Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ModName: mshtml.dll IE not working


  • Please log in to reply
21 replies to this topic

#1 crystalm36

crystalm36

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 August 2012 - 07:13 PM

Hello,
I recently formatted my computer, (3 times) because I suspected that I had a virus that wouldn't let me on the internet. So I reformatted but I am still having problems getting on the computer. Everytime that I open IE I get an error message that it needs to shut down.
AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: mshtml.dll
ModVer: 6.0.2900.2180 Offset: 0007f44d


I suspected that my computer may have the dnschanger virus so I downloaded the Windows Defender Offline and it wouldn't let me use it, said that it wasn't compatible, so I used Norton's Power Eraser. I downloaded it on a memory stick and ran it from there. It done a scan on the suspected pc and came up with nothing.

I have searched Microsoft and it had some information and the article stated to update to the latest updates and this should fix the problem, but when I try to update my computer, it goes to a not available screen and won't let me update.

Plus, I am using a router that has a wireless laptop that uses the internet from the router along with some ipod touches. I am scared that if it is the dnschanger virus that it may have infected the router and the other laptop and mobile devices. Any suggestions on what to do?

Thank you for your time.

Edited by crystalm36, 23 August 2012 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 August 2012 - 07:23 PM

oopss I just realized that I may have posted this in the wrong part of your forums. Could a moderator please move this to the right forum? Sorry for getting into big of a hurry and messing up with my post.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 23 August 2012 - 08:07 PM

Hello, I moved this from XP to the Am I Infected forum for now..

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
[/b] and click on Run as Administrator.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 23 August 2012 - 09:14 PM

Ok there is nowhere I can find to be the administrator, I am using XP.

Here is RKILL's txt log:

Thanks for all of your help


Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2012 10:08:02 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/23/2012 10:08:50 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

Edited by crystalm36, 23 August 2012 - 09:29 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 23 August 2012 - 09:35 PM

(If you are using Windows Vista, please right-click on it and select Run As Administrator)

Please do the rest.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 24 August 2012 - 04:51 AM

22:37:35.0421 0492 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
22:37:35.0843 0492 ============================================================
22:37:35.0843 0492 Current date / time: 2012/08/23 22:37:35.0843
22:37:35.0843 0492 SystemInfo:
22:37:35.0843 0492
22:37:35.0843 0492 OS Version: 5.1.2600 ServicePack: 2.0
22:37:35.0843 0492 Product type: Workstation
22:37:35.0843 0492 ComputerName: FAMILY-16B096BF
22:37:35.0843 0492 UserName: Administrator
22:37:35.0843 0492 Windows directory: C:\WINDOWS
22:37:35.0843 0492 System windows directory: C:\WINDOWS
22:37:35.0843 0492 Processor architecture: Intel x86
22:37:35.0843 0492 Number of processors: 1
22:37:35.0843 0492 Page size: 0x1000
22:37:35.0843 0492 Boot type: Safe boot with network
22:37:35.0843 0492 ============================================================
22:37:37.0375 0492 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:37:37.0375 0492 Drive \Device\Harddisk1\DR4 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:37:37.0375 0492 ============================================================
22:37:37.0375 0492 \Device\Harddisk0\DR0:
22:37:37.0375 0492 MBR partitions:
22:37:37.0375 0492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
22:37:37.0375 0492 \Device\Harddisk1\DR4:
22:37:37.0375 0492 MBR partitions:
22:37:37.0375 0492 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x3D7FC1
22:37:37.0375 0492 ============================================================
22:37:37.0406 0492 C: <-> \Device\Harddisk0\DR0\Partition1
22:37:37.0406 0492 ============================================================
22:37:37.0406 0492 Initialize success
22:37:37.0406 0492 ============================================================
22:38:06.0593 0536 ============================================================
22:38:06.0593 0536 Scan started
22:38:06.0593 0536 Mode: Manual; TDLFS;
22:38:06.0593 0536 ============================================================
22:38:07.0375 0536 ================ Scan system memory ========================
22:38:07.0375 0536 System memory - ok
22:38:07.0375 0536 ================ Scan services =============================
22:38:07.0500 0536 Abiosdsk - ok
22:38:07.0531 0536 abp480n5 - ok
22:38:07.0609 0536 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:38:07.0625 0536 ACPI - ok
22:38:07.0687 0536 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:38:07.0687 0536 ACPIEC - ok
22:38:07.0718 0536 adpu160m - ok
22:38:07.0796 0536 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:38:07.0796 0536 aec - ok
22:38:07.0875 0536 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:38:07.0875 0536 AFD - ok
22:38:07.0921 0536 Aha154x - ok
22:38:07.0953 0536 aic78u2 - ok
22:38:08.0000 0536 aic78xx - ok
22:38:08.0062 0536 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:38:08.0062 0536 Alerter - ok
22:38:08.0093 0536 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
22:38:08.0093 0536 ALG - ok
22:38:08.0109 0536 AliIde - ok
22:38:08.0156 0536 amsint - ok
22:38:08.0203 0536 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:38:08.0203 0536 AppMgmt - ok
22:38:08.0265 0536 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:38:08.0265 0536 Arp1394 - ok
22:38:08.0281 0536 asc - ok
22:38:08.0328 0536 asc3350p - ok
22:38:08.0359 0536 asc3550 - ok
22:38:08.0515 0536 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:38:08.0531 0536 aspnet_state - ok
22:38:08.0562 0536 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:38:08.0562 0536 AsyncMac - ok
22:38:08.0625 0536 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:38:08.0625 0536 atapi - ok
22:38:08.0671 0536 Atdisk - ok
22:38:08.0718 0536 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:38:08.0718 0536 Atmarpc - ok
22:38:08.0781 0536 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:38:08.0781 0536 AudioSrv - ok
22:38:08.0828 0536 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:38:08.0828 0536 audstub - ok
22:38:08.0906 0536 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:38:08.0921 0536 bcm4sbxp - ok
22:38:09.0015 0536 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:38:09.0015 0536 Beep - ok
22:38:09.0078 0536 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
22:38:09.0093 0536 BITS - ok
22:38:09.0156 0536 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
22:38:09.0156 0536 Browser - ok
22:38:09.0203 0536 bvrp_pci - ok
22:38:09.0265 0536 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:38:09.0265 0536 cbidf2k - ok
22:38:09.0296 0536 cd20xrnt - ok
22:38:09.0359 0536 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:38:09.0375 0536 Cdaudio - ok
22:38:09.0437 0536 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:38:09.0437 0536 Cdfs - ok
22:38:09.0515 0536 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:38:09.0531 0536 Cdrom - ok
22:38:09.0578 0536 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
22:38:09.0578 0536 cercsr6 - ok
22:38:09.0625 0536 Changer - ok
22:38:09.0656 0536 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:38:09.0656 0536 CiSvc - ok
22:38:09.0703 0536 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:38:09.0703 0536 ClipSrv - ok
22:38:09.0750 0536 CmdIde - ok
22:38:09.0796 0536 COMSysApp - ok
22:38:09.0875 0536 Cpqarray - ok
22:38:09.0937 0536 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:38:09.0937 0536 CryptSvc - ok
22:38:10.0000 0536 dac2w2k - ok
22:38:10.0031 0536 dac960nt - ok
22:38:10.0109 0536 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:38:10.0125 0536 DcomLaunch - ok
22:38:10.0171 0536 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:38:10.0171 0536 Dhcp - ok
22:38:10.0250 0536 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:38:10.0250 0536 Disk - ok
22:38:10.0281 0536 dmadmin - ok
22:38:10.0359 0536 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:38:10.0375 0536 dmboot - ok
22:38:10.0421 0536 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:38:10.0421 0536 dmio - ok
22:38:10.0484 0536 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:38:10.0484 0536 dmload - ok
22:38:10.0562 0536 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
22:38:10.0562 0536 dmserver - ok
22:38:10.0640 0536 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:38:10.0640 0536 DMusic - ok
22:38:10.0718 0536 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:38:10.0718 0536 Dnscache - ok
22:38:10.0765 0536 dpti2o - ok
22:38:10.0812 0536 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:38:10.0812 0536 drmkaud - ok
22:38:10.0921 0536 [ 95D859F8B4DA8E1871FF4381FF974AAD ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:38:10.0921 0536 ehRecvr - ok
22:38:10.0968 0536 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:38:10.0968 0536 ehSched - ok
22:38:11.0031 0536 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:38:11.0046 0536 ERSvc - ok
22:38:11.0109 0536 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
22:38:11.0109 0536 Eventlog - ok
22:38:11.0156 0536 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
22:38:11.0156 0536 EventSystem - ok
22:38:11.0234 0536 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:38:11.0234 0536 Fastfat - ok
22:38:11.0312 0536 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:38:11.0312 0536 FastUserSwitchingCompatibility - ok
22:38:11.0359 0536 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:38:11.0359 0536 Fdc - ok
22:38:11.0437 0536 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:38:11.0437 0536 Fips - ok
22:38:11.0468 0536 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:38:11.0468 0536 Flpydisk - ok
22:38:11.0562 0536 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:38:11.0562 0536 FltMgr - ok
22:38:11.0578 0536 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:38:11.0578 0536 Fs_Rec - ok
22:38:11.0609 0536 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:38:11.0609 0536 Ftdisk - ok
22:38:11.0656 0536 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:38:11.0656 0536 Gpc - ok
22:38:11.0718 0536 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:38:11.0718 0536 helpsvc - ok
22:38:11.0781 0536 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:38:11.0781 0536 HidServ - ok
22:38:11.0875 0536 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:38:11.0875 0536 hidusb - ok
22:38:11.0906 0536 hpn - ok
22:38:12.0000 0536 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:38:12.0000 0536 HTTP - ok
22:38:12.0078 0536 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:38:12.0078 0536 HTTPFilter - ok
22:38:12.0125 0536 i2omgmt - ok
22:38:12.0171 0536 i2omp - ok
22:38:12.0234 0536 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
22:38:12.0234 0536 i8042prt - ok
22:38:12.0343 0536 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:38:12.0359 0536 ialm - ok
22:38:12.0437 0536 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:38:12.0437 0536 Imapi - ok
22:38:12.0531 0536 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:38:12.0531 0536 ImapiService - ok
22:38:12.0593 0536 ini910u - ok
22:38:12.0687 0536 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:38:12.0687 0536 IntelIde - ok
22:38:12.0718 0536 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:38:12.0718 0536 intelppm - ok
22:38:12.0765 0536 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:38:12.0765 0536 Ip6Fw - ok
22:38:12.0812 0536 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:38:12.0812 0536 IpFilterDriver - ok
22:38:12.0843 0536 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:38:12.0843 0536 IpInIp - ok
22:38:12.0890 0536 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:38:12.0890 0536 IpNat - ok
22:38:12.0953 0536 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:38:12.0953 0536 IPSec - ok
22:38:13.0015 0536 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:38:13.0015 0536 IRENUM - ok
22:38:13.0093 0536 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:38:13.0109 0536 isapnp - ok
22:38:13.0171 0536 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:38:13.0171 0536 Kbdclass - ok
22:38:13.0187 0536 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:38:13.0187 0536 kbdhid - ok
22:38:13.0281 0536 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:38:13.0281 0536 kmixer - ok
22:38:13.0296 0536 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:38:13.0312 0536 KSecDD - ok
22:38:13.0375 0536 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:38:13.0390 0536 lanmanserver - ok
22:38:13.0406 0536 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:38:13.0421 0536 lanmanworkstation - ok
22:38:13.0453 0536 lbrtfdc - ok
22:38:13.0515 0536 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:38:13.0515 0536 LmHosts - ok
22:38:13.0578 0536 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
22:38:13.0593 0536 McrdSvc - ok
22:38:13.0640 0536 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:38:13.0640 0536 Messenger - ok
22:38:13.0703 0536 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:38:13.0703 0536 MHN - ok
22:38:13.0765 0536 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:38:13.0765 0536 MHNDRV - ok
22:38:13.0828 0536 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:38:13.0828 0536 mnmdd - ok
22:38:13.0906 0536 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:38:13.0906 0536 mnmsrvc - ok
22:38:13.0953 0536 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:38:13.0953 0536 Modem - ok
22:38:14.0015 0536 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:38:14.0015 0536 Mouclass - ok
22:38:14.0062 0536 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:38:14.0062 0536 mouhid - ok
22:38:14.0156 0536 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:38:14.0156 0536 MountMgr - ok
22:38:14.0187 0536 mraid35x - ok
22:38:14.0234 0536 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:38:14.0234 0536 MRxDAV - ok
22:38:14.0296 0536 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:38:14.0296 0536 MRxSmb - ok
22:38:14.0375 0536 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:38:14.0375 0536 MSDTC - ok
22:38:14.0390 0536 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:38:14.0390 0536 Msfs - ok
22:38:14.0437 0536 MSIServer - ok
22:38:14.0484 0536 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:38:14.0484 0536 MSKSSRV - ok
22:38:14.0531 0536 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:38:14.0531 0536 MSPCLOCK - ok
22:38:14.0562 0536 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:38:14.0562 0536 MSPQM - ok
22:38:14.0625 0536 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:38:14.0625 0536 mssmbios - ok
22:38:14.0671 0536 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:38:14.0671 0536 Mup - ok
22:38:14.0718 0536 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:38:14.0718 0536 NDIS - ok
22:38:14.0765 0536 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:38:14.0765 0536 NdisTapi - ok
22:38:14.0859 0536 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:38:14.0859 0536 Ndisuio - ok
22:38:14.0906 0536 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:38:14.0906 0536 NdisWan - ok
22:38:14.0921 0536 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:38:14.0921 0536 NDProxy - ok
22:38:14.0984 0536 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:38:14.0984 0536 NetBIOS - ok
22:38:15.0015 0536 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:38:15.0015 0536 NetBT - ok
22:38:15.0062 0536 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:38:15.0062 0536 NetDDE - ok
22:38:15.0078 0536 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:38:15.0078 0536 NetDDEdsdm - ok
22:38:15.0140 0536 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:38:15.0140 0536 Netlogon - ok
22:38:15.0218 0536 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
22:38:15.0218 0536 Netman - ok
22:38:15.0265 0536 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:38:15.0265 0536 NIC1394 - ok
22:38:15.0312 0536 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
22:38:15.0328 0536 Nla - ok
22:38:15.0390 0536 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:38:15.0390 0536 Npfs - ok
22:38:15.0437 0536 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:38:15.0453 0536 Ntfs - ok
22:38:15.0500 0536 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:38:15.0500 0536 NtLmSsp - ok
22:38:15.0562 0536 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:38:15.0578 0536 NtmsSvc - ok
22:38:15.0609 0536 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:38:15.0609 0536 Null - ok
22:38:15.0671 0536 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:38:15.0671 0536 NwlnkFlt - ok
22:38:15.0703 0536 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:38:15.0703 0536 NwlnkFwd - ok
22:38:15.0765 0536 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:38:15.0765 0536 ohci1394 - ok
22:38:15.0812 0536 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:38:15.0812 0536 Parport - ok
22:38:15.0828 0536 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:38:15.0843 0536 PartMgr - ok
22:38:15.0906 0536 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:38:15.0906 0536 ParVdm - ok
22:38:15.0953 0536 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:38:15.0953 0536 PCI - ok
22:38:15.0968 0536 PCIDump - ok
22:38:16.0015 0536 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:38:16.0015 0536 PCIIde - ok
22:38:16.0062 0536 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:38:16.0062 0536 Pcmcia - ok
22:38:16.0093 0536 PDCOMP - ok
22:38:16.0109 0536 PDFRAME - ok
22:38:16.0140 0536 PDRELI - ok
22:38:16.0187 0536 PDRFRAME - ok
22:38:16.0250 0536 perc2 - ok
22:38:16.0265 0536 perc2hib - ok
22:38:16.0359 0536 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:38:16.0375 0536 PlugPlay - ok
22:38:16.0406 0536 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:38:16.0406 0536 PolicyAgent - ok
22:38:16.0437 0536 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:38:16.0437 0536 PptpMiniport - ok
22:38:16.0484 0536 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:38:16.0484 0536 ProtectedStorage - ok
22:38:16.0515 0536 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:38:16.0515 0536 PSched - ok
22:38:16.0562 0536 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:38:16.0562 0536 Ptilink - ok
22:38:16.0640 0536 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:38:16.0640 0536 PxHelp20 - ok
22:38:16.0671 0536 ql1080 - ok
22:38:16.0718 0536 Ql10wnt - ok
22:38:16.0750 0536 ql12160 - ok
22:38:16.0796 0536 ql1240 - ok
22:38:16.0828 0536 ql1280 - ok
22:38:16.0875 0536 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:38:16.0875 0536 RasAcd - ok
22:38:16.0937 0536 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:38:16.0953 0536 RasAuto - ok
22:38:17.0000 0536 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:38:17.0000 0536 Rasl2tp - ok
22:38:17.0046 0536 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:38:17.0062 0536 RasMan - ok
22:38:17.0093 0536 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:38:17.0109 0536 RasPppoe - ok
22:38:17.0156 0536 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:38:17.0156 0536 Raspti - ok
22:38:17.0218 0536 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:38:17.0218 0536 Rdbss - ok
22:38:17.0250 0536 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:38:17.0250 0536 RDPCDD - ok
22:38:17.0343 0536 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:38:17.0343 0536 rdpdr - ok
22:38:17.0437 0536 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:38:17.0437 0536 RDPWD - ok
22:38:17.0515 0536 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:38:17.0531 0536 RDSessMgr - ok
22:38:17.0578 0536 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:38:17.0578 0536 redbook - ok
22:38:17.0640 0536 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:38:17.0640 0536 RemoteAccess - ok
22:38:17.0703 0536 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:38:17.0703 0536 RemoteRegistry - ok
22:38:17.0781 0536 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:38:17.0781 0536 RpcLocator - ok
22:38:17.0843 0536 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:38:17.0859 0536 RpcSs - ok
22:38:17.0921 0536 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:38:17.0937 0536 RSVP - ok
22:38:17.0984 0536 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
22:38:17.0984 0536 SamSs - ok
22:38:18.0046 0536 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:38:18.0062 0536 SCardSvr - ok
22:38:18.0109 0536 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:38:18.0125 0536 Schedule - ok
22:38:18.0171 0536 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:38:18.0187 0536 Secdrv - ok
22:38:18.0234 0536 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
22:38:18.0234 0536 seclogon - ok
22:38:18.0328 0536 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
22:38:18.0343 0536 senfilt - ok
22:38:18.0375 0536 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
22:38:18.0390 0536 SENS - ok
22:38:18.0437 0536 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:38:18.0437 0536 serenum - ok
22:38:18.0484 0536 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:38:18.0500 0536 Serial - ok
22:38:18.0531 0536 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:38:18.0531 0536 Sfloppy - ok
22:38:18.0625 0536 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:38:18.0625 0536 SharedAccess - ok
22:38:18.0671 0536 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:38:18.0687 0536 ShellHWDetection - ok
22:38:18.0718 0536 Simbad - ok
22:38:18.0796 0536 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
22:38:18.0812 0536 smwdm - ok
22:38:18.0843 0536 Sparrow - ok
22:38:18.0906 0536 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:38:18.0906 0536 splitter - ok
22:38:18.0984 0536 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:38:18.0984 0536 Spooler - ok
22:38:19.0062 0536 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:38:19.0062 0536 sr - ok
22:38:19.0109 0536 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
22:38:19.0109 0536 srservice - ok
22:38:19.0140 0536 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:38:19.0156 0536 Srv - ok
22:38:19.0218 0536 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:38:19.0218 0536 SSDPSRV - ok
22:38:19.0296 0536 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:38:19.0312 0536 stisvc - ok
22:38:19.0375 0536 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:38:19.0375 0536 swenum - ok
22:38:19.0453 0536 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:38:19.0453 0536 swmidi - ok
22:38:19.0484 0536 SwPrv - ok
22:38:19.0531 0536 symc810 - ok
22:38:19.0562 0536 symc8xx - ok
22:38:19.0593 0536 sym_hi - ok
22:38:19.0640 0536 sym_u3 - ok
22:38:19.0671 0536 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:38:19.0687 0536 sysaudio - ok
22:38:19.0750 0536 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:38:19.0750 0536 SysmonLog - ok
22:38:19.0796 0536 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:38:19.0812 0536 TapiSrv - ok
22:38:19.0890 0536 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:38:19.0890 0536 Tcpip - ok
22:38:19.0953 0536 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:38:19.0953 0536 TDPIPE - ok
22:38:20.0000 0536 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:38:20.0015 0536 TDTCP - ok
22:38:20.0062 0536 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:38:20.0062 0536 TermDD - ok
22:38:20.0156 0536 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
22:38:20.0156 0536 TermService - ok
22:38:20.0218 0536 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:38:20.0218 0536 Themes - ok
22:38:20.0296 0536 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:38:20.0296 0536 TlntSvr - ok
22:38:20.0328 0536 TosIde - ok
22:38:20.0390 0536 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:38:20.0406 0536 TrkWks - ok
22:38:20.0468 0536 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:38:20.0468 0536 Udfs - ok
22:38:20.0531 0536 ultra - ok
22:38:20.0578 0536 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:38:20.0593 0536 UMWdf - ok
22:38:20.0656 0536 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:38:20.0671 0536 Update - ok
22:38:20.0734 0536 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
22:38:20.0734 0536 upnphost - ok
22:38:20.0796 0536 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
22:38:20.0796 0536 UPS - ok
22:38:20.0875 0536 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:38:20.0875 0536 usbccgp - ok
22:38:20.0906 0536 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:38:20.0906 0536 usbehci - ok
22:38:20.0953 0536 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:38:20.0953 0536 usbhub - ok
22:38:21.0031 0536 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:38:21.0031 0536 USBSTOR - ok
22:38:21.0078 0536 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:38:21.0078 0536 usbuhci - ok
22:38:21.0109 0536 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:38:21.0125 0536 VgaSave - ok
22:38:21.0156 0536 ViaIde - ok
22:38:21.0203 0536 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:38:21.0203 0536 VolSnap - ok
22:38:21.0265 0536 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
22:38:21.0281 0536 VSS - ok
22:38:21.0359 0536 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
22:38:21.0359 0536 W32Time - ok
22:38:21.0406 0536 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:38:21.0406 0536 Wanarp - ok
22:38:21.0437 0536 WDICA - ok
22:38:21.0515 0536 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:38:21.0515 0536 wdmaud - ok
22:38:21.0562 0536 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:38:21.0562 0536 WebClient - ok
22:38:21.0671 0536 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:38:21.0687 0536 winmgmt - ok
22:38:21.0828 0536 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:38:21.0843 0536 WmdmPmSN - ok
22:38:21.0968 0536 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
22:38:21.0984 0536 Wmi - ok
22:38:22.0062 0536 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:38:22.0078 0536 WmiApSrv - ok
22:38:22.0156 0536 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:38:22.0156 0536 wscsvc - ok
22:38:22.0234 0536 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:38:22.0234 0536 wuauserv - ok
22:38:22.0328 0536 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:38:22.0343 0536 WZCSVC - ok
22:38:22.0437 0536 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:38:22.0437 0536 xmlprov - ok
22:38:22.0515 0536 ================ Scan global ===============================
22:38:22.0578 0536 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:38:22.0609 0536 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
22:38:22.0656 0536 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
22:38:22.0703 0536 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
22:38:22.0703 0536 [Global] - ok
22:38:22.0718 0536 ================ Scan MBR ==================================
22:38:22.0750 0536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:38:23.0078 0536 \Device\Harddisk0\DR0 - ok
22:38:23.0109 0536 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR4
22:38:32.0312 0536 \Device\Harddisk1\DR4 - ok
22:38:32.0328 0536 ================ Scan VBR ==================================
22:38:32.0375 0536 [ BA11398571EED88FD0F2BCF335EC1445 ] \Device\Harddisk0\DR0\Partition1
22:38:32.0375 0536 \Device\Harddisk0\DR0\Partition1 - ok
22:38:32.0406 0536 [ 5248B95A74A935D5CB1EC1B1CF385395 ] \Device\Harddisk1\DR4\Partition1
22:38:32.0406 0536 \Device\Harddisk1\DR4\Partition1 - ok
22:38:32.0453 0536 ============================================================
22:38:32.0453 0536 Scan finished
22:38:32.0453 0536 ============================================================
22:38:32.0515 0528 Detected object count: 0
22:38:32.0515 0528 Actual detected object count: 0



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2012 at 11:01 PM

Application Version : 5.5.1012

Core Rules Database Version : 9115
Trace Rules Database Version: 6927

Scan type : Complete Scan
Total Scan Time : 00:06:24

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 256
Memory threats detected : 0
Registry items scanned : 30999
Registry threats detected : 0
File items scanned : 18013
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\Administrator\Cookies\administrator@c.atdmt[2].txt [ /c.atdmt ]
C:\Documents and Settings\Administrator\Cookies\administrator@c1.atdmt[1].txt [ /c1.atdmt ]
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt [ /doubleclick ]




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.24.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: FAMILY-16B096BF [administrator]

8/24/2012 5:42:58 AM
mbam-log-2012-08-24 (05-42-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 170915
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 24 August 2012 - 06:37 PM

AS I see no malware.. I think it may be the lack of Service pak 3 or the old IE version.

Please try these two tools next,if no joy I feel a post in the XP foeum will be needed.



We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix




Next run SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 06:51 AM

Thanks for your help, I will try and do this and get back with you soon.

Edited by crystalm36, 25 August 2012 - 06:53 AM.


#9 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 07:34 AM

I done all of them steps and I am still having the same problems. Now that you mentioned registry, I think this all may been a cause of me trying to fix something that I didn't know what I was doing. I suspected to have a virus on the computer and ran CCleaner and had CCleaner to fix all the registry problems. I saved a backup of it but when I reformatted, that was one of the things that didn't get saved on my backup stick.
Is there a way to look and see and repair, if have to, what ccleaner may have deleted? Thanks again for your help.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 26 August 2012 - 07:46 PM

I think it is better for you ti start a new topic in XP, They know the sytem better than I and this is not a malware problem. Mention you reformatted. You ran the CCleaner after or before that?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 26 August 2012 - 09:22 PM

Ok I will start a new thread in xp forum. And I done the CCleaner before the reformat. I lost all backup from it when I reformatted the pc. At least I don't have a virus. Thanks for all of your help.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 26 August 2012 - 09:38 PM

You're welcome and good luck !!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 26 August 2012 - 10:34 PM

Do you suggest me leaving any of these programs that you had me to install or should I uninstall them? I know that superanitispyware seems to run all the time and comes on at the restart of my pc. And if I get an antivirus installed should any of these programs collide with one another?
Thanks

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:31 PM

Posted 27 August 2012 - 08:51 AM

Hello, if SAS is running at start up you may as well uninstall it as the free version needs to be updated manually anyway.
TDss and Rkill need to be installed for each use as that is how you get the newest,updated version.

MBAM on the other hand you can keep on there. It needs to be updated with each run but will not run on its own or interfere with an AV.

If you need a free AV,go to our list here L@@K. I personally prefer one of the first two.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 crystalm36

crystalm36
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 27 August 2012 - 11:22 AM

So everything can be uninstalled but it is ok to go on and keep MBAM, did I understand you right?
And thanks again for all of your help, you people in this forum truly are gifted at what you do :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users