 3780 ini910u - ok
19:36:16.0281 3780 IntelIde - ok
19:36:16.0296 3780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:16.0296 3780 intelppm - ok
19:36:16.0312 3780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:16.0312 3780 ip6fw - ok
19:36:16.0359 3780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:16.0359 3780 IpFilterDriver - ok
19:36:16.0375 3780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:16.0375 3780 IpInIp - ok
19:36:16.0406 3780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:16.0406 3780 IpNat - ok
19:36:16.0421 3780 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
19:36:16.0421 3780 Iprip - ok
19:36:16.0437 3780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:16.0437 3780 IPSec - ok
19:36:16.0468 3780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:16.0468 3780 IRENUM - ok
19:36:16.0500 3780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:16.0500 3780 isapnp - ok
19:36:16.0640 3780 JavaQuickStarterService (92e16f5d034e7864da308ba6309a98b7) C:\Program Files\Java\jre7\bin\jqs.exe
19:36:16.0640 3780 JavaQuickStarterService - ok
19:36:16.0656 3780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:16.0656 3780 Kbdclass - ok
19:36:16.0671 3780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:36:16.0671 3780 kbdhid - ok
19:36:16.0718 3780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:36:16.0718 3780 kmixer - ok
19:36:16.0750 3780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:16.0750 3780 KSecDD - ok
19:36:16.0781 3780 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:36:16.0781 3780 lanmanserver - ok
19:36:16.0828 3780 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:36:16.0828 3780 lanmanworkstation - ok
19:36:16.0859 3780 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:36:16.0859 3780 LBeepKE - ok
19:36:16.0859 3780 lbrtfdc - ok
19:36:16.0937 3780 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:36:16.0937 3780 LBTServ - ok
19:36:16.0968 3780 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
19:36:16.0968 3780 LEqdUsb - ok
19:36:16.0984 3780 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
19:36:16.0984 3780 LHidEqd - ok
19:36:17.0000 3780 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:36:17.0000 3780 LHidFilt - ok
19:36:17.0031 3780 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:36:17.0031 3780 LmHosts - ok
19:36:17.0046 3780 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:36:17.0046 3780 LMouFilt - ok
19:36:17.0062 3780 LVRS - ok
19:36:17.0062 3780 LVUVC - ok
19:36:17.0078 3780 massfilter - ok
19:36:17.0125 3780 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
19:36:17.0125 3780 McciCMService - ok
19:36:17.0187 3780 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:36:17.0203 3780 MDM - ok
19:36:17.0218 3780 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:36:17.0218 3780 Messenger - ok
19:36:17.0250 3780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:17.0250 3780 mnmdd - ok
19:36:17.0281 3780 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
19:36:17.0281 3780 mnmsrvc - ok
19:36:17.0312 3780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:36:17.0312 3780 Modem - ok
19:36:17.0312 3780 motandroidusb - ok
19:36:17.0359 3780 motccgp (0bc43805b6da0d7d4f99c737839fc9ec) C:\WINDOWS\system32\DRIVERS\motccgp.sys
19:36:17.0359 3780 motccgp - ok
19:36:17.0375 3780 motccgpfl (1b3720c4d16904756d49ef306706b978) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
19:36:17.0375 3780 motccgpfl - ok
19:36:17.0406 3780 motmodem (11b8118f538b579488e7645b2578e544) C:\WINDOWS\system32\DRIVERS\motmodem.sys
19:36:17.0406 3780 motmodem - ok
19:36:17.0468 3780 Motorola Device Manager (5ddce3fc5a54a4a58ee693046ebfaef3) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
19:36:17.0468 3780 Motorola Device Manager - ok
19:36:17.0484 3780 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
19:36:17.0484 3780 MotoSwitchService - ok
19:36:17.0500 3780 Motousbnet (5073ed2d13d77f89df99caaa72e23526) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
19:36:17.0500 3780 Motousbnet - ok
19:36:17.0531 3780 motusbdevice (f780c53d98a0aad28f5b7403b184aea1) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
19:36:17.0531 3780 motusbdevice - ok
19:36:17.0546 3780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:17.0546 3780 Mouclass - ok
19:36:17.0578 3780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:17.0578 3780 mouhid - ok
19:36:17.0625 3780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:17.0625 3780 MountMgr - ok
19:36:17.0671 3780 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:17.0687 3780 MozillaMaintenance - ok
19:36:17.0718 3780 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:36:17.0734 3780 MpFilter - ok
19:36:17.0828 3780 MpKsla7a48413 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79517F1E-1565-4052-8BE7-4826DFBD11CB}\MpKsla7a48413.sys
19:36:17.0828 3780 MpKsla7a48413 - ok
19:36:17.0843 3780 mraid35x - ok
19:36:17.0890 3780 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:36:17.0890 3780 MREMP50 - ok
19:36:17.0890 3780 MREMPR5 - ok
19:36:17.0890 3780 MRENDIS5 - ok
19:36:17.0921 3780 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:36:17.0921 3780 MRESP50 - ok
19:36:17.0937 3780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:17.0953 3780 MRxDAV - ok
19:36:18.0000 3780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:18.0000 3780 MRxSmb - ok
19:36:18.0031 3780 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
19:36:18.0031 3780 MSDTC - ok
19:36:18.0062 3780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:36:18.0062 3780 Msfs - ok
19:36:18.0062 3780 MSIServer - ok
19:36:18.0109 3780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:18.0109 3780 MSKSSRV - ok
19:36:18.0187 3780 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:36:18.0187 3780 MsMpSvc - ok
19:36:18.0218 3780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:18.0218 3780 MSPCLOCK - ok
19:36:18.0234 3780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:18.0234 3780 MSPQM - ok
19:36:18.0265 3780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:18.0265 3780 mssmbios - ok
19:36:18.0296 3780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:18.0296 3780 MSTEE - ok
19:36:18.0328 3780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:36:18.0343 3780 Mup - ok
19:36:18.0375 3780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:18.0375 3780 NABTSFEC - ok
19:36:18.0406 3780 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:36:18.0406 3780 napagent - ok
19:36:18.0437 3780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:36:18.0437 3780 NDIS - ok
19:36:18.0468 3780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:18.0468 3780 NdisIP - ok
19:36:18.0500 3780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:18.0515 3780 NdisTapi - ok
19:36:18.0546 3780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:18.0546 3780 Ndisuio - ok
19:36:18.0562 3780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:18.0562 3780 NdisWan - ok
19:36:18.0593 3780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:18.0593 3780 NDProxy - ok
19:36:18.0625 3780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:18.0625 3780 NetBIOS - ok
19:36:18.0656 3780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:18.0656 3780 NetBT - ok
19:36:18.0703 3780 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:36:18.0703 3780 NetDDE - ok
19:36:18.0703 3780 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:36:18.0718 3780 NetDDEdsdm - ok
19:36:18.0734 3780 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:36:18.0734 3780 Netlogon - ok
19:36:18.0765 3780 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:36:18.0781 3780 Netman - ok
19:36:18.0875 3780 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:18.0890 3780 NetTcpPortSharing - ok
19:36:18.0921 3780 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:36:18.0921 3780 Nla - ok
19:36:18.0968 3780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:36:18.0968 3780 Npfs - ok
19:36:19.0031 3780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:19.0046 3780 Ntfs - ok
19:36:19.0046 3780 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:36:19.0046 3780 NtLmSsp - ok
19:36:19.0109 3780 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:36:19.0109 3780 NtmsSvc - ok
19:36:19.0140 3780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:36:19.0140 3780 Null - ok
19:36:19.0171 3780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:19.0171 3780 NwlnkFlt - ok
19:36:19.0171 3780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:19.0187 3780 NwlnkFwd - ok
19:36:19.0343 3780 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:36:19.0343 3780 odserv - ok
19:36:19.0375 3780 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:19.0375 3780 ose - ok
19:36:19.0406 3780 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
19:36:19.0421 3780 p2pgasvc - ok
19:36:19.0468 3780 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
19:36:19.0484 3780 p2pimsvc - ok
19:36:19.0484 3780 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
19:36:19.0500 3780 p2psvc - ok
19:36:19.0531 3780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:19.0531 3780 Parport - ok
19:36:19.0546 3780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:19.0546 3780 PartMgr - ok
19:36:19.0578 3780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:19.0593 3780 ParVdm - ok
19:36:19.0609 3780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:19.0609 3780 PCI - ok
19:36:19.0625 3780 PCIDump - ok
19:36:19.0640 3780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:19.0640 3780 PCIIde - ok
19:36:19.0687 3780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:19.0687 3780 Pcmcia - ok
19:36:19.0687 3780 PDCOMP - ok
19:36:19.0703 3780 PDFRAME - ok
19:36:19.0703 3780 PDRELI - ok
19:36:19.0718 3780 PDRFRAME - ok
19:36:19.0718 3780 perc2 - ok
19:36:19.0734 3780 perc2hib - ok
19:36:19.0781 3780 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:36:19.0781 3780 PlugPlay - ok
19:36:19.0812 3780 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
19:36:19.0812 3780 Pml Driver HPZ12 - ok
19:36:19.0843 3780 pneteth (713e294439d982bb161317de0136faa0) C:\WINDOWS\system32\DRIVERS\pneteth.sys
19:36:19.0843 3780 pneteth - ok
19:36:19.0859 3780 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
19:36:19.0859 3780 PNRPSvc - ok
19:36:19.0906 3780 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:36:19.0906 3780 PolicyAgent - ok
19:36:19.0937 3780 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\WINDOWS\system32\Drivers\PortTalk.sys
19:36:19.0937 3780 PortTalk - ok
19:36:19.0968 3780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:19.0968 3780 PptpMiniport - ok
19:36:19.0984 3780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:36:19.0984 3780 Processor - ok
19:36:20.0000 3780 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:36:20.0000 3780 ProtectedStorage - ok
19:36:20.0015 3780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:20.0015 3780 PSched - ok
19:36:20.0046 3780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:20.0046 3780 Ptilink - ok
19:36:20.0078 3780 pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\WINDOWS\system32\pwdrvio.sys
19:36:20.0093 3780 pwdrvio - ok
19:36:20.0109 3780 pwdspio (cdc5704308222400ad606bcf87b006a5) C:\WINDOWS\system32\pwdspio.sys
19:36:20.0109 3780 pwdspio - ok
19:36:20.0140 3780 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:36:20.0140 3780 PxHelp20 - ok
19:36:20.0156 3780 ql1080 - ok
19:36:20.0156 3780 Ql10wnt - ok
19:36:20.0171 3780 ql12160 - ok
19:36:20.0171 3780 ql1240 - ok
19:36:20.0187 3780 ql1280 - ok
19:36:20.0203 3780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:20.0203 3780 RasAcd - ok
19:36:20.0218 3780 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:36:20.0218 3780 RasAuto - ok
19:36:20.0250 3780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:20.0250 3780 Rasl2tp - ok
19:36:20.0296 3780 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:36:20.0296 3780 RasMan - ok
19:36:20.0312 3780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:20.0312 3780 RasPppoe - ok
19:36:20.0343 3780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:20.0343 3780 Raspti - ok
19:36:20.0359 3780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:20.0375 3780 Rdbss - ok
19:36:20.0390 3780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:20.0390 3780 RDPCDD - ok
19:36:20.0421 3780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:36:20.0421 3780 rdpdr - ok
19:36:20.0453 3780 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:20.0468 3780 RDPWD - ok
19:36:20.0484 3780 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:36:20.0500 3780 RDSessMgr - ok
19:36:20.0515 3780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:20.0531 3780 redbook - ok
19:36:20.0546 3780 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:36:20.0546 3780 RemoteAccess - ok
19:36:20.0593 3780 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:36:20.0593 3780 RemoteRegistry - ok
19:36:20.0609 3780 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
19:36:20.0609 3780 RpcLocator - ok
19:36:20.0671 3780 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:36:20.0671 3780 RpcSs - ok
19:36:20.0703 3780 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
19:36:20.0703 3780 RSVP - ok
19:36:20.0734 3780 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:36:20.0734 3780 SamSs - ok
19:36:20.0765 3780 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:36:20.0765 3780 SCardSvr - ok
19:36:20.0812 3780 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:36:20.0812 3780 Schedule - ok
19:36:20.0859 3780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:20.0859 3780 Secdrv - ok
19:36:20.0890 3780 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:36:20.0890 3780 seclogon - ok
19:36:20.0921 3780 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:36:20.0921 3780 SENS - ok
19:36:20.0937 3780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:20.0937 3780 serenum - ok
19:36:20.0953 3780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:20.0953 3780 Serial - ok
19:36:21.0015 3780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:21.0015 3780 Sfloppy - ok
19:36:21.0046 3780 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:36:21.0046 3780 ShellHWDetection - ok
19:36:21.0046 3780 Simbad - ok
19:36:21.0078 3780 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
19:36:21.0078 3780 SimpTcp - ok
19:36:21.0125 3780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:21.0125 3780 SLIP - ok
19:36:21.0171 3780 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
19:36:21.0171 3780 SMTPSVC - ok
19:36:21.0234 3780 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
19:36:21.0234 3780 smwdm - ok
19:36:21.0265 3780 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
19:36:21.0265 3780 SNMP - ok
19:36:21.0296 3780 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
19:36:21.0296 3780 SNMPTRAP - ok
19:36:21.0375 3780 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
19:36:21.0375 3780 SoundMAX Agent Service (default) - ok
19:36:21.0390 3780 Sparrow - ok
19:36:21.0421 3780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:36:21.0421 3780 splitter - ok
19:36:21.0468 3780 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:36:21.0468 3780 Spooler - ok
19:36:21.0484 3780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:21.0484 3780 sr - ok
19:36:21.0531 3780 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:36:21.0531 3780 srservice - ok
19:36:21.0562 3780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:21.0578 3780 Srv - ok
19:36:21.0609 3780 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:36:21.0609 3780 SSDPSRV - ok
19:36:21.0656 3780 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:36:21.0656 3780 stisvc - ok
19:36:21.0687 3780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:21.0687 3780 streamip - ok
19:36:21.0734 3780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:21.0734 3780 swenum - ok
19:36:21.0765 3780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:36:21.0765 3780 swmidi - ok
19:36:21.0765 3780 SwPrv - ok
19:36:21.0781 3780 symc810 - ok
19:36:21.0796 3780 symc8xx - ok
19:36:21.0796 3780 sym_hi - ok
19:36:21.0812 3780 sym_u3 - ok
19:36:21.0843 3780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:21.0843 3780 sysaudio - ok
19:36:21.0875 3780 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:36:21.0875 3780 SysmonLog - ok
19:36:21.0984 3780 SystemExplorerHelpService (bed7aff202377ef1a2e68b50be5ad56c) C:\Program Files\System Explorer\service\SystemExplorerService.exe
19:36:21.0984 3780 SystemExplorerHelpService - ok
19:36:22.0015 3780 tap0901 (8cf6e2ae1707d82e904ecca68cef8b87) C:\WINDOWS\system32\DRIVERS\tap0901.sys
19:36:22.0015 3780 tap0901 - ok
19:36:22.0046 3780 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
19:36:22.0046 3780 taphss - ok
19:36:22.0093 3780 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:36:22.0093 3780 TapiSrv - ok
19:36:22.0125 3780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:22.0140 3780 Tcpip - ok
19:36:22.0156 3780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:22.0156 3780 TDPIPE - ok
19:36:22.0187 3780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:22.0187 3780 TDTCP - ok
19:36:22.0218 3780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:22.0218 3780 TermDD - ok
19:36:22.0250 3780 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:36:22.0265 3780 TermService - ok
19:36:22.0296 3780 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:36:22.0296 3780 Themes - ok
19:36:22.0328 3780 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
19:36:22.0328 3780 TlntSvr - ok
19:36:22.0343 3780 TosIde - ok
19:36:22.0375 3780 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:36:22.0375 3780 TrkWks - ok
19:36:22.0390 3780 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:36:22.0390 3780 tunmp - ok
19:36:22.0406 3780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:36:22.0421 3780 Udfs - ok
19:36:22.0421 3780 ultra - ok
19:36:22.0468 3780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:36:22.0468 3780 Update - ok
19:36:22.0515 3780 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:36:22.0515 3780 upnphost - ok
19:36:22.0546 3780 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:36:22.0546 3780 UPS - ok
19:36:22.0562 3780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:36:22.0562 3780 usbaudio - ok
19:36:22.0609 3780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:22.0609 3780 usbccgp - ok
19:36:22.0640 3780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:22.0640 3780 usbehci - ok
19:36:22.0656 3780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:22.0671 3780 usbhub - ok
19:36:22.0703 3780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:22.0703 3780 usbprint - ok
19:36:22.0734 3780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:22.0734 3780 usbscan - ok
19:36:22.0750 3780 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:22.0750 3780 usbstor - ok
19:36:22.0781 3780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:22.0781 3780 usbuhci - ok
19:36:22.0812 3780 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:36:22.0828 3780 usbvideo - ok
19:36:22.0843 3780 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:36:22.0843 3780 usb_rndisx - ok
19:36:22.0859 3780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:36:22.0875 3780 VgaSave - ok
19:36:22.0875 3780 ViaIde - ok
19:36:22.0906 3780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:22.0906 3780 VolSnap - ok
19:36:22.0953 3780 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:36:22.0953 3780 VSS - ok
19:36:23.0000 3780 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:36:23.0000 3780 W32Time - ok
19:36:23.0031 3780 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
19:36:23.0031 3780 W3SVC - ok
19:36:23.0062 3780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:23.0062 3780 Wanarp - ok
19:36:23.0125 3780 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:36:23.0125 3780 Wdf01000 - ok
19:36:23.0140 3780 WDICA - ok
19:36:23.0171 3780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:23.0171 3780 wdmaud - ok
19:36:23.0218 3780 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:36:23.0218 3780 WebClient - ok
19:36:23.0281 3780 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:23.0281 3780 winmgmt - ok
19:36:23.0359 3780 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:36:23.0375 3780 WinRM - ok
19:36:23.0437 3780 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:36:23.0437 3780 WinUSB - ok
19:36:23.0468 3780 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:36:23.0468 3780 WmdmPmSN - ok
19:36:23.0531 3780 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:36:23.0546 3780 Wmi - ok
19:36:23.0578 3780 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:36:23.0578 3780 WmiAcpi - ok
19:36:23.0656 3780 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:23.0656 3780 WmiApSrv - ok
19:36:23.0765 3780 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:36:23.0781 3780 WMPNetworkSvc - ok
19:36:23.0812 3780 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:36:23.0812 3780 WpdUsb - ok
19:36:23.0968 3780 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:36:23.0984 3780 WPFFontCache_v0400 - ok
19:36:23.0984 3780 WSearch - ok
19:36:24.0031 3780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:24.0031 3780 WSTCODEC - ok
19:36:24.0062 3780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:24.0062 3780 WudfPf - ok
19:36:24.0078 3780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:24.0093 3780 WudfRd - ok
19:36:24.0125 3780 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:36:24.0125 3780 WudfSvc - ok
19:36:24.0187 3780 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:36:24.0187 3780 WZCSVC - ok
19:36:24.0234 3780 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:36:24.0234 3780 xmlprov - ok
19:36:24.0234 3780 ZTEusbgps - ok
19:36:24.0250 3780 ZTEusbmdm6k - ok
19:36:24.0250 3780 ZTEusbnmea - ok
19:36:24.0265 3780 ZTEusbnmeaext - ok
19:36:24.0265 3780 ZTEusbser6k - ok
19:36:24.0312 3780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:36:25.0593 3780 \Device\Harddisk0\DR0 - ok
19:36:25.0609 3780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR6
19:36:25.0796 3780 \Device\Harddisk2\DR6 - ok
19:36:25.0812 3780 Boot (0x1200) (b1bea1f590e643b676d5ffb609fdc626) \Device\Harddisk0\DR0\Partition0
19:36:25.0812 3780 \Device\Harddisk0\DR0\Partition0 - ok
19:36:25.0812 3780 Boot (0x1200) (994e57338ee5d100d9ec909cdf30d599) \Device\Harddisk2\DR6\Partition0
19:36:25.0812 3780 \Device\Harddisk2\DR6\Partition0 - ok
19:36:25.0812 3780 ============================================================
19:36:25.0812 3780 Scan finished
19:36:25.0812 3780 ============================================================
19:36:25.0828 3564 Detected object count: 0
19:36:25.0828 3564 Actual detected object count: 0
19:39:01.0828 2712 Deinitialize success

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 19:40:04
-----------------------------
19:40:04.390 OS Version: Windows 5.1.2600 Service Pack 3
19:40:04.390 Number of processors: 2 586 0x409
19:40:04.390 ComputerName: HPCOMPAQ UserName: David
19:40:05.187 Initialize success
19:42:09.734 AVAST engine defs: 12072801
19:42:22.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
19:42:22.109 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-46 Size: 76319MB BusType: 3
19:42:22.156 Disk 0 MBR read successfully
19:42:22.156 Disk 0 MBR scan
19:42:22.203 Disk 0 Windows XP default MBR code
19:42:22.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
19:42:22.218 Disk 0 scanning sectors +156280320
19:42:22.296 Disk 0 scanning C:\WINDOWS\system32\drivers
19:42:46.125 Service scanning
19:42:56.359 Service MpKsla7a48413 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79517F1E-1565-4052-8BE7-4826DFBD11CB}\MpKsla7a48413.sys **LOCKED** 32
19:43:11.875 Modules scanning
19:43:31.281 Disk 0 trace - called modules:
19:43:31.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:43:31.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a876ab8]
19:43:31.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a8889e8]
19:43:31.296 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a81d940]
19:43:31.625 AVAST engine scan C:\WINDOWS
19:43:41.718 AVAST engine scan C:\WINDOWS\system32
19:48:29.046 AVAST engine scan C:\WINDOWS\system32\drivers
19:48:56.703 AVAST engine scan C:\Documents and Settings\David
20:23:07.515 AVAST engine scan C:\Documents and Settings\All Users
20:24:52.796 Scan finished successfully
20:30:44.953 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
20:30:44.953 The log file has been saved successfully to "G:\aswMBR.txt"

ESET Log


C:\Documents and Settings\David\Local Settings\Temp\ICReinstall\cnet2_InstantPhotoScannerTB5_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\Local Settings\Temp\ICReinstall\cnet2_Secure_Wipe_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\Local Settings\Temp\ICReinstall\cnet2_speeditup-freeware_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\Local Settings\Temp\ICReinstall\cnet2_SystemExplorerSetup_391_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\Local Settings\Temp\ICReinstall\cnet_awesome_photo_finder_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\Local Settings\Temp\is1598539481\BuzzdockSetup-Silent.exe probably a variant of Win32/Adware.ECOHET application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\DVD Stuff\EssentialsCodecPack\WECPSetup.exe a variant of Win32/InstallCore.H application deleted - quarantined
C:\Documents and Settings\David\My Documents\Downloads\General Apps\cnet_awesome_photo_finder_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Microsoft\FinalMediaPlayer2011Setup.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Microsoft\SoftonicDownloader_for_anybizsoft-pdf-to-word.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Utilities\cnet2_InstantPhotoScannerTB5_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Utilities\cnet2_Secure_Wipe_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Utilities\NetworkUtility\cnet2_speeditup-freeware_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Utilities\NetworkUtility\cnet2_SystemExplorerSetup_391_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\David\My Documents\Downloads\Utilities\VideoTools\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5Z0Q8SG6\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5Z0Q8SG6\mx_nan_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\System Volume Information\_restore{2A8C64FC-B234-45DA-8413-ADEAF52EB0C3}\RP639\A0074394.exe Win32/AdInstaller application cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EV trojan

Edited by oldgeek53, 28 July 2012 - 10:00 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 28 July 2012 - 10:02 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 28 July 2012 - 11:22 PM

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Does the RED text mean Full OR Quick?

Thanks!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 28 July 2012 - 11:25 PM

Run a full scan.Red text refers to normal mode :thumbup2:

#7 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 28 July 2012 - 11:26 PM

10-4. Got it!

#8 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 29 July 2012 - 12:43 AM

First Malware log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
David :: HPCOMPAQ [administrator]

7/28/2012 10:25:23 PM
first_scan_mbam-log-2012-07-28 (23-03-11).txt

Scan type: Full scan (C:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300195
Time elapsed: 36 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\David\Local Settings\Application Data\{ff3d354c-f5cd-1128-768c-a69df23f6ff4}\n. -> No action taken.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 4c3e8c0a09fe7a08e898fad4ceadb637 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\David\Local Settings\Application Data\{ff3d354c-f5cd-1128-768c-a69df23f6ff4}\n (RootKit.0Access) -> No action taken.
C:\WINDOWS\Installer\{ff3d354c-f5cd-1128-768c-a69df23f6ff4}\n (RootKit.0Access) -> No action taken.

(end)

Clean Scan

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: HPCOMPAQ [administrator]

7/28/2012 11:26:43 PM
mbam-log-2012-07-28 (23-26-43).txt

Scan type: Full scan (C:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300055
Time elapsed: 56 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


toolbox log

MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 29-07-2012 at 00:25:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Motorola USB Networking Driver = Local Area Connection 11 (Connected)
PdaNet Broadband Adapter = PdaNet Broadband Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection 12 (Media disconnected)


FSS log

Farbar Service Scanner Version: 26-07-2012
Ran by David (administrator) on 29-07-2012 at 00:27:09
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000A000000090000000800000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****


adware log

# AdwCleaner v1.703 - Logfile created 07/29/2012 at 00:29:58
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - HPCOMPAQ
# Running from : G:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\David\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\David\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\David\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\David\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted :

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BD

FB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143E

D}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F9

8}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD4

48}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8A

BB}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF

}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB

}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\5spsnxg0.default\prefs.js

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\5spsnxg0.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");

*************************

AdwCleaner[S1].txt - [3070 octets] - [29/07/2012 00:29:58]

########## EOF - C:\AdwCleaner[S1].txt - [3198 octets] ##########

#9 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 29 July 2012 - 12:50 AM

MSE still fails "update" option.
MSC still says 'firewall service not started or has been stopped'.

I guess we ain't dun yet!

Need sleep, taking a nap.

Edited by oldgeek53, 29 July 2012 - 12:51 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 29 July 2012 - 05:46 AM

Open your C drive

On top,click on Tools-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\David\Local Settings\Application Data\{ff3d354c-f5cd-1128-768c-a69df23f6ff4}
C:\WINDOWS\Installer\{ff3d354c-f5cd-1128-768c-a69df23f6ff4}

delete the folders

Download

BITS
wuauserv
Sharedaccess

Launch the keys,click YES

Restart the PC,post the new FSS log

#11 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 29 July 2012 - 07:03 AM

Good morning, Naren.

FSS log BEFORE I connected to Internet

Farbar Service Scanner Version: 26-07-2012
Ran by David (administrator) on 29-07-2012 at 06:54:54
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000A000000090000000800000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

Ran FSS again AFTER connected to internet

Farbar Service Scanner Version: 26-07-2012
Ran by David (administrator) on 29-07-2012 at 06:57:14
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000A000000090000000800000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 29 July 2012 - 07:08 AM

Good morning

Download

System look

Launch it and copy this script in the search BOX

:folderfind
{ff3d354c-f5cd-1128-768c-a69df23f6ff4}

Click on LOOK,post the generated log

Download

wscsvc

launch it and click YES

Restart the PC and post the new FSS log

Edited by narenxp, 29 July 2012 - 07:08 AM.


#13 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 29 July 2012 - 07:23 AM

New FSS log;

Farbar Service Scanner Version: 26-07-2012
Ran by David (administrator) on 29-07-2012 at 07:21:24
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000A000000090000000800000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:27 PM

Posted 29 July 2012 - 07:28 AM

System look log?

#15 oldgeek53

oldgeek53
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 PM

Posted 29 July 2012 - 07:30 AM

Oops!

system LOOK log

SystemLook 30.07.11 by jpshortstuff
Log created at 07:10 on 29/07/2012 by David
Administrator - Elevation successful

========== folderfind ==========

Searching for "{ff3d354c-f5cd-1128-768c-a69df23f6ff4}"
No folders found.

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users