Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Win32/Katslo.A!lnk new virus cant remove it!


  • Please log in to reply
19 replies to this topic

#1 Akilia

Akilia

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 20 August 2012 - 05:23 PM

Hi clever peeps.
I've just recovered my desktop PC from a rash of viruses starting with File Recovery Rootkit virus, which seemed to gate in loads of other viruese by malicious browser redirects.
Not sure but think it may have started when I booked on a holiday booking site.

I'd performed the usual rituals of RKill and multiple antivirus and antimalware runs in and out of Safe Mode as per protocols, and Unhide.exe of course.
After several days of chasing viruses, I thought I was clear.
HitmanPro, Malawarebytes Anti-Malaware, and Microsoft Security Essentials all said so.

Yesterday after only 48hr clear, I seem to have a new Trojan:Win32/Katslo.A!lnk.
According to Microsoft Security Essentials, it was quarantined and then removed.
When I then inserted an old (very old last used >2yr ago) USB stick in, the trojan popped up and got intercepted again by MSE.
Again, allegedly quarantined by MSE, and then I manually authorised MSE to remove it.
No message telling me it failed.
Every time I run MSE full scan, it's still there on the desktop PC (but not found on the USB stick).
I dunno how to get it off me!

My PC is running WinXP SP3 (full updates) SLOOOWly right now.
When I open certain professional websites some of the pages stay blank - though can be viewed normally via laptop.
My USB stick shows no document files in the document folder, though they should be there.
Not inclined to test it on another PC right now though.
My Dektop PC file hierarchy seems intact and visible.

My laptop is not affected on the same wireless network, even though it's accessed some shared files on the desktop C:\ drive in the last 24 hr.

Only thing I've done just 12hr before this latest trojan happened was download SlimDrivers (free) and installed it on both the desktop and laptop, to update their drivers.
However, the MSE and MBAM both stated the PCS were both clear after the installation and updates.

My Anti-Virus/Malware software is all latest update.
According to Microsoft, this new Trojan definition was first posted by MS on 15Aug.
MSE is supposed to be able to recognise and remove it, but....
The name and description, but no technical data for this virus, is available on the MS virus database presently.

Helpful suggestions most welcome at this time :-)

Regards,
Akilia

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 20 August 2012 - 09:07 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 12:00 PM

Here's the TDSSKiller Log.
0 Objects found.

08:39:21.0062 1544 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
08:39:21.0375 1544 ============================================================
08:39:21.0375 1544 Current date / time: 2012/08/21 08:39:21.0375
08:39:21.0375 1544 SystemInfo:
08:39:21.0375 1544
08:39:21.0375 1544 OS Version: 5.1.2600 ServicePack: 3.0
08:39:21.0375 1544 Product type: Workstation
08:39:21.0375 1544 ComputerName: DELLBOY
08:39:21.0375 1544 UserName: USER
08:39:21.0375 1544 Windows directory: C:\WINDOWS
08:39:21.0375 1544 System windows directory: C:\WINDOWS
08:39:21.0375 1544 Processor architecture: Intel x86
08:39:21.0375 1544 Number of processors: 1
08:39:21.0375 1544 Page size: 0x1000
08:39:21.0375 1544 Boot type: Normal boot
08:39:21.0375 1544 ============================================================
08:39:23.0265 1544 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:39:23.0312 1544 Drive \Device\Harddisk2\DR7 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:39:23.0312 1544 ============================================================
08:39:23.0312 1544 \Device\Harddisk0\DR0:
08:39:23.0312 1544 MBR partitions:
08:39:23.0312 1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xDF7FDFC
08:39:23.0312 1544 \Device\Harddisk2\DR7:
08:39:23.0312 1544 MBR partitions:
08:39:23.0312 1544 \Device\Harddisk2\DR7\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x1E3BE0
08:39:23.0312 1544 ============================================================
08:39:23.0375 1544 C: <-> \Device\Harddisk0\DR0\Partition1
08:39:23.0375 1544 ============================================================
08:39:23.0375 1544 Initialize success
08:39:23.0375 1544 ============================================================
08:40:10.0593 1916 ============================================================
08:40:10.0593 1916 Scan started
08:40:10.0593 1916 Mode: Manual; TDLFS;
08:40:10.0593 1916 ============================================================
08:40:10.0671 1916 ================ Scan system memory ========================
08:40:10.0671 1916 System memory - ok
08:40:10.0687 1916 ================ Scan services =============================
08:40:10.0875 1916 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
08:40:10.0937 1916 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
08:40:11.0125 1916 Abiosdsk - ok
08:40:11.0171 1916 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
08:40:11.0171 1916 abp480n5 - ok
08:40:11.0218 1916 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:40:11.0234 1916 ACPI - ok
08:40:11.0296 1916 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:40:11.0296 1916 ACPIEC - ok
08:40:11.0359 1916 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:40:11.0359 1916 Adobe LM Service - ok
08:40:11.0390 1916 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
08:40:11.0390 1916 adpu160m - ok
08:40:11.0437 1916 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:40:11.0437 1916 aec - ok
08:40:11.0500 1916 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:40:11.0500 1916 AFD - ok
08:40:11.0531 1916 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
08:40:11.0531 1916 agp440 - ok
08:40:11.0546 1916 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
08:40:11.0546 1916 agpCPQ - ok
08:40:11.0578 1916 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
08:40:11.0593 1916 Aha154x - ok
08:40:11.0640 1916 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
08:40:11.0640 1916 aic78u2 - ok
08:40:11.0656 1916 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
08:40:11.0671 1916 aic78xx - ok
08:40:11.0718 1916 [ 293BCAF4EF7AFCC4B00D28F75C420356 ] alcan5wn C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
08:40:11.0812 1916 alcan5wn - ok
08:40:11.0875 1916 [ BDB16789E789F087B43B5F75032D4FDC ] alcaudsl C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
08:40:11.0875 1916 alcaudsl - ok
08:40:11.0906 1916 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:40:11.0906 1916 Alerter - ok
08:40:11.0937 1916 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:40:11.0937 1916 ALG - ok
08:40:11.0968 1916 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
08:40:11.0968 1916 AliIde - ok
08:40:12.0000 1916 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
08:40:12.0000 1916 alim1541 - ok
08:40:12.0031 1916 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
08:40:12.0031 1916 amdagp - ok
08:40:12.0046 1916 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
08:40:12.0062 1916 amsint - ok
08:40:12.0171 1916 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:40:12.0171 1916 Apple Mobile Device - ok
08:40:12.0187 1916 AppMgmt - ok
08:40:12.0250 1916 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
08:40:12.0265 1916 asc - ok
08:40:12.0281 1916 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
08:40:12.0281 1916 asc3350p - ok
08:40:12.0312 1916 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
08:40:12.0312 1916 asc3550 - ok
08:40:12.0468 1916 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:40:12.0625 1916 aspnet_state - ok
08:40:12.0671 1916 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:40:12.0671 1916 AsyncMac - ok
08:40:12.0703 1916 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:40:12.0718 1916 atapi - ok
08:40:12.0718 1916 Atdisk - ok
08:40:12.0750 1916 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:40:12.0765 1916 Atmarpc - ok
08:40:12.0796 1916 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:40:12.0812 1916 AudioSrv - ok
08:40:12.0859 1916 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:40:12.0890 1916 audstub - ok
08:40:13.0000 1916 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
08:40:13.0156 1916 BCMModem - ok
08:40:13.0203 1916 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:40:13.0218 1916 Beep - ok
08:40:13.0296 1916 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
08:40:13.0562 1916 BITS - ok
08:40:13.0687 1916 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:40:13.0703 1916 Bonjour Service - ok
08:40:13.0750 1916 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:40:13.0750 1916 Browser - ok
08:40:13.0828 1916 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:40:13.0843 1916 BVRPMPR5 - ok
08:40:13.0859 1916 bvrp_pci - ok
08:40:13.0968 1916 catchme - ok
08:40:14.0000 1916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
08:40:14.0015 1916 cbidf - ok
08:40:14.0031 1916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:40:14.0031 1916 cbidf2k - ok
08:40:14.0140 1916 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
08:40:14.0171 1916 CCALib8 - ok
08:40:14.0218 1916 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
08:40:14.0218 1916 cd20xrnt - ok
08:40:14.0296 1916 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:40:14.0296 1916 Cdaudio - ok
08:40:14.0328 1916 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:40:14.0343 1916 Cdfs - ok
08:40:14.0390 1916 [ 4DEE321B7D830231853BC722D3ACFDF8 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
08:40:14.0453 1916 Cdr4_xp - ok
08:40:14.0468 1916 [ 18EB04A0DFD3FFAE2AB736C3C1DFEA34 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
08:40:14.0515 1916 Cdralw2k - ok
08:40:14.0546 1916 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:40:14.0687 1916 Cdrom - ok
08:40:14.0734 1916 [ 072070A498D5FAD70C3A99A5F0B1331B ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
08:40:14.0812 1916 cdudf_xp - ok
08:40:14.0828 1916 Changer - ok
08:40:14.0875 1916 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
08:40:14.0890 1916 cisvc - ok
08:40:14.0906 1916 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:40:14.0937 1916 ClipSrv - ok
08:40:15.0031 1916 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:40:15.0234 1916 clr_optimization_v2.0.50727_32 - ok
08:40:15.0328 1916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:40:15.0500 1916 clr_optimization_v4.0.30319_32 - ok
08:40:15.0546 1916 CLTNetCnService - ok
08:40:15.0578 1916 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
08:40:15.0578 1916 CmdIde - ok
08:40:15.0656 1916 [ BDF0F5005E34B78415BB2440E7FBA750 ] CnxTrLan C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
08:40:15.0796 1916 CnxTrLan - ok
08:40:15.0843 1916 [ F60E2D484BD128BE618F81D944F93276 ] CnxTrUsb C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
08:40:15.0921 1916 CnxTrUsb - ok
08:40:15.0937 1916 COMSysApp - ok
08:40:16.0000 1916 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
08:40:16.0000 1916 Cpqarray - ok
08:40:16.0046 1916 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\System32\CTsvcCDA.exe
08:40:16.0046 1916 Creative Service for CDROM Access - ok
08:40:16.0078 1916 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:40:16.0078 1916 CryptSvc - ok
08:40:16.0140 1916 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
08:40:16.0281 1916 ctsfm2k - ok
08:40:16.0328 1916 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
08:40:16.0343 1916 dac2w2k - ok
08:40:16.0390 1916 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
08:40:16.0390 1916 dac960nt - ok
08:40:16.0406 1916 [ E6D680494C812B82A15600FD23C94424 ] Daobectmon C:\WINDOWS\system32\attrib.exe
08:40:16.0453 1916 Daobectmon - ok
08:40:16.0515 1916 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:40:16.0531 1916 DcomLaunch - ok
08:40:16.0593 1916 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:40:16.0593 1916 Dhcp - ok
08:40:16.0656 1916 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:40:16.0671 1916 Disk - ok
08:40:16.0687 1916 dmadmin - ok
08:40:16.0750 1916 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:40:16.0781 1916 dmboot - ok
08:40:16.0828 1916 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:40:16.0843 1916 dmio - ok
08:40:16.0875 1916 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:40:16.0875 1916 dmload - ok
08:40:16.0906 1916 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:40:16.0906 1916 dmserver - ok
08:40:16.0968 1916 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:40:16.0968 1916 DMusic - ok
08:40:17.0031 1916 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:40:17.0046 1916 Dnscache - ok
08:40:17.0109 1916 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:40:17.0125 1916 Dot3svc - ok
08:40:17.0171 1916 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
08:40:17.0187 1916 Dot4 - ok
08:40:17.0265 1916 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
08:40:17.0265 1916 Dot4Print - ok
08:40:17.0296 1916 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
08:40:17.0312 1916 dpti2o - ok
08:40:17.0328 1916 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:40:17.0328 1916 drmkaud - ok
08:40:17.0359 1916 [ A3997BAAB606CAA92F27E07BC4F070F0 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
08:40:17.0421 1916 dvd_2K - ok
08:40:17.0468 1916 [ 98ED0BEA10477B0F252CCA35EB50F838 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:40:17.0468 1916 E100B - ok
08:40:17.0531 1916 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:40:17.0531 1916 EapHost - ok
08:40:17.0562 1916 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
08:40:17.0562 1916 EL90XBC - ok
08:40:17.0640 1916 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
08:40:17.0640 1916 EpsonBidirectionalService - ok
08:40:17.0687 1916 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:40:17.0687 1916 ERSvc - ok
08:40:17.0750 1916 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:40:17.0765 1916 Eventlog - ok
08:40:17.0843 1916 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
08:40:17.0859 1916 EventSystem - ok
08:40:17.0906 1916 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:40:17.0906 1916 Fastfat - ok
08:40:17.0984 1916 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:40:18.0000 1916 FastUserSwitchingCompatibility - ok
08:40:18.0031 1916 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:40:18.0468 1916 Fax - ok
08:40:18.0500 1916 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:40:18.0500 1916 Fdc - ok
08:40:18.0531 1916 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:40:18.0531 1916 Fips - ok
08:40:18.0593 1916 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:40:18.0609 1916 Flpydisk - ok
08:40:18.0687 1916 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:40:18.0703 1916 FltMgr - ok
08:40:18.0812 1916 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:40:18.0828 1916 FontCache3.0.0.0 - ok
08:40:18.0875 1916 [ F7706DAE7D101F1B19CE552D772EBFCE ] Fspnpw2l C:\WINDOWS\system32\drivers\ati1ttxx.sys
08:40:18.0890 1916 Fspnpw2l - ok
08:40:18.0921 1916 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:40:18.0921 1916 Fs_Rec - ok
08:40:18.0968 1916 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:40:18.0984 1916 Ftdisk - ok
08:40:19.0031 1916 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:40:19.0062 1916 gameenum - ok
08:40:19.0125 1916 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:40:19.0125 1916 GEARAspiWDM - ok
08:40:19.0171 1916 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
08:40:19.0203 1916 giveio - ok
08:40:19.0281 1916 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:40:19.0312 1916 Gpc - ok
08:40:19.0437 1916 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:40:19.0437 1916 gupdate - ok
08:40:19.0453 1916 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:40:19.0453 1916 gupdatem - ok
08:40:19.0546 1916 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:40:19.0562 1916 helpsvc - ok
08:40:19.0578 1916 HidServ - ok
08:40:19.0593 1916 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:40:19.0593 1916 HidUsb - ok
08:40:19.0656 1916 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:40:19.0687 1916 hkmsvc - ok
08:40:19.0734 1916 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
08:40:19.0734 1916 hpn - ok
08:40:19.0796 1916 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:40:19.0812 1916 HTTP - ok
08:40:19.0875 1916 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:40:19.0906 1916 HTTPFilter - ok
08:40:19.0953 1916 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
08:40:19.0953 1916 i2omgmt - ok
08:40:20.0000 1916 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
08:40:20.0000 1916 i2omp - ok
08:40:20.0015 1916 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:40:20.0015 1916 i8042prt - ok
08:40:20.0093 1916 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
08:40:20.0125 1916 i81x - ok
08:40:20.0156 1916 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
08:40:20.0156 1916 iAimFP0 - ok
08:40:20.0187 1916 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
08:40:20.0187 1916 iAimFP1 - ok
08:40:20.0265 1916 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
08:40:20.0265 1916 iAimFP2 - ok
08:40:20.0281 1916 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
08:40:20.0281 1916 iAimFP3 - ok
08:40:20.0328 1916 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
08:40:20.0328 1916 iAimFP4 - ok
08:40:20.0375 1916 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
08:40:20.0406 1916 iAimTV0 - ok
08:40:20.0437 1916 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
08:40:20.0468 1916 iAimTV1 - ok
08:40:20.0484 1916 iAimTV2 - ok
08:40:20.0515 1916 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
08:40:20.0515 1916 iAimTV3 - ok
08:40:20.0578 1916 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
08:40:20.0578 1916 iAimTV4 - ok
08:40:20.0640 1916 [ 791F0829DE88DD0CA77192F0DFAD03B6 ] IdeBusDr C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
08:40:20.0671 1916 IdeBusDr - ok
08:40:20.0703 1916 [ 7D2B8BE9E89628663C1FB571F7C34062 ] IdeChnDr C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
08:40:20.0703 1916 IdeChnDr - ok
08:40:20.0828 1916 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:40:20.0890 1916 idsvc - ok
08:40:20.0937 1916 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:40:20.0984 1916 Imapi - ok
08:40:21.0015 1916 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:40:21.0031 1916 ImapiService - ok
08:40:21.0062 1916 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
08:40:21.0062 1916 ini910u - ok
08:40:21.0093 1916 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
08:40:21.0093 1916 IntelIde - ok
08:40:21.0156 1916 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:40:21.0156 1916 intelppm - ok
08:40:21.0187 1916 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:40:21.0187 1916 Ip6Fw - ok
08:40:21.0265 1916 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:40:21.0265 1916 IpFilterDriver - ok
08:40:21.0296 1916 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:40:21.0328 1916 IpInIp - ok
08:40:21.0359 1916 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:40:21.0375 1916 IpNat - ok
08:40:21.0484 1916 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:40:21.0578 1916 iPod Service - ok
08:40:21.0609 1916 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:40:21.0609 1916 IPSec - ok
08:40:21.0656 1916 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:40:21.0656 1916 IRENUM - ok
08:40:21.0718 1916 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:40:21.0718 1916 isapnp - ok
08:40:21.0781 1916 [ 8F1BA487B35F0C8F637E05113AA815F8 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys
08:40:21.0781 1916 itchfltr - ok
08:40:21.0937 1916 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:40:21.0953 1916 JavaQuickStarterService - ok
08:40:21.0984 1916 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:40:22.0000 1916 Kbdclass - ok
08:40:22.0046 1916 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:40:22.0046 1916 kbdhid - ok
08:40:22.0125 1916 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:40:22.0125 1916 kmixer - ok
08:40:22.0187 1916 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:40:22.0187 1916 KSecDD - ok
08:40:22.0234 1916 [ 0F8B7BF7097D1E8D78F2F52A2BEA03CD ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
08:40:22.0250 1916 l8042pr2 - ok
08:40:22.0312 1916 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:40:22.0328 1916 lanmanserver - ok
08:40:22.0390 1916 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:40:22.0437 1916 lanmanworkstation - ok
08:40:22.0453 1916 lbrtfdc - ok
08:40:22.0531 1916 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:40:22.0531 1916 LmHosts - ok
08:40:22.0562 1916 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
08:40:22.0578 1916 LMouFlt2 - ok
08:40:22.0703 1916 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
08:40:22.0718 1916 MDM - ok
08:40:22.0781 1916 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:40:22.0781 1916 Messenger - ok
08:40:22.0812 1916 [ E97E3FE03B6F271336CB2FBB24734989 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
08:40:22.0859 1916 mmc_2K - ok
08:40:22.0875 1916 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:40:22.0890 1916 mnmdd - ok
08:40:22.0937 1916 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
08:40:22.0953 1916 mnmsrvc - ok
08:40:23.0000 1916 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:40:23.0000 1916 Modem - ok
08:40:23.0046 1916 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:40:23.0078 1916 MODEMCSA - ok
08:40:23.0125 1916 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:40:23.0125 1916 Mouclass - ok
08:40:23.0171 1916 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:40:23.0171 1916 mouhid - ok
08:40:23.0234 1916 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:40:23.0234 1916 MountMgr - ok
08:40:23.0296 1916 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:40:23.0296 1916 MpFilter - ok
08:40:23.0562 1916 [ A69630D039C38018689190234F866D77 ] MpKslf0081a4a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B781E08-87E4-47A4-ACFE-7E6241EDD410}\MpKslf0081a4a.sys
08:40:23.0562 1916 MpKslf0081a4a - ok
08:40:23.0609 1916 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
08:40:23.0609 1916 mraid35x - ok
08:40:23.0656 1916 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:40:23.0656 1916 MRxDAV - ok
08:40:23.0750 1916 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:40:23.0796 1916 MRxSmb - ok
08:40:23.0828 1916 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
08:40:23.0843 1916 MSDTC - ok
08:40:23.0890 1916 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:40:23.0890 1916 Msfs - ok
08:40:23.0906 1916 MSIServer - ok
08:40:23.0937 1916 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:40:23.0937 1916 MSKSSRV - ok
08:40:23.0984 1916 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:40:24.0000 1916 MsMpSvc - ok
08:40:24.0015 1916 Msoml0 - ok
08:40:24.0062 1916 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:40:24.0062 1916 MSPCLOCK - ok
08:40:24.0093 1916 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:40:24.0109 1916 MSPQM - ok
08:40:24.0156 1916 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:40:24.0156 1916 mssmbios - ok
08:40:24.0218 1916 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:40:24.0234 1916 Mup - ok
08:40:24.0296 1916 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:40:24.0312 1916 napagent - ok
08:40:24.0343 1916 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:40:24.0359 1916 NDIS - ok
08:40:24.0406 1916 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:40:24.0406 1916 NdisTapi - ok
08:40:24.0437 1916 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:40:24.0437 1916 Ndisuio - ok
08:40:24.0468 1916 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:40:24.0468 1916 NdisWan - ok
08:40:24.0531 1916 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:40:24.0531 1916 NDProxy - ok
08:40:24.0593 1916 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:40:24.0593 1916 NetBIOS - ok
08:40:24.0656 1916 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:40:24.0656 1916 NetBT - ok
08:40:24.0750 1916 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:40:24.0750 1916 NetDDE - ok
08:40:24.0765 1916 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:40:24.0765 1916 NetDDEdsdm - ok
08:40:24.0796 1916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
08:40:24.0812 1916 Netlogon - ok
08:40:24.0875 1916 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:40:24.0921 1916 Netman - ok
08:40:24.0968 1916 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:40:24.0984 1916 NetTcpPortSharing - ok
08:40:25.0031 1916 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:40:25.0046 1916 Nla - ok
08:40:25.0093 1916 [ 1D3BB79A0035077297779C8C52CA3C01 ] NMSCFG C:\WINDOWS\System32\drivers\NMSCFG.SYS
08:40:25.0140 1916 NMSCFG - ok
08:40:25.0234 1916 [ 315BECA26CCC217151FD4C38853DF21C ] NMSSvc C:\WINDOWS\System32\NMSSvc.exe
08:40:25.0859 1916 NMSSvc - ok
08:40:25.0890 1916 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:40:25.0890 1916 Npfs - ok
08:40:25.0937 1916 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:40:25.0953 1916 Ntfs - ok
08:40:25.0984 1916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
08:40:26.0000 1916 NtLmSsp - ok
08:40:26.0046 1916 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:40:26.0062 1916 NtmsSvc - ok
08:40:26.0093 1916 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:40:26.0093 1916 Null - ok
08:40:26.0203 1916 [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:40:26.0390 1916 nv - ok
08:40:26.0437 1916 [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:40:26.0578 1916 NVSvc - ok
08:40:26.0625 1916 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:40:26.0625 1916 NwlnkFlt - ok
08:40:26.0656 1916 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:40:26.0671 1916 NwlnkFwd - ok
08:40:26.0718 1916 [ 1D98907D80461371437A7C898C58C8AE ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
08:40:26.0828 1916 omci - ok
08:40:26.0890 1916 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
08:40:26.0953 1916 ossrv - ok
08:40:27.0031 1916 [ 2B1BECA354A2ED1030F00CAEFD6F839D ] P16X C:\WINDOWS\system32\drivers\P16X.sys
08:40:27.0125 1916 P16X - ok
08:40:27.0187 1916 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
08:40:27.0187 1916 P3 - ok
08:40:27.0218 1916 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:40:27.0218 1916 Parport - ok
08:40:27.0312 1916 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:40:27.0312 1916 PartMgr - ok
08:40:27.0359 1916 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:40:27.0359 1916 ParVdm - ok
08:40:27.0578 1916 [ 58C5EA3DE400FE1D08CFECA6D5C14EBD ] PCANDIS5 C:\DOCUME~1\USER\MYDOCU~1\Akilia\COMPUT~1\NETGEA~3\DG834R~1\PCANDIS5.SYS
08:40:27.0609 1916 PCANDIS5 - ok
08:40:27.0656 1916 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:40:27.0656 1916 PCI - ok
08:40:27.0671 1916 PCIDump - ok
08:40:27.0718 1916 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:40:27.0718 1916 PCIIde - ok
08:40:27.0781 1916 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:40:27.0781 1916 Pcmcia - ok
08:40:27.0828 1916 PDCOMP - ok
08:40:27.0828 1916 PDFRAME - ok
08:40:27.0828 1916 PDRELI - ok
08:40:27.0843 1916 PDRFRAME - ok
08:40:27.0890 1916 [ 4A108CC9CC0E0605E68CCE7021479879 ] PenClass C:\WINDOWS\system32\Drivers\PenClass.sys
08:40:27.0890 1916 PenClass - ok
08:40:27.0921 1916 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
08:40:27.0937 1916 perc2 - ok
08:40:27.0953 1916 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
08:40:27.0968 1916 perc2hib - ok
08:40:28.0046 1916 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
08:40:28.0156 1916 pfc - ok
08:40:28.0203 1916 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
08:40:28.0296 1916 PfModNT - ok
08:40:28.0343 1916 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:40:28.0343 1916 PlugPlay - ok
08:40:28.0390 1916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:40:28.0390 1916 PolicyAgent - ok
08:40:28.0421 1916 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:40:28.0437 1916 PptpMiniport - ok
08:40:28.0468 1916 Prapw2kpw - ok
08:40:28.0484 1916 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:40:28.0484 1916 Processor - ok
08:40:28.0515 1916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:40:28.0515 1916 ProtectedStorage - ok
08:40:28.0546 1916 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:40:28.0546 1916 PSched - ok
08:40:28.0578 1916 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:40:28.0578 1916 Ptilink - ok
08:40:28.0640 1916 [ 070EDDD0E4A5BE55DD590D8B30DBFF22 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
08:40:28.0687 1916 pwd_2k - ok
08:40:28.0734 1916 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
08:40:28.0734 1916 ql1080 - ok
08:40:28.0781 1916 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
08:40:28.0781 1916 Ql10wnt - ok
08:40:28.0828 1916 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
08:40:28.0828 1916 ql12160 - ok
08:40:28.0843 1916 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
08:40:28.0843 1916 ql1240 - ok
08:40:28.0875 1916 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
08:40:28.0875 1916 ql1280 - ok
08:40:28.0921 1916 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:40:28.0937 1916 RasAcd - ok
08:40:29.0000 1916 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:40:29.0015 1916 RasAuto - ok
08:40:29.0046 1916 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:40:29.0062 1916 Rasl2tp - ok
08:40:29.0109 1916 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:40:29.0125 1916 RasMan - ok
08:40:29.0156 1916 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:40:29.0156 1916 RasPppoe - ok
08:40:29.0171 1916 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:40:29.0187 1916 Raspti - ok
08:40:29.0234 1916 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:40:29.0234 1916 Rdbss - ok
08:40:29.0296 1916 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:40:29.0312 1916 RDPCDD - ok
08:40:29.0343 1916 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:40:29.0359 1916 rdpdr - ok
08:40:29.0406 1916 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:40:29.0421 1916 RDPWD - ok
08:40:29.0468 1916 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:40:29.0484 1916 RDSessMgr - ok
08:40:29.0531 1916 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:40:29.0593 1916 redbook - ok
08:40:29.0625 1916 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:40:29.0640 1916 RemoteAccess - ok
08:40:29.0687 1916 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
08:40:29.0703 1916 RpcLocator - ok
08:40:29.0765 1916 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:40:29.0765 1916 RpcSs - ok
08:40:29.0828 1916 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
08:40:29.0843 1916 RSVP - ok
08:40:29.0875 1916 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:40:29.0890 1916 SamSs - ok
08:40:29.0937 1916 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:40:29.0953 1916 SCardSvr - ok
08:40:29.0968 1916 Schccqftcs - ok
08:40:30.0031 1916 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:40:30.0046 1916 Schedule - ok
08:40:30.0109 1916 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:40:30.0109 1916 Secdrv - ok
08:40:30.0140 1916 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:40:30.0140 1916 seclogon - ok
08:40:30.0171 1916 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:40:30.0171 1916 SENS - ok
08:40:30.0203 1916 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:40:30.0203 1916 serenum - ok
08:40:30.0265 1916 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:40:30.0265 1916 Serial - ok
08:40:30.0343 1916 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:40:30.0343 1916 Sfloppy - ok
08:40:30.0375 1916 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:40:30.0390 1916 ShellHWDetection - ok
08:40:30.0406 1916 Simbad - ok
08:40:30.0437 1916 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
08:40:30.0437 1916 sisagp - ok
08:40:30.0500 1916 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
08:40:30.0625 1916 SNMP - ok
08:40:30.0656 1916 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
08:40:30.0937 1916 SNMPTRAP - ok
08:40:31.0015 1916 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:40:31.0015 1916 SONYPVU1 - ok
08:40:31.0078 1916 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
08:40:31.0093 1916 Sparrow - ok
08:40:31.0125 1916 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:40:31.0140 1916 splitter - ok
08:40:31.0187 1916 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:40:31.0203 1916 Spooler - ok
08:40:31.0296 1916 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:40:31.0296 1916 sr - ok
08:40:31.0359 1916 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:40:31.0375 1916 srservice - ok
08:40:31.0437 1916 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:40:31.0453 1916 Srv - ok
08:40:31.0500 1916 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:40:31.0515 1916 SSDPSRV - ok
08:40:31.0593 1916 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:40:31.0609 1916 stisvc - ok
08:40:31.0656 1916 [ 2AA2D356CB735CD3CCA9F671BD75C9B5 ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
08:40:31.0734 1916 SWDUMon - ok
08:40:31.0796 1916 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:40:31.0828 1916 swenum - ok
08:40:31.0906 1916 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:40:31.0906 1916 swmidi - ok
08:40:31.0921 1916 SwPrv - ok
08:40:31.0953 1916 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
08:40:31.0968 1916 symc810 - ok
08:40:32.0000 1916 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
08:40:32.0000 1916 symc8xx - ok
08:40:32.0015 1916 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
08:40:32.0015 1916 sym_hi - ok
08:40:32.0046 1916 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
08:40:32.0046 1916 sym_u3 - ok
08:40:32.0093 1916 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:40:32.0156 1916 sysaudio - ok
08:40:32.0187 1916 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:40:32.0203 1916 SysmonLog - ok
08:40:32.0281 1916 [ 3CC41359DDD8423AACC1BBC9D38E8BA2 ] TabletService C:\WINDOWS\System32\Tablet.exe
08:40:32.0343 1916 TabletService - ok
08:40:32.0406 1916 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:40:32.0421 1916 TapiSrv - ok
08:40:32.0484 1916 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:40:32.0500 1916 Tcpip - ok
08:40:32.0546 1916 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:40:32.0546 1916 TDPIPE - ok
08:40:32.0578 1916 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:40:32.0578 1916 TDTCP - ok
08:40:32.0609 1916 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:40:32.0609 1916 TermDD - ok
08:40:32.0671 1916 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:40:32.0687 1916 TermService - ok
08:40:32.0750 1916 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:40:32.0750 1916 Themes - ok
08:40:32.0812 1916 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
08:40:32.0828 1916 TosIde - ok
08:40:32.0875 1916 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:40:32.0906 1916 TrkWks - ok
08:40:32.0953 1916 [ 27E66E79FD742C107FDB23280E17D869 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
08:40:33.0015 1916 UdfReadr_xp - ok
08:40:33.0078 1916 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:40:33.0078 1916 Udfs - ok
08:40:33.0109 1916 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
08:40:33.0109 1916 ultra - ok
08:40:33.0171 1916 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:40:33.0265 1916 Update - ok
08:40:33.0312 1916 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:40:33.0328 1916 upnphost - ok
08:40:33.0390 1916 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:40:33.0406 1916 UPS - ok
08:40:33.0468 1916 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:40:33.0468 1916 USBAAPL - ok
08:40:33.0531 1916 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:40:33.0531 1916 usbccgp - ok
08:40:33.0578 1916 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:40:33.0640 1916 usbehci - ok
08:40:33.0687 1916 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:40:33.0765 1916 usbhub - ok
08:40:33.0796 1916 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:40:33.0796 1916 usbprint - ok
08:40:33.0828 1916 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:40:33.0828 1916 usbscan - ok
08:40:33.0859 1916 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:40:33.0890 1916 USBSTOR - ok
08:40:33.0953 1916 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:40:33.0984 1916 usbuhci - ok
08:40:34.0031 1916 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:40:34.0031 1916 VgaSave - ok
08:40:34.0093 1916 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
08:40:34.0140 1916 viaagp - ok
08:40:34.0156 1916 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
08:40:34.0156 1916 ViaIde - ok
08:40:34.0187 1916 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:40:34.0187 1916 VolSnap - ok
08:40:34.0265 1916 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:40:34.0328 1916 VSS - ok
08:40:34.0375 1916 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
08:40:34.0390 1916 w32time - ok
08:40:34.0437 1916 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:40:34.0437 1916 Wanarp - ok
08:40:34.0453 1916 wanatw - ok
08:40:34.0468 1916 WDICA - ok
08:40:34.0500 1916 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:40:34.0578 1916 wdmaud - ok
08:40:34.0609 1916 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:40:34.0625 1916 WebClient - ok
08:40:34.0718 1916 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:40:34.0734 1916 winmgmt - ok
08:40:34.0796 1916 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
08:40:34.0812 1916 WMDM PMSP Service - ok
08:40:34.0890 1916 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:40:34.0890 1916 WmdmPmSN - ok
08:40:34.0953 1916 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:40:34.0953 1916 WmiApSrv - ok
08:40:35.0062 1916 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:40:35.0093 1916 WMPNetworkSvc - ok
08:40:35.0250 1916 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:40:35.0328 1916 WPFFontCache_v0400 - ok
08:40:35.0375 1916 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:40:35.0375 1916 WS2IFSL - ok
08:40:35.0437 1916 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:40:35.0437 1916 wscsvc - ok
08:40:35.0468 1916 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:40:35.0546 1916 wuauserv - ok
08:40:35.0593 1916 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:40:35.0593 1916 WudfPf - ok
08:40:35.0625 1916 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:40:35.0625 1916 WudfRd - ok
08:40:35.0671 1916 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:40:35.0671 1916 WudfSvc - ok
08:40:35.0734 1916 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:40:35.0781 1916 WZCSVC - ok
08:40:35.0828 1916 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:40:35.0953 1916 xmlprov - ok
08:40:35.0984 1916 ================ Scan global ===============================
08:40:36.0015 1916 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:40:36.0093 1916 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:40:36.0156 1916 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:40:36.0218 1916 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:40:36.0234 1916 [Global] - ok
08:40:36.0234 1916 ================ Scan MBR ==================================
08:40:36.0281 1916 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:40:36.0562 1916 \Device\Harddisk0\DR0 - ok
08:40:36.0578 1916 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR7
08:40:36.0828 1916 \Device\Harddisk2\DR7 - ok
08:40:36.0828 1916 ================ Scan VBR ==================================
08:40:36.0843 1916 [ C3FBA386313FC6EC9B51E84A344CA8FE ] \Device\Harddisk0\DR0\Partition1
08:40:36.0843 1916 \Device\Harddisk0\DR0\Partition1 - ok
08:40:36.0859 1916 [ C473FAA6617E3478C05D819FC10B29C3 ] \Device\Harddisk2\DR7\Partition1
08:40:36.0859 1916 \Device\Harddisk2\DR7\Partition1 - ok
08:40:36.0875 1916 ============================================================
08:40:36.0875 1916 Scan finished
08:40:36.0875 1916 ============================================================
08:40:36.0890 0220 Detected object count: 0
08:40:36.0890 0220 Actual detected object count: 0
08:43:46.0062 0380 Deinitialize success

Edited by Akilia, 21 August 2012 - 04:21 PM.


#4 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 12:09 PM

I ran the Avast Software aswMBR.exe
It took 6 hours to run.
Left the PC alone throughout.
When it completed, I clicked Save Log, the system hung for about 15 mins, then crashed with Black Screen. Remained lifeless. So hard rebooted.
Haven't seen that since Win 3.11 !!

When I robooted, boot halted with blue screen error message includiing the following:
.......
Problem caused by rdbss.sys
Driver unloaded without cancelling pending operations.

Technical info

STOP:0X00000004 (0XF6A290D4, 0X00000002, 0X00000001, 0X864DBC9A)
rdbss.sys
.......

Rebooted OK.
Not really inclined to run Avast scan again, if it can be avoided.
6 hours to scan and a bad bad crash.
Hmmm.

I'll post the ESET scan report as soon as it's done.
Thanks for offering to help.

Edited by Akilia, 21 August 2012 - 12:10 PM.


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 21 August 2012 - 02:11 PM

Try running ASWMBR in safemode with networking

#6 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 02:59 PM

OK. Will do. I'll post it when done.

Here's the log from running ESET.
There seem to be three nasties, it claims to have deleted.
(Not sure it has really deleted them).

JS/Exploit.Pdfka.PPB Trojan
Win32/InstallCore.A application
HTML/lframe.BGen virus

Plus it recognises my Registry Reviver, which I may as well remove anyway.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\docum[1].pdf JS/Exploit.Pdfka.PPB trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\My Documents\Downloads\RegistryReviverInstall.exe Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Documents and Settings\USER\My Documents\Downloads\RegistryReviverSetup.exe Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MR2IAVV4\getbookinghotels_org[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Program Files\FoxTabMusicConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\aso3sys.dll probably a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\SendLogs.exe Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\bg\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\cs\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\DA\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\DTCH\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\el\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ENG\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ES\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\fi\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\FR\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\GRMN\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\hu\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\in\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ITLY\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\JA\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\no\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\pl\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\pt\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ro\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\sv\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\th\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\TR\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\ZH\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Registry Reviver\zhcn\regclean.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2600\A0282070.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282076.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282083.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282113.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282119.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282127.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282136.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282143.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2601\A0282156.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2603\A0282168.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2604\A0282171.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2605\A0282194.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2605\A0282340.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2605\A0283261.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2606\A0283267.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2606\A0283280.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2607\A0283286.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2607\A0283295.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2608\A0283301.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2608\A0283315.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2608\A0283326.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2608\A0283401.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2609\A0283472.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2610\A0283478.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2610\A0283486.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2610\A0284487.exe a variant of Win32/Injector.VKO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2611\A0284551.exe a variant of Win32/Injector.VKO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2611\A0284582.exe a variant of Win32/Injector.VKO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0284587.exe a variant of Win32/Injector.VKO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285561.exe Win32/Caphaw.I trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285576.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285577.dll probably a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285578.dll a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285580.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285581.exe Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285582.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285583.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285584.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285585.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285586.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285587.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285588.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285589.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285590.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285591.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285592.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285593.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285594.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285595.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285596.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285597.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285598.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285599.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285600.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285601.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285602.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285603.ini Win32/RegistryReviver application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2612\A0285604.ini Win32/RegistryReviver application cleaned by deleting - quarantined

Thanks.
Akilia

Edited by Akilia, 21 August 2012 - 04:17 PM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 21 August 2012 - 03:01 PM

I will wait for ASWMBR log.Also

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 03:26 PM

I ran the ASWMBR in Safe mode.
It tooks hardly any time at all.
Surely can't have looked hard at the C:\Drive?
In Normal Mode one gets the option of checking C:\
Am I supposed to do that?

Here's the brief log from the Safe Mode run:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 21:12:51
-----------------------------
21:12:51.734 OS Version: Windows 5.1.2600 Service Pack 3
21:12:51.734 Number of processors: 1 586 0x207
21:12:51.734 ComputerName: DELLBOY UserName:
21:12:52.609 Initialize success
21:13:09.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
21:13:09.578 Disk 0 Vendor: ST312002 3.33 Size: 114473MB BusType: 3
21:13:09.609 Disk 0 MBR read successfully
21:13:09.625 Disk 0 MBR scan
21:13:09.640 Disk 0 Windows XP default MBR code
21:13:09.656 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
21:13:09.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114431 MB offset 80325
21:13:09.687 Disk 0 scanning sectors +234436545
21:13:09.765 Disk 0 scanning C:\WINDOWS\system32\drivers
21:13:25.937 Service scanning
21:13:36.609 Service Fspnpw2l C:\WINDOWS\C:\WINDOWS\system32\drivers\ati1ttxx.sys **LOCKED** 123
21:13:53.015 Modules scanning
21:14:02.437 Disk 0 trace - called modules:
21:14:02.500 ntoskrnl.exe CLASSPNP.SYS disk.sys IdeChnDr.sys hal.dll
21:14:04.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd34b0]
21:14:04.625 3 CLASSPNP.SYS[f86f6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x81f1b030]
21:14:04.718 Scan finished successfully
21:14:33.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\My Documents\Downloads\MBR.dat"
21:14:33.359 The log file has been saved successfully to "C:\Documents and Settings\USER\My Documents\Downloads\aswMBR.txt"

Thanks.
Akilia

Edited by Akilia, 21 August 2012 - 04:17 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 21 August 2012 - 03:29 PM

Move to other scans

#10 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 03:53 PM

Mini Toolbox Scan Result:

MiniToolBox by Farbar Version: 23-07-2012
Ran by USER (administrator) on 21-08-2012 at 21:51:14
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=NONE
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Dellboy

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tiscali.co.uk



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : tiscali.co.uk

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-F7-41-5F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 21 August 2012 21:33:15

Lease Expires . . . . . . . . . . : 22 August 2012 21:33:15

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.230.101, 74.125.230.97, 74.125.230.110, 74.125.230.98
74.125.230.103, 74.125.230.104, 74.125.230.96, 74.125.230.100, 74.125.230.105
74.125.230.99, 74.125.230.102



Pinging google.com [173.194.34.70] with 32 bytes of data:



Reply from 173.194.34.70: bytes=32 time=41ms TTL=57

Reply from 173.194.34.70: bytes=32 time=38ms TTL=57



Ping statistics for 173.194.34.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 41ms, Average = 39ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=211ms TTL=46

Reply from 72.30.38.140: bytes=32 time=222ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 211ms, Maximum = 222ms, Average = 216ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 f7 41 5f ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 07:23:43 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/20/2012 09:58:34 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/19/2012 09:55:23 PM) (Source: MsiInstaller) (User: DELLBOY)DELLBOY
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.

Error: (08/16/2012 04:38:15 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]

Error: (08/16/2012 04:37:57 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]

Error: (08/16/2012 04:37:39 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]

Error: (08/16/2012 04:37:21 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]

Error: (08/16/2012 04:37:03 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]

Error: (08/16/2012 04:23:10 AM) (Source: Application Error) (User: )
Description: Faulting application em_exec.exe, version 9.79.25.1, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [em_exec.exe!ws!]

Error: (08/16/2012 04:23:10 AM) (Source: Application Error) (User: )
Description: Faulting application wuauclt.exe, version 7.6.7600.256, faulting module unknown, version 0.0.0.0, fault address 0x3000749a.
Processing media-specific event for [wuauclt.exe!ws!]


System errors:
=============
Error: (08/21/2012 09:34:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/21/2012 09:34:02 PM) (Source: Service Control Manager) (User: )
Description: The Msoml0 service failed to start due to the following error:
%%2

Error: (08/21/2012 09:17:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/21/2012 09:17:37 PM) (Source: Service Control Manager) (User: )
Description: The Msoml0 service failed to start due to the following error:
%%2

Error: (08/21/2012 09:15:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/21/2012 09:12:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/21/2012 09:12:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (08/21/2012 09:12:13 PM) (Source: DCOM) (User: DELLBOY)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/21/2012 09:11:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/21/2012 08:36:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (08/20/2012 07:23:43 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/20/2012 09:58:34 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/19/2012 09:55:23 PM) (Source: MsiInstaller)(User: DELLBOY)DELLBOY
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.(NULL)(NULL)(NULL)

Error: (08/16/2012 04:38:15 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a

Error: (08/16/2012 04:37:57 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a

Error: (08/16/2012 04:37:39 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a

Error: (08/16/2012 04:37:21 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a

Error: (08/16/2012 04:37:03 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a

Error: (08/16/2012 04:23:10 AM) (Source: Application Error)(User: )
Description: em_exec.exe9.79.25.1unknown0.0.0.03000749a

Error: (08/16/2012 04:23:10 AM) (Source: Application Error)(User: )
Description: wuauclt.exe7.6.7600.256unknown0.0.0.03000749a


=========================== Installed Programs ============================

7000 System NoDoc (Version: 1.20.55)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Acrobat 5.0 (Version: 5.1)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Photoshop Album 2.0 Starter Edition (Version: 2.00.000)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader 7.0.7 (Version: 7.0.7)
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AXIS Media Control
BCM V.92 56K Modem
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.5.0.2)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.1)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon EOS Kiss REBEL 300D WIA Driver (Version: 5.1)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities File Viewer Utility 1.3 (Version: 1.3.1)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture 2.7 (Version: 2.7.4)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.20)
Classic PhoneTools (Version: 4.16)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Dell Picture Studio - Dell Image Expert (Version: 3.4.1)
Dell Solution Center (Version: 1.00.0000)
Digital Line Detect (Version: 1.02.000)
Dragon Flame (désinstalation seulement)
DrayTek Router Tools V2.5.3
DVDSentry (Version: 1.00.0001)
Easy CD Creator 5 Basic (Version: 5.2.0.56)
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
Epson Print CD (Version: 2.00.00)
EPSON PX820FWD Series Manual
EPSON PX820FWD Series Network Guide
EPSON PX820FWD Series Printer Uninstall
EPSON Scan
EPSON Web-To-Page
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.3 (Version: 3.3a)
ESET Online Scanner v3
Extensis Intellihance Pro 4.0
Extensis Mask Pro 3.0
Extensis PhotoFrame 2.5
Extensis pxl SmartScale 1.0
File Shredder 2.0
File Viewer Utility 1.3.1 (Version: 1.3.1)
FoxTab Music Converter
Google Earth (Version: 4.2.205.5730)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
Help and Support Customization (Version: 1.00.0000)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
Intel Application Accelerator
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II (Version: 2.00.0020)
iTunes (Version: 10.6.3.25)
Java 2 Runtime Environment Standard Edition v1.3.1_01
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech Resource Center
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Helper
NVIDIA Windows 2000/XP Display Drivers
PIF DESIGNER
Portfolio 6.0
PowerDVD
Prism Video Converter
procreate™ Painter Classic™
QuickTime (Version: 7.72.80.56)
Registry Reviver
RemoteCapture 2.7.4 (Version: 2.7.4)
Remove Hidden Data Tool (Version: 11.0.6361.0)
ScanToWeb
SlimDrivers (Version: 2.2.22481)
Sound Blaster Live!
SpeedTouch USB Software
System Requirements Lab
Tengwar Scribe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoPad Video Editor
Wacom Tablet Driver
WD Discovery Software (Version: 1.80)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0532.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 8.1 SR-1 (5266))
XML Paper Specification Shared Components Pack 1.0
YaTT: Yet Another Tengwar Tool (Version: 2.0.0.123)
Zoom ADSL USB Modem

========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 511 MB
Available physical RAM: 106.38 MB
Total Pagefile: 1248.16 MB
Available Pagefile: 892.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.13 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:111.75 GB) (Free:16.44 GB) NTFS

========================= Users: ========================================

User accounts for \\DELLBOY

Administrator ASPNET Guest
HelpAssistant USER SUPPORT_388945a0
SUPPORT_3f151ab9


**** End of log ****

Edited by Akilia, 21 August 2012 - 04:18 PM.


#11 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 04:10 PM

Here's the Log for Adware Cleaner:

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 22:03:56
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - DELLBOY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1656 octets] - [21/08/2012 22:03:56]

########## EOF - C:\AdwCleaner[S1].txt - [1784 octets] ##########

#12 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 04:13 PM

Here's the log for FSS

Farbar Service Scanner Version: 06-08-2012
Ran by USER (administrator) on 21-08-2012 at 22:01:39
Running from "C:\Documents and Settings\USER\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Malaware Bytes AntiMalware is already on my PC and has consistently shown no infections.
I'll run it again in SAFE mode tonight. Then again in Normal Mode tomorrow morning.

#13 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 21 August 2012 - 04:33 PM

Just to add: Since this morning, I've noticed that my Windows Firewall has been switched off.
I have a hard firewall built into my Router, but that doesn't protect me from USBs.

When I try to restart my Firewall in Windows Security Centre, it can't be started.
It doesn't seem to be found when I try to set Firewall Settings.

I'd like to get that up and running before I start to deal with my USBs, and my Backup External Drive (not connected recently). Advice would be aprpeciated.

I also have one USB which stores data backed up from a computer which died, and the data are not installed anywhere else. I have to be able to be sure it's disinfected, since it was put into this PC after I thought it was clear :-/
Advice as to how I can be sure its disinfected would be helpful, since much of the antivirus stuff I've been using doesn't seem to allow specific external data source cleaning.

Grateful thanks,
Akilia

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 21 August 2012 - 04:56 PM

Scan the USB with malwarebytes

Download

Sharedaccess

Launch it,click YES

Restart the PC,post the new FSS log

#15 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:34 AM

Posted 22 August 2012 - 02:34 AM

Thanks.

Loaded Sharedaccess and run it, Firewall now back on came up with the correct settings I'd previously used.

FSS(2) log:

Farbar Service Scanner Version: 06-08-2012
Ran by USER (administrator) on 22-08-2012 at 08:21:07
Running from "C:\Documents and Settings\USER\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users