Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection malware


  • Please log in to reply
16 replies to this topic

#1 Contrasted

Contrasted

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 August 2012 - 04:45 AM

Hey I have recently been redirected when searching on google to a website called ihavenet.com (along with others) although this is a problem the laptop that this malware has infected will be out of use soon anyway, what i am wondering is if it is safe to transfer data (word documents, .html files (which I made myself and are simply just used to take notes), and possibly some .jpegs) or will the malware work its way through these files?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 20 August 2012 - 07:27 AM

If you are considering reformatting and a clean install or doing a factory restore with a Recovery Disk/Recovery Partition due to malware infection, you can back up all your important documents, personal data files, photos, music, videos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), .ini, .bat, .com, .cmd, .msi, .pif, or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable or there isn't one installed, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk. Again, do not back up any files with the following file extensions: .exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Have you taken any steps to remove the malware? If not, do you want to try?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 August 2012 - 07:40 AM

I certainly do want to try, but i have noticed ComboFix is one of the primary tools used to clean malware 9especially promoted on this forum) this is not possible for me, as although i have admin rights and can run many other anti-malware programs etc. I cannot disable the pre-installed anti-virus software (McAfee)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 20 August 2012 - 08:32 AM

Back up your data before proceeding.

Please print out and follow these instructions: How to scan with TDSSKiller
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
  • Do not use the computer during the scan
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip.
  • If 'Malicious objects' are detected, they will show as "Threats detected - Select action for found objects" and offer several options.
  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 August 2012 - 06:19 PM

Below is the TDSS Killer Log


08:48:34.0421 3400 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
08:48:36.0421 3400 ============================================================
08:48:36.0421 3400 Current date / time: 2012/08/21 08:48:36.0421
08:48:36.0421 3400 SystemInfo:
08:48:36.0421 3400
08:48:36.0421 3400 OS Version: 5.1.2600 ServicePack: 3.0
08:48:36.0421 3400 Product type: Workstation
08:48:36.0421 3400 ComputerName: 080168-01203566
08:48:36.0421 3400 UserName: nmhs
08:48:36.0421 3400 Windows directory: C:\WINDOWS
08:48:36.0421 3400 System windows directory: C:\WINDOWS
08:48:36.0421 3400 Processor architecture: Intel x86
08:48:36.0421 3400 Number of processors: 2
08:48:36.0421 3400 Page size: 0x1000
08:48:36.0421 3400 Boot type: Normal boot
08:48:36.0421 3400 ============================================================
08:48:38.0328 3400 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:48:38.0328 3400 ============================================================
08:48:38.0328 3400 \Device\Harddisk0\DR0:
08:48:38.0328 3400 MBR partitions:
08:48:38.0328 3400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1BE3C970
08:48:38.0328 3400 ============================================================
08:48:38.0375 3400 C: <-> \Device\Harddisk0\DR0\Partition1
08:48:38.0406 3400 ============================================================
08:48:38.0406 3400 Initialize success
08:48:38.0406 3400 ============================================================
08:49:00.0015 2188 ============================================================
08:49:00.0015 2188 Scan started
08:49:00.0015 2188 Mode: Manual;
08:49:00.0015 2188 ============================================================
08:49:00.0531 2188 ================ Scan system memory ========================
08:49:04.0484 2188 System memory - ok
08:49:04.0484 2188 ================ Scan services =============================
08:49:04.0609 2188 40021138 - ok
08:49:04.0609 2188 Abiosdsk - ok
08:49:04.0625 2188 abp480n5 - ok
08:49:04.0671 2188 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:49:04.0671 2188 ACPI - ok
08:49:04.0703 2188 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:49:04.0703 2188 ACPIEC - ok
08:49:04.0703 2188 adpu160m - ok
08:49:04.0734 2188 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:49:04.0734 2188 aec - ok
08:49:04.0781 2188 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:49:04.0843 2188 AFD - ok
08:49:04.0843 2188 Aha154x - ok
08:49:04.0859 2188 aic78u2 - ok
08:49:04.0859 2188 aic78xx - ok
08:49:04.0890 2188 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:49:04.0906 2188 Alerter - ok
08:49:04.0937 2188 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:49:04.0937 2188 ALG - ok
08:49:04.0937 2188 AliIde - ok
08:49:04.0953 2188 amsint - ok
08:49:04.0984 2188 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:49:05.0062 2188 ApfiltrService - ok
08:49:05.0109 2188 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:49:05.0109 2188 AppMgmt - ok
08:49:05.0109 2188 asc - ok
08:49:05.0125 2188 asc3350p - ok
08:49:05.0125 2188 asc3550 - ok
08:49:05.0234 2188 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:49:05.0328 2188 aspnet_state - ok
08:49:05.0375 2188 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:49:05.0375 2188 AsyncMac - ok
08:49:05.0406 2188 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:49:05.0406 2188 atapi - ok
08:49:05.0406 2188 Atdisk - ok
08:49:05.0437 2188 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:49:05.0437 2188 Atmarpc - ok
08:49:05.0484 2188 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:49:05.0484 2188 AudioSrv - ok
08:49:05.0531 2188 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:49:05.0531 2188 audstub - ok
08:49:05.0593 2188 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:49:05.0671 2188 b57w2k - ok
08:49:05.0703 2188 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:49:05.0718 2188 Beep - ok
08:49:05.0765 2188 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:49:05.0843 2188 BITS - ok
08:49:05.0890 2188 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
08:49:05.0890 2188 Browser - ok
08:49:05.0937 2188 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
08:49:06.0015 2188 btaudio - ok
08:49:06.0062 2188 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
08:49:06.0140 2188 BTDriver - ok
08:49:06.0203 2188 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:49:06.0281 2188 BTKRNL - ok
08:49:06.0406 2188 [ FF1E8C68525C68F0CB3865E4EDC52892 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:49:06.0500 2188 btwdins - ok
08:49:06.0546 2188 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
08:49:06.0609 2188 BTWDNDIS - ok
08:49:06.0640 2188 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
08:49:06.0765 2188 btwhid - ok
08:49:06.0781 2188 [ 581CA1A9B6F8CBA92E3BC8460C14FAAB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
08:49:06.0906 2188 BTWUSB - ok
08:49:06.0937 2188 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:49:06.0937 2188 cbidf2k - ok
08:49:06.0968 2188 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:49:06.0968 2188 CCDECODE - ok
08:49:06.0968 2188 cd20xrnt - ok
08:49:07.0000 2188 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:49:07.0000 2188 Cdaudio - ok
08:49:07.0015 2188 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:49:07.0015 2188 Cdfs - ok
08:49:07.0031 2188 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:49:07.0046 2188 Cdrom - ok
08:49:07.0046 2188 Changer - ok
08:49:07.0078 2188 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:49:07.0078 2188 CiSvc - ok
08:49:07.0093 2188 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:49:07.0109 2188 ClipSrv - ok
08:49:07.0171 2188 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:49:07.0250 2188 clr_optimization_v2.0.50727_32 - ok
08:49:07.0296 2188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:49:07.0421 2188 clr_optimization_v4.0.30319_32 - ok
08:49:07.0468 2188 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:49:07.0468 2188 CmBatt - ok
08:49:07.0468 2188 CmdIde - ok
08:49:07.0484 2188 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:49:07.0484 2188 Compbatt - ok
08:49:07.0484 2188 COMSysApp - ok
08:49:07.0500 2188 Cpqarray - ok
08:49:07.0562 2188 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:49:07.0562 2188 CryptSvc - ok
08:49:07.0562 2188 dac2w2k - ok
08:49:07.0562 2188 dac960nt - ok
08:49:07.0625 2188 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:49:07.0625 2188 DcomLaunch - ok
08:49:07.0671 2188 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:49:07.0671 2188 Dhcp - ok
08:49:07.0687 2188 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:49:07.0687 2188 Disk - ok
08:49:07.0687 2188 dmadmin - ok
08:49:07.0734 2188 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:49:07.0750 2188 dmboot - ok
08:49:07.0781 2188 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:49:07.0781 2188 dmio - ok
08:49:07.0828 2188 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:49:07.0828 2188 dmload - ok
08:49:07.0859 2188 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:49:07.0859 2188 dmserver - ok
08:49:07.0906 2188 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:49:07.0921 2188 DMusic - ok
08:49:07.0953 2188 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:49:07.0984 2188 Dnscache - ok
08:49:08.0031 2188 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:49:08.0031 2188 Dot3svc - ok
08:49:08.0031 2188 dpti2o - ok
08:49:08.0046 2188 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:49:08.0046 2188 drmkaud - ok
08:49:08.0046 2188 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:49:08.0062 2188 EapHost - ok
08:49:08.0078 2188 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:49:08.0078 2188 ERSvc - ok
08:49:08.0125 2188 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:49:08.0140 2188 Eventlog - ok
08:49:08.0156 2188 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:49:08.0171 2188 EventSystem - ok
08:49:08.0265 2188 [ 306AC856622864C761CBDB5E816BB9D8 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:49:08.0328 2188 EvtEng - ok
08:49:08.0375 2188 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:49:08.0390 2188 Fastfat - ok
08:49:08.0421 2188 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:49:08.0468 2188 FastUserSwitchingCompatibility - ok
08:49:08.0500 2188 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
08:49:08.0500 2188 Fdc - ok
08:49:08.0515 2188 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:49:08.0515 2188 Fips - ok
08:49:08.0515 2188 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:49:08.0515 2188 Flpydisk - ok
08:49:08.0578 2188 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:49:08.0593 2188 FltMgr - ok
08:49:08.0656 2188 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:49:08.0656 2188 FontCache3.0.0.0 - ok
08:49:08.0718 2188 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
08:49:08.0812 2188 fssfltr - ok
08:49:08.0921 2188 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:49:08.0984 2188 fsssvc - ok
08:49:09.0015 2188 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:49:09.0015 2188 Fs_Rec - ok
08:49:09.0031 2188 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:49:09.0031 2188 Ftdisk - ok
08:49:09.0078 2188 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:49:09.0078 2188 Gpc - ok
08:49:09.0093 2188 [ 85F4E4617DBD603C2202354CEDFDF249 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:49:09.0234 2188 hamachi - ok
08:49:09.0281 2188 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:49:09.0281 2188 HDAudBus - ok
08:49:09.0390 2188 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:49:09.0390 2188 helpsvc - ok
08:49:09.0406 2188 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:49:09.0406 2188 HidServ - ok
08:49:09.0437 2188 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:49:09.0437 2188 HidUsb - ok
08:49:09.0468 2188 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:49:09.0484 2188 hkmsvc - ok
08:49:09.0484 2188 hpn - ok
08:49:09.0531 2188 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:49:09.0593 2188 HSFHWAZL - ok
08:49:09.0640 2188 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:49:09.0718 2188 HSF_DPV - ok
08:49:09.0781 2188 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:49:09.0781 2188 HTTP - ok
08:49:09.0843 2188 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:49:09.0843 2188 HTTPFilter - ok
08:49:09.0843 2188 i2omgmt - ok
08:49:09.0859 2188 i2omp - ok
08:49:09.0890 2188 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:49:09.0906 2188 i8042prt - ok
08:49:10.0125 2188 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:49:10.0359 2188 ialm - ok
08:49:10.0421 2188 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:49:10.0484 2188 idsvc - ok
08:49:10.0531 2188 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:49:10.0531 2188 Imapi - ok
08:49:10.0593 2188 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:49:10.0593 2188 ImapiService - ok
08:49:10.0593 2188 ini910u - ok
08:49:10.0781 2188 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:49:10.0843 2188 IntcAzAudAddService - ok
08:49:10.0875 2188 [ 1A3C5C489A1DE481D2EF899807AD172C ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
08:49:11.0000 2188 IntcHdmiAddService - ok
08:49:11.0000 2188 IntelIde - ok
08:49:11.0046 2188 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:49:11.0046 2188 intelppm - ok
08:49:11.0062 2188 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:49:11.0062 2188 Ip6Fw - ok
08:49:11.0093 2188 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:49:11.0093 2188 IpFilterDriver - ok
08:49:11.0125 2188 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:49:11.0125 2188 IpInIp - ok
08:49:11.0156 2188 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:49:11.0156 2188 IpNat - ok
08:49:11.0171 2188 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:49:11.0187 2188 IPSec - ok
08:49:11.0203 2188 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:49:11.0203 2188 IRENUM - ok
08:49:11.0234 2188 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:49:11.0234 2188 isapnp - ok
08:49:11.0296 2188 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:49:11.0343 2188 JavaQuickStarterService - ok
08:49:11.0359 2188 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:49:11.0375 2188 Kbdclass - ok
08:49:11.0390 2188 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:49:11.0390 2188 kbdhid - ok
08:49:11.0421 2188 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:49:11.0437 2188 kmixer - ok
08:49:11.0468 2188 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:49:11.0468 2188 KSecDD - ok
08:49:11.0515 2188 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:49:11.0546 2188 lanmanserver - ok
08:49:11.0609 2188 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:49:11.0609 2188 lanmanworkstation - ok
08:49:11.0625 2188 lbrtfdc - ok
08:49:11.0671 2188 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:49:11.0687 2188 LmHosts - ok
08:49:11.0781 2188 [ E20CD4F69B2A2D6278EF3F20477BE14C ] ManageEngine Desktop Central - Agent C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
08:49:11.0843 2188 ManageEngine Desktop Central - Agent - ok
08:49:11.0875 2188 [ B28E408AF738FE536BC302CE8FA54C9B ] ManageEngine Desktop Central - Remote Control C:\Program Files\DesktopCentral_Agent\bin\dcrdservice.exe
08:49:11.0937 2188 ManageEngine Desktop Central - Remote Control - ok
08:49:11.0968 2188 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
08:49:12.0093 2188 MBAMProtector - ok
08:49:12.0140 2188 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:49:12.0203 2188 MBAMService - ok
08:49:12.0296 2188 [ DC509080E03719E95A14511E5CCCD4E7 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
08:49:12.0312 2188 McAfeeEngineService - ok
08:49:12.0359 2188 [ 0A06515F3D730F1987B432712A5BB286 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
08:49:12.0406 2188 McAfeeFramework - ok
08:49:12.0421 2188 [ CFA520DD46D8422B401B832F34A0B5CA ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
08:49:12.0437 2188 McShield - ok
08:49:12.0453 2188 [ 7984C3FE368ABE31543A95FBF4965BB8 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
08:49:12.0500 2188 McTaskManager - ok
08:49:12.0578 2188 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:49:12.0593 2188 MDM - ok
08:49:12.0625 2188 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:49:12.0640 2188 mdmxsdk - ok
08:49:12.0656 2188 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:49:12.0656 2188 Messenger - ok
08:49:12.0687 2188 [ 1619082B1D7F731B11449F48E91CC84C ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
08:49:12.0703 2188 mfeapfk - ok
08:49:12.0703 2188 [ 1FAE237D343904E24B3A9EB04BBD8170 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
08:49:12.0718 2188 mfeavfk - ok
08:49:12.0718 2188 [ 8C324DA46F9FCC5C107CEDA4DBCFC7AE ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
08:49:12.0734 2188 mfebopk - ok
08:49:12.0750 2188 [ D0123E113243BDD427611F265BBD21B8 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
08:49:12.0765 2188 mfehidk - ok
08:49:12.0796 2188 [ D528F31CAD4411D3AE3CE0C634232851 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
08:49:12.0796 2188 mferkdet - ok
08:49:12.0843 2188 [ 28A2F3C4CA8C2063087C9FCD963586C0 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
08:49:12.0937 2188 mfetdik - ok
08:49:12.0968 2188 [ A1822B41D58AA66F6E018F3BADC5C955 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
08:49:12.0968 2188 mfevtp - ok
08:49:13.0015 2188 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:49:13.0031 2188 mnmdd - ok
08:49:13.0062 2188 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:49:13.0062 2188 mnmsrvc - ok
08:49:13.0109 2188 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:49:13.0109 2188 Modem - ok
08:49:13.0125 2188 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:49:13.0125 2188 Mouclass - ok
08:49:13.0171 2188 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:49:13.0171 2188 mouhid - ok
08:49:13.0203 2188 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:49:13.0203 2188 MountMgr - ok
08:49:13.0203 2188 mraid35x - ok
08:49:13.0234 2188 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:49:13.0328 2188 MRxDAV - ok
08:49:13.0390 2188 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:49:13.0484 2188 MRxSmb - ok
08:49:13.0515 2188 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:49:13.0531 2188 MSDTC - ok
08:49:13.0531 2188 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:49:13.0531 2188 Msfs - ok
08:49:13.0546 2188 MSIServer - ok
08:49:13.0562 2188 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:49:13.0562 2188 MSKSSRV - ok
08:49:13.0578 2188 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:49:13.0578 2188 MSPCLOCK - ok
08:49:13.0578 2188 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:49:13.0578 2188 MSPQM - ok
08:49:13.0609 2188 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:49:13.0609 2188 mssmbios - ok
08:49:13.0625 2188 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:49:13.0640 2188 MSTEE - ok
08:49:13.0671 2188 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:49:13.0718 2188 Mup - ok
08:49:13.0750 2188 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:49:13.0750 2188 NABTSFEC - ok
08:49:13.0796 2188 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:49:13.0796 2188 napagent - ok
08:49:13.0828 2188 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:49:13.0843 2188 NDIS - ok
08:49:13.0875 2188 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:49:13.0875 2188 NdisIP - ok
08:49:13.0921 2188 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:49:13.0968 2188 NdisTapi - ok
08:49:13.0984 2188 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:49:13.0984 2188 Ndisuio - ok
08:49:13.0984 2188 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:49:14.0000 2188 NdisWan - ok
08:49:14.0046 2188 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:49:14.0093 2188 NDProxy - ok
08:49:14.0140 2188 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:49:14.0140 2188 NetBIOS - ok
08:49:14.0156 2188 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:49:14.0156 2188 NetBT - ok
08:49:14.0203 2188 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:49:14.0203 2188 NetDDE - ok
08:49:14.0203 2188 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:49:14.0218 2188 NetDDEdsdm - ok
08:49:14.0250 2188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:49:14.0250 2188 Netlogon - ok
08:49:14.0265 2188 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:49:14.0265 2188 Netman - ok
08:49:14.0312 2188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:49:14.0406 2188 NetTcpPortSharing - ok
08:49:14.0562 2188 [ 0888844230083CE3B47395102BCA8207 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
08:49:14.0640 2188 NETw5x32 - ok
08:49:14.0687 2188 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:49:14.0687 2188 Nla - ok
08:49:14.0718 2188 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:49:14.0734 2188 Npfs - ok
08:49:14.0734 2188 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:49:14.0750 2188 Ntfs - ok
08:49:14.0765 2188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:49:14.0781 2188 NtLmSsp - ok
08:49:14.0812 2188 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:49:14.0828 2188 NtmsSvc - ok
08:49:14.0859 2188 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:49:14.0859 2188 Null - ok
08:49:14.0906 2188 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:49:14.0906 2188 NwlnkFlt - ok
08:49:14.0906 2188 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:49:14.0906 2188 NwlnkFwd - ok
08:49:14.0968 2188 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
08:49:15.0015 2188 o2flash - ok
08:49:15.0046 2188 [ F1072A203FB1E246BE62D736A5B88DFD ] O2MDRDR C:\WINDOWS\system32\DRIVERS\o2media.sys
08:49:15.0171 2188 O2MDRDR - ok
08:49:15.0187 2188 [ 5472C48F44B49F07B16B421899E550F8 ] O2SDRDR C:\WINDOWS\system32\DRIVERS\o2sd.sys
08:49:15.0312 2188 O2SDRDR - ok
08:49:15.0359 2188 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:49:15.0453 2188 odserv - ok
08:49:15.0468 2188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:49:15.0515 2188 ose - ok
08:49:15.0562 2188 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:49:15.0562 2188 Parport - ok
08:49:15.0625 2188 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:49:15.0625 2188 PartMgr - ok
08:49:15.0656 2188 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:49:15.0656 2188 ParVdm - ok
08:49:15.0656 2188 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:49:15.0671 2188 PCI - ok
08:49:15.0671 2188 PCIDump - ok
08:49:15.0687 2188 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:49:15.0687 2188 PCIIde - ok
08:49:15.0703 2188 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:49:15.0703 2188 Pcmcia - ok
08:49:15.0703 2188 PDCOMP - ok
08:49:15.0718 2188 PDFRAME - ok
08:49:15.0718 2188 PDRELI - ok
08:49:15.0734 2188 PDRFRAME - ok
08:49:15.0734 2188 perc2 - ok
08:49:15.0734 2188 perc2hib - ok
08:49:15.0781 2188 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:49:15.0781 2188 PlugPlay - ok
08:49:15.0828 2188 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
08:49:15.0875 2188 PnkBstrA - ok
08:49:15.0890 2188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:49:15.0890 2188 PolicyAgent - ok
08:49:15.0921 2188 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:49:15.0921 2188 PptpMiniport - ok
08:49:15.0937 2188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:49:15.0937 2188 ProtectedStorage - ok
08:49:15.0937 2188 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:49:15.0953 2188 PSched - ok
08:49:15.0953 2188 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:49:15.0953 2188 Ptilink - ok
08:49:15.0968 2188 ql1080 - ok
08:49:15.0968 2188 Ql10wnt - ok
08:49:15.0968 2188 ql12160 - ok
08:49:15.0984 2188 ql1240 - ok
08:49:15.0984 2188 ql1280 - ok
08:49:16.0015 2188 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:49:16.0015 2188 RasAcd - ok
08:49:16.0062 2188 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:49:16.0062 2188 RasAuto - ok
08:49:16.0093 2188 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:49:16.0093 2188 Rasl2tp - ok
08:49:16.0156 2188 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:49:16.0156 2188 RasMan - ok
08:49:16.0156 2188 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:49:16.0156 2188 RasPppoe - ok
08:49:16.0171 2188 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:49:16.0171 2188 Raspti - ok
08:49:16.0187 2188 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:49:16.0203 2188 Rdbss - ok
08:49:16.0203 2188 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:49:16.0203 2188 RDPCDD - ok
08:49:16.0218 2188 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:49:16.0218 2188 rdpdr - ok
08:49:16.0265 2188 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:49:16.0375 2188 RDPWD - ok
08:49:16.0406 2188 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:49:16.0421 2188 RDSessMgr - ok
08:49:16.0453 2188 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:49:16.0453 2188 redbook - ok
08:49:16.0546 2188 [ B33C88DF3588ACF250B87A004526C31A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:49:16.0656 2188 RegSrvc - ok
08:49:16.0687 2188 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:49:16.0687 2188 RemoteAccess - ok
08:49:16.0703 2188 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:49:16.0718 2188 RemoteRegistry - ok
08:49:16.0734 2188 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:49:16.0734 2188 RpcLocator - ok
08:49:16.0750 2188 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\WINDOWS\system32\rpcnet.exe
08:49:16.0812 2188 rpcnet - ok
08:49:16.0843 2188 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:49:16.0843 2188 RpcSs - ok
08:49:16.0890 2188 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:49:16.0890 2188 RSVP - ok
08:49:16.0968 2188 [ 76902E80B6A31885F3135C0FBB6EE2D2 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
08:49:17.0046 2188 S24EventMonitor - ok
08:49:17.0062 2188 [ 2BC0B847CBCFE62A79B18CE0B440334D ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:49:17.0140 2188 s24trans - ok
08:49:17.0156 2188 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:49:17.0156 2188 SamSs - ok
08:49:17.0187 2188 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:49:17.0203 2188 SCardSvr - ok
08:49:17.0250 2188 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:49:17.0250 2188 Schedule - ok
08:49:17.0296 2188 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:49:17.0296 2188 sdbus - ok
08:49:17.0343 2188 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:49:17.0343 2188 Secdrv - ok
08:49:17.0375 2188 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:49:17.0375 2188 seclogon - ok
08:49:17.0375 2188 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:49:17.0375 2188 SENS - ok
08:49:17.0390 2188 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:49:17.0406 2188 Serial - ok
08:49:17.0437 2188 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:49:17.0437 2188 Sfloppy - ok
08:49:17.0484 2188 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:49:17.0500 2188 SharedAccess - ok
08:49:17.0515 2188 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:49:17.0515 2188 ShellHWDetection - ok
08:49:17.0515 2188 Simbad - ok
08:49:17.0546 2188 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:49:17.0562 2188 SLIP - ok
08:49:17.0562 2188 Sparrow - ok
08:49:17.0609 2188 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:49:17.0609 2188 splitter - ok
08:49:17.0640 2188 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:49:17.0703 2188 Spooler - ok
08:49:17.0718 2188 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:49:17.0718 2188 sr - ok
08:49:17.0765 2188 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:49:17.0765 2188 srservice - ok
08:49:17.0796 2188 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:49:17.0859 2188 Srv - ok
08:49:17.0890 2188 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:49:17.0890 2188 SSDPSRV - ok
08:49:17.0953 2188 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:49:17.0968 2188 stisvc - ok
08:49:18.0000 2188 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:49:18.0015 2188 streamip - ok
08:49:18.0031 2188 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:49:18.0031 2188 swenum - ok
08:49:18.0062 2188 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:49:18.0062 2188 swmidi - ok
08:49:18.0062 2188 SwPrv - ok
08:49:18.0078 2188 symc810 - ok
08:49:18.0078 2188 symc8xx - ok
08:49:18.0093 2188 sym_hi - ok
08:49:18.0093 2188 sym_u3 - ok
08:49:18.0109 2188 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:49:18.0109 2188 sysaudio - ok
08:49:18.0140 2188 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:49:18.0140 2188 SysmonLog - ok
08:49:18.0156 2188 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:49:18.0156 2188 TapiSrv - ok
08:49:18.0203 2188 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:49:18.0218 2188 Tcpip - ok
08:49:18.0234 2188 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:49:18.0234 2188 TDPIPE - ok
08:49:18.0250 2188 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:49:18.0250 2188 TDTCP - ok
08:49:18.0250 2188 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:49:18.0250 2188 TermDD - ok
08:49:18.0296 2188 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:49:18.0296 2188 TermService - ok
08:49:18.0312 2188 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:49:18.0312 2188 Themes - ok
08:49:18.0359 2188 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:49:18.0375 2188 TlntSvr - ok
08:49:18.0375 2188 TosIde - ok
08:49:18.0406 2188 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:49:18.0406 2188 TrkWks - ok
08:49:18.0453 2188 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:49:18.0468 2188 Udfs - ok
08:49:18.0468 2188 UIUSys - ok
08:49:18.0468 2188 ultra - ok
08:49:18.0515 2188 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:49:18.0531 2188 Update - ok
08:49:18.0593 2188 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:49:18.0609 2188 upnphost - ok
08:49:18.0640 2188 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:49:18.0656 2188 UPS - ok
08:49:18.0687 2188 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:49:18.0687 2188 usbaudio - ok
08:49:18.0718 2188 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:49:18.0718 2188 usbccgp - ok
08:49:18.0734 2188 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:49:18.0734 2188 usbehci - ok
08:49:18.0750 2188 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:49:18.0750 2188 usbhub - ok
08:49:18.0796 2188 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:49:18.0796 2188 usbscan - ok
08:49:18.0843 2188 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:49:18.0859 2188 USBSTOR - ok
08:49:18.0890 2188 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:49:18.0906 2188 usbuhci - ok
08:49:18.0906 2188 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:49:19.0015 2188 usbvideo - ok
08:49:19.0093 2188 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:49:19.0140 2188 VgaSave - ok
08:49:19.0140 2188 ViaIde - ok
08:49:19.0218 2188 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:49:19.0296 2188 VolSnap - ok
08:49:19.0359 2188 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:49:19.0375 2188 VSS - ok
08:49:19.0406 2188 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:49:19.0421 2188 W32Time - ok
08:49:19.0437 2188 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:49:19.0437 2188 Wanarp - ok
08:49:19.0484 2188 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:49:19.0562 2188 Wdf01000 - ok
08:49:19.0562 2188 WDICA - ok
08:49:19.0593 2188 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:49:19.0609 2188 wdmaud - ok
08:49:19.0640 2188 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:49:19.0656 2188 WebClient - ok
08:49:19.0718 2188 [ 307D248F97835B6879BDD361086924FE ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:49:19.0781 2188 winachsf - ok
08:49:19.0875 2188 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:49:19.0890 2188 winmgmt - ok
08:49:19.0937 2188 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
08:49:20.0031 2188 WinRM - ok
08:49:20.0093 2188 [ 1BFD39A62E70F8FD42786E6864EA6351 ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
08:49:20.0156 2188 WLANKEEPER - ok
08:49:20.0203 2188 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:49:20.0250 2188 WmdmPmSN - ok
08:49:20.0296 2188 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:49:20.0296 2188 Wmi - ok
08:49:20.0312 2188 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:49:20.0312 2188 WmiAcpi - ok
08:49:20.0375 2188 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:49:20.0375 2188 WmiApSrv - ok
08:49:20.0468 2188 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:49:20.0546 2188 WMPNetworkSvc - ok
08:49:20.0640 2188 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:49:20.0718 2188 WPFFontCache_v0400 - ok
08:49:20.0750 2188 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:49:20.0750 2188 WS2IFSL - ok
08:49:20.0781 2188 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:49:20.0781 2188 wscsvc - ok
08:49:20.0828 2188 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:49:20.0843 2188 WSTCODEC - ok
08:49:20.0875 2188 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:49:20.0875 2188 wuauserv - ok
08:49:20.0921 2188 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:49:20.0921 2188 WudfPf - ok
08:49:20.0953 2188 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:49:20.0968 2188 WudfRd - ok
08:49:21.0000 2188 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:49:21.0000 2188 WudfSvc - ok
08:49:21.0062 2188 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:49:21.0078 2188 WZCSVC - ok
08:49:21.0125 2188 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:49:21.0125 2188 xmlprov - ok
08:49:21.0140 2188 ================ Scan global ===============================
08:49:21.0187 2188 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:49:21.0218 2188 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:49:21.0250 2188 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:49:21.0281 2188 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:49:21.0281 2188 [Global] - ok
08:49:21.0281 2188 ================ Scan MBR ==================================
08:49:21.0312 2188 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
08:49:23.0593 2188 \Device\Harddisk0\DR0 - ok
08:49:23.0593 2188 ================ Scan VBR ==================================
08:49:23.0593 2188 [ 2131DBA1C9A65028781ECFFE455D0507 ] \Device\Harddisk0\DR0\Partition1
08:49:23.0609 2188 \Device\Harddisk0\DR0\Partition1 - ok
08:49:23.0609 2188 ============================================================
08:49:23.0609 2188 Scan finished
08:49:23.0609 2188 ============================================================
08:49:23.0609 3076 Detected object count: 0
08:49:23.0609 3076 Actual detected object count: 0
08:49:58.0812 1816 Deinitialize success

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 20 August 2012 - 08:45 PM

Please continue with the Malwarebytes scan and post the log afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 August 2012 - 09:12 PM

Ill have it up tonight, thanks for your jelp so far

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 21 August 2012 - 08:14 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 August 2012 - 05:44 AM

Hey, is this the log you are looking for, it was done a day or two before my original post but is still relevant


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
nmhs :: 080168-01203566 [administrator]

Protection: Enabled

19/08/2012 8:41:03 PM
mbam-log-2012-08-19 (20-41-03).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277956
Time elapsed: 11 hour(s), 23 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 22 August 2012 - 06:58 AM

That is the log, although the database is a couple days old now.

Please download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of avptool.txt with any threats detected in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".



Please download Sophos Virus Removal Tool and save it to your desktop.
alternate download link
  • It is a large file so it may take some time to download.
  • Be sure to read and follow the instructions on that same page for installing and performing a scan.
  • If anything threats are detected, they will show in the Scan Results with an option to click a Details... button for more information.
  • Click on the Start clean up button to allow removal of all threats found and reboot the computer when done.
  • A log file should have been created...copy and paste the results in your next reply.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
-- Vista, Windows 7, 2008: C:\Program Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 August 2012 - 07:41 AM

thanks, ill get the logs over the next day or so

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 22 August 2012 - 07:52 AM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 26 August 2012 - 06:23 AM

I dont know what you mean by not selecting the events, but the kaspersky tool found no threats

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:31 AM

Posted 26 August 2012 - 06:31 AM

The instructions for the Kaspersky scan have changed slightly as the GUI has been changed. Previously, the tool created two logs, one marked Events but that no longer appears to be the case. I have updated my instructions accordingly.

Please continue with the Sophos scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Contrasted

Contrasted
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 26 August 2012 - 09:04 AM

SOPHOS Logs

2012-08-26 21:04:23 Sophos Virus Removal Tool version 2.1
2012-08-26 21:04:23 Copyright © 2009-2012 Sophos Limited. All rights reserved.

2012-08-26 21:04:23 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-08-26 21:04:23 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2012-08-26 21:04:23 Component SVRTcli.exe version 2.1
2012-08-26 21:04:23 Component control.dll version 2.1
2012-08-26 21:04:23 Component SVRTservice.exe version 2.1
2012-08-26 21:04:23 Component osdp.dll version 1.44.0.1990
2012-08-26 21:04:23 Component veex.dll version 3.34.0.1990
2012-08-26 21:04:23 Component savi.dll version 7.5.9.1990
2012-08-26 21:04:23 Component rkdisk.dll version 1.5.30.0
2012-08-26 21:04:31 Option all = no
2012-08-26 21:04:31 Option recurse = yes
2012-08-26 21:04:31 Option archive = no
2012-08-26 21:04:31 Option service = yes
2012-08-26 21:04:31 Option confirm = yes
2012-08-26 21:04:32 Option sxl = yes
2012-08-26 21:04:32 Option max-data-age = 35
2012-08-26 21:04:32 Version info: Product version 2.1
2012-08-26 21:04:32 Version info: Detection engine 3.34.0
2012-08-26 21:04:32 Version info: Detection data 4.80
2012-08-26 21:04:32 Version info: Virus data date 6/08/2012
2012-08-26 21:04:32 Version info: Data files added 314





2012-08-26 21:58:37 >>> Virus 'Mal/Packer' found in file C:\Documents and Settings\nmhs\Desktop\Games\Starcraft\StarCraft 1.15.1\Loader.exe
2012-08-26 22:04:54 Could not open C:\Documents and Settings\nmhs\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session
2012-08-26 22:04:54 Could not open C:\Documents and Settings\nmhs\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs
2012-08-26 22:04:54 Could not open C:\Documents and Settings\nmhs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK
2012-08-26 22:07:51 Password protected file C:\Documents and Settings\nmhs\My Documents\Presentation2.pptx
2012-08-26 22:35:35 The following items will be cleaned up:
2012-08-26 22:35:35 Mal/Packer
2012-08-26 23:39:03 File "C:\Documents and Settings\nmhs\Desktop\Games\Starcraft\StarCraft 1.15.1\Loader.exe" belongs to malware 'Mal/Packer'.
2012-08-26 23:39:03 File "C:\Documents and Settings\nmhs\Desktop\Games\Starcraft\StarCraft 1.15.1\Loader.exe" has been cleaned up.
2012-08-26 23:39:03 Removal successful




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users