Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Agent/Gen-Nullo - Malware/Rootkit?


  • Please log in to reply
28 replies to this topic

#1 Bradley Jensen

Bradley Jensen

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 25 August 2012 - 10:10 PM

Hello.

I am using a Win XP3 Pro system fully patched, with NIS 2012.

The past couple of days, I have been receiving a small rectangular popup in the center of my screen.
I wish to paste a screenshot of the popup, but I don't see a way to do that in your forum.

I ran a Full System Scan with NIS 2012, MBAM, both of which came back clean. However SAS detected a Rogue.Agent/Gen-Nullo under C:\Windows\AReset.exe and supposedly cleaned it when I rebooted. Yet a bit later on it came back! What is unusual about this is that my system has 3 user login accounts and it only happens when I am logged on.

Here's the "text," until you can instruct me on how to paste the small image:

__________________________________________________________________________________
16 bit MS-DOS Subsystem

C:\Windows\AReset.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0e11 IP:0015 OP:64 65 50 62 67 Choose 'Close' to terminate the application.

In boxes: CLOSE IGNORE
___________________________________________________________________________________

You help would be greatly appreciated. I keep clicking on Close, but it pops up every few minutes.

TIA,

Bradley :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:26 PM

Posted 25 August 2012 - 10:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 25 August 2012 - 10:35 PM

Hi narenxp,

Thanks for your response.

Is it OK to use these tools one at at time while NIS 2012 is running normally?

BJ :)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:26 PM

Posted 25 August 2012 - 10:36 PM

Disable norton till we finish our scans

#5 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 25 August 2012 - 10:50 PM

Hi narenxp,

Here is TDSSKiller. Others coming.

23:42:03.0171 5596 Product type: Workstation
23:42:03.0171 5596 ComputerName: BradleyJ
23:42:03.0171 5596 UserName: Owner
23:42:03.0171 5596 Windows directory: C:\WINDOWS
23:42:03.0171 5596 System windows directory: C:\WINDOWS
23:42:03.0171 5596 Processor architecture: Intel x86
23:42:03.0171 5596 Number of processors: 2
23:42:03.0171 5596 Page size: 0x1000
23:42:03.0171 5596 Boot type: Normal boot
23:42:03.0171 5596 ============================================================
23:42:04.0109 5596 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:42:04.0109 5596 Drive \Device\Harddisk1\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:42:04.0234 5596 ============================================================
23:42:04.0234 5596 \Device\Harddisk0\DR0:
23:42:04.0234 5596 MBR partitions:
23:42:04.0234 5596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAC53FF, BlocksNum 0x249682C2
23:42:04.0234 5596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xAC53C0
23:42:04.0234 5596 \Device\Harddisk1\DR3:
23:42:04.0250 5596 MBR partitions:
23:42:04.0250 5596 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
23:42:04.0250 5596 ============================================================
23:42:04.0281 5596 C: <-> \Device\Harddisk0\DR0\Partition1
23:42:04.0312 5596 J: <-> \Device\Harddisk1\DR3\Partition1
23:42:04.0312 5596 D: <-> \Device\Harddisk0\DR0\Partition2
23:42:04.0312 5596 ============================================================
23:42:04.0312 5596 Initialize success
23:42:04.0312 5596 ============================================================
23:42:30.0562 7384 ============================================================
23:42:30.0562 7384 Scan started
23:42:30.0562 7384 Mode: Manual; TDLFS;
23:42:30.0562 7384 ============================================================
23:42:30.0890 7384 ================ Scan system memory ========================
23:42:30.0890 7384 System memory - ok
23:42:30.0890 7384 ================ Scan services =============================
23:42:31.0031 7384 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:42:31.0125 7384 !SASCORE - ok
23:42:31.0343 7384 Abiosdsk - ok
23:42:31.0343 7384 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:42:31.0343 7384 abp480n5 - ok
23:42:31.0406 7384 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:42:31.0406 7384 ACPI - ok
23:42:31.0421 7384 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:42:31.0421 7384 ACPIEC - ok
23:42:31.0515 7384 [ 60E72D0F9DFC17A23001282B2639AFD7 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:42:31.0546 7384 AcrSch2Svc - ok
23:42:31.0562 7384 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:42:31.0562 7384 adpu160m - ok
23:42:31.0593 7384 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:42:31.0625 7384 aec - ok
23:42:31.0671 7384 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
23:42:31.0687 7384 afcdp - ok
23:42:31.0828 7384 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
23:42:31.0937 7384 afcdpsrv - ok
23:42:32.0000 7384 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:42:32.0031 7384 AFD - ok
23:42:32.0093 7384 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:42:32.0093 7384 agp440 - ok
23:42:32.0125 7384 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:42:32.0125 7384 agpCPQ - ok
23:42:32.0125 7384 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:42:32.0125 7384 Aha154x - ok
23:42:32.0140 7384 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:42:32.0171 7384 aic78u2 - ok
23:42:32.0171 7384 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:42:32.0171 7384 aic78xx - ok
23:42:32.0218 7384 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:42:32.0218 7384 Alerter - ok
23:42:32.0234 7384 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:42:32.0234 7384 ALG - ok
23:42:32.0250 7384 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
23:42:32.0265 7384 AliIde - ok
23:42:32.0296 7384 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:42:32.0312 7384 alim1541 - ok
23:42:32.0343 7384 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:42:32.0343 7384 amdagp - ok
23:42:32.0343 7384 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
23:42:32.0343 7384 amsint - ok
23:42:32.0406 7384 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys
23:42:32.0421 7384 appliand - ok
23:42:32.0421 7384 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys
23:42:32.0421 7384 appliandMP - ok
23:42:32.0453 7384 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:42:32.0484 7384 AppMgmt - ok
23:42:32.0515 7384 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:42:32.0531 7384 Arp1394 - ok
23:42:32.0562 7384 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
23:42:32.0593 7384 ARPolicy - ok
23:42:32.0593 7384 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC C:\WINDOWS\arservice.exe
23:42:32.0609 7384 ARSVC - ok
23:42:32.0625 7384 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
23:42:32.0625 7384 asc - ok
23:42:32.0625 7384 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:42:32.0640 7384 asc3350p - ok
23:42:32.0640 7384 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:42:32.0640 7384 asc3550 - ok
23:42:32.0796 7384 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:42:32.0843 7384 aspnet_state - ok
23:42:32.0859 7384 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:42:32.0859 7384 AsyncMac - ok
23:42:32.0875 7384 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:42:32.0890 7384 atapi - ok
23:42:32.0890 7384 Atdisk - ok
23:42:32.0953 7384 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
23:42:32.0968 7384 atksgt - ok
23:42:33.0000 7384 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:42:33.0000 7384 Atmarpc - ok
23:42:33.0046 7384 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:42:33.0046 7384 AudioSrv - ok
23:42:33.0062 7384 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:42:33.0062 7384 audstub - ok
23:42:33.0234 7384 BANG - ok
23:42:33.0265 7384 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:42:33.0265 7384 Beep - ok
23:42:33.0515 7384 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys
23:42:33.0546 7384 BHDrvx86 - ok
23:42:33.0593 7384 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:42:33.0796 7384 BITS - ok
23:42:33.0859 7384 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:42:33.0859 7384 Browser - ok
23:42:33.0906 7384 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:42:33.0906 7384 cbidf - ok
23:42:33.0921 7384 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:33.0921 7384 cbidf2k - ok
23:42:33.0953 7384 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:42:33.0968 7384 CCDECODE - ok
23:42:34.0062 7384 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1308000.00E\ccSetx86.sys
23:42:34.0093 7384 ccSet_NIS - ok
23:42:34.0093 7384 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:42:34.0109 7384 cd20xrnt - ok
23:42:34.0140 7384 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:34.0140 7384 Cdaudio - ok
23:42:34.0140 7384 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:34.0156 7384 Cdfs - ok
23:42:34.0203 7384 [ 837EEF65AF62D4E8A37C41D3879F7274 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
23:42:34.0203 7384 Cdr4_xp - ok
23:42:34.0218 7384 [ 579DA2F9F5401F55DAE2CF8779D61DFC ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
23:42:34.0234 7384 Cdralw2k - ok
23:42:34.0250 7384 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:34.0250 7384 Cdrom - ok
23:42:34.0250 7384 Changer - ok
23:42:34.0296 7384 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:42:34.0296 7384 CiSvc - ok
23:42:34.0359 7384 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:42:34.0359 7384 ClipSrv - ok
23:42:34.0468 7384 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:42:34.0546 7384 clr_optimization_v2.0.50727_32 - ok
23:42:34.0640 7384 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:42:34.0718 7384 clr_optimization_v4.0.30319_32 - ok
23:42:34.0718 7384 clwvd - ok
23:42:34.0781 7384 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:42:34.0781 7384 CmBatt - ok
23:42:34.0828 7384 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:42:34.0828 7384 CmdIde - ok
23:42:34.0828 7384 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:42:34.0843 7384 Compbatt - ok
23:42:34.0843 7384 COMSysApp - ok
23:42:34.0875 7384 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:42:34.0875 7384 Cpqarray - ok
23:42:34.0937 7384 cpuz134 - ok
23:42:35.0062 7384 [ 97558F429F8F09446AE51C1AA88C9B9B ] CrossLoopService C:\Documents and Settings\Owner.BKTRCTAET-NEW\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
23:42:35.0125 7384 CrossLoopService - ok
23:42:35.0187 7384 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:42:35.0187 7384 CryptSvc - ok
23:42:35.0218 7384 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
23:42:35.0218 7384 CVirtA - ok
23:42:35.0265 7384 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:42:35.0281 7384 dac2w2k - ok
23:42:35.0281 7384 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:42:35.0281 7384 dac960nt - ok
23:42:35.0343 7384 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:42:35.0359 7384 DcomLaunch - ok
23:42:35.0421 7384 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:42:35.0421 7384 Dhcp - ok
23:42:35.0453 7384 [ 74C79938AA7B65B17D8E7722BD602095 ] DigiartyVirtualCDBus C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys
23:42:35.0484 7384 DigiartyVirtualCDBus - ok
23:42:35.0500 7384 DIRECTIO - ok
23:42:35.0515 7384 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:35.0531 7384 Disk - ok
23:42:35.0703 7384 [ EA63926076D255A449060E406ACA59F7 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
23:42:35.0765 7384 Diskeeper - ok
23:42:35.0812 7384 [ 23285D9144C76BEE6FEF8E4B8D2FD3C4 ] DKRtWrt C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
23:42:35.0843 7384 DKRtWrt - ok
23:42:35.0843 7384 dmadmin - ok
23:42:35.0890 7384 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:42:35.0921 7384 dmboot - ok
23:42:35.0968 7384 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:42:35.0968 7384 dmio - ok
23:42:36.0000 7384 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:42:36.0000 7384 dmload - ok
23:42:36.0031 7384 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:42:36.0031 7384 dmserver - ok
23:42:36.0046 7384 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:42:36.0046 7384 DMusic - ok
23:42:36.0109 7384 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
23:42:36.0140 7384 DNE - ok
23:42:36.0187 7384 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:42:36.0187 7384 Dnscache - ok
23:42:36.0234 7384 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:42:36.0250 7384 Dot3svc - ok
23:42:36.0265 7384 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:42:36.0265 7384 dpti2o - ok
23:42:36.0296 7384 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:36.0296 7384 drmkaud - ok
23:42:36.0343 7384 [ 705C97D75906D865CD5C2F42265AC93E ] dsload C:\WINDOWS\system32\drivers\dsload.sys
23:42:36.0375 7384 dsload - ok
23:42:36.0453 7384 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:42:36.0453 7384 e1express - ok
23:42:36.0500 7384 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:42:36.0515 7384 EapHost - ok
23:42:36.0656 7384 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:42:36.0671 7384 eeCtrl - ok
23:42:36.0781 7384 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:42:36.0781 7384 ehRecvr - ok
23:42:36.0843 7384 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:42:36.0859 7384 ehSched - ok
23:42:36.0890 7384 [ 1B8A7905EAF8291CACE5089EF7D1D122 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
23:42:36.0890 7384 ELacpi - ok
23:42:36.0906 7384 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:42:36.0906 7384 ElbyCDIO - ok
23:42:36.0921 7384 [ C22E0FA4402FC4E2C8B24C494D7BDA0D ] ELhid C:\WINDOWS\System32\Drivers\Elhid.sys
23:42:36.0921 7384 ELhid - ok
23:42:36.0937 7384 [ BD18A73709A43704424BBE88BC79942C ] ELkbd C:\WINDOWS\System32\Drivers\Elkbd.sys
23:42:36.0953 7384 ELkbd - ok
23:42:36.0968 7384 [ 1720514E8AEF9FF424E634F277C1FBFD ] ELmon C:\WINDOWS\System32\Drivers\Elmon.sys
23:42:37.0031 7384 ELmon - ok
23:42:37.0046 7384 [ 8DB2B8F8C31665F7989FCB46FC465D1A ] ELmou C:\WINDOWS\System32\Drivers\Elmou.sys
23:42:37.0046 7384 ELmou - ok
23:42:37.0109 7384 [ 82111D249C4229ED99ED03A37A222DFE ] ELService C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
23:42:37.0140 7384 ELService - ok
23:42:37.0187 7384 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
23:42:37.0218 7384 epmntdrv - ok
23:42:37.0250 7384 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:42:37.0281 7384 EraserUtilRebootDrv - ok
23:42:37.0312 7384 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:42:37.0312 7384 ERSvc - ok
23:42:37.0343 7384 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
23:42:37.0343 7384 EuGdiDrv - ok
23:42:37.0390 7384 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:42:37.0390 7384 Eventlog - ok
23:42:37.0453 7384 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:42:37.0468 7384 EventSystem - ok
23:42:37.0531 7384 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:37.0546 7384 Fastfat - ok
23:42:37.0593 7384 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:42:37.0625 7384 FastUserSwitchingCompatibility - ok
23:42:37.0703 7384 [ 985709505C80B88C1B41908C0075CA0D ] fcdabus C:\WINDOWS\system32\DRIVERS\fcdabus.sys
23:42:37.0718 7384 fcdabus - ok
23:42:37.0734 7384 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:42:37.0734 7384 Fdc - ok
23:42:37.0750 7384 FilterService - ok
23:42:37.0781 7384 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:42:37.0796 7384 Fips - ok
23:42:37.0843 7384 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:42:37.0843 7384 Flpydisk - ok
23:42:37.0890 7384 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:42:37.0906 7384 FltMgr - ok
23:42:37.0968 7384 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:42:37.0984 7384 FontCache3.0.0.0 - ok
23:42:38.0046 7384 [ 67EE08A7EE31F246B5DA823C84A1050A ] fsRamDsk C:\WINDOWS\system32\DRIVERS\fsRamDsk.sys
23:42:38.0078 7384 fsRamDsk - ok
23:42:38.0125 7384 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:38.0125 7384 Fs_Rec - ok
23:42:38.0140 7384 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:38.0140 7384 Ftdisk - ok
23:42:38.0140 7384 [ 8D7A1744820F56FE787E62D178ECECDF ] FVXSCSI C:\WINDOWS\system32\DRIVERS\fvxscsi.sys
23:42:38.0187 7384 FVXSCSI - ok
23:42:38.0234 7384 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:38.0250 7384 Gpc - ok
23:42:38.0343 7384 [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c986e0fb0e2605 C:\Program Files\Google\Update\GoogleUpdate.exe
23:42:38.0343 7384 gupdate1c986e0fb0e2605 - ok
23:42:38.0343 7384 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:42:38.0343 7384 gupdatem - ok
23:42:38.0406 7384 [ 79344E9BC240185334B955310113A112 ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
23:42:38.0406 7384 hcwPP2 - ok
23:42:38.0437 7384 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:42:38.0453 7384 HDAudBus - ok
23:42:38.0515 7384 [ 77FFC30AED2A09BC5DABDD9BC3F392D5 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
23:42:38.0515 7384 HECI - ok
23:42:38.0609 7384 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:42:38.0609 7384 helpsvc - ok
23:42:38.0671 7384 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
23:42:38.0671 7384 HidBatt - ok
23:42:38.0718 7384 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:42:38.0718 7384 HidServ - ok
23:42:38.0765 7384 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:38.0765 7384 HidUsb - ok
23:42:38.0812 7384 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:42:38.0828 7384 hkmsvc - ok
23:42:38.0890 7384 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
23:42:38.0890 7384 hpn - ok
23:42:38.0937 7384 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:38.0953 7384 HTTP - ok
23:42:39.0015 7384 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:42:39.0046 7384 HTTPFilter - ok
23:42:39.0062 7384 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
23:42:39.0078 7384 i2omgmt - ok
23:42:39.0109 7384 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:42:39.0109 7384 i2omp - ok
23:42:39.0140 7384 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:39.0140 7384 i8042prt - ok
23:42:39.0203 7384 [ 019CF5F31C67030841233C545A0E217A ] iaStor C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
23:42:39.0203 7384 iaStor - ok
23:42:39.0265 7384 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:42:39.0281 7384 IDriverT - ok
23:42:39.0359 7384 idrmkl - ok
23:42:39.0406 7384 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:42:39.0437 7384 idsvc - ok
23:42:39.0687 7384 [ 46813C427BF1A937E6F7D1243399B608 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSxpx86.sys
23:42:39.0718 7384 IDSxpx86 - ok
23:42:39.0765 7384 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:39.0765 7384 Imapi - ok
23:42:39.0812 7384 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:42:39.0812 7384 ImapiService - ok
23:42:39.0875 7384 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:42:39.0875 7384 ini910u - ok
23:42:39.0875 7384 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:42:39.0921 7384 IntelIde - ok
23:42:39.0968 7384 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:39.0968 7384 intelppm - ok
23:42:40.0000 7384 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:40.0000 7384 Ip6Fw - ok
23:42:40.0015 7384 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:40.0015 7384 IpFilterDriver - ok
23:42:40.0046 7384 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:40.0062 7384 IpInIp - ok
23:42:40.0093 7384 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:40.0093 7384 IpNat - ok
23:42:40.0109 7384 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:40.0140 7384 IPSec - ok
23:42:40.0156 7384 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:40.0156 7384 IRENUM - ok
23:42:40.0171 7384 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:40.0171 7384 isapnp - ok
23:42:40.0265 7384 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
23:42:40.0265 7384 JavaQuickStarterService - ok
23:42:40.0296 7384 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:40.0296 7384 Kbdclass - ok
23:42:40.0312 7384 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:42:40.0312 7384 kbdhid - ok
23:42:40.0359 7384 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:42:40.0359 7384 kmixer - ok
23:42:40.0421 7384 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:40.0421 7384 KSecDD - ok
23:42:40.0453 7384 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:42:40.0453 7384 lanmanserver - ok
23:42:40.0500 7384 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:42:40.0515 7384 lanmanworkstation - ok
23:42:40.0515 7384 lbrtfdc - ok
23:42:40.0578 7384 [ A1043645D16915DF12A6F2E049922A18 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
23:42:40.0593 7384 LexBceS - ok
23:42:40.0718 7384 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
23:42:40.0750 7384 LinksysUpdater - ok
23:42:40.0828 7384 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23:42:40.0843 7384 lirsgt - ok
23:42:40.0875 7384 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:42:40.0875 7384 LmHosts - ok
23:42:40.0953 7384 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
23:42:40.0968 7384 LVPr2Mon - ok
23:42:41.0015 7384 [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:42:41.0031 7384 LVRS - ok
23:42:41.0218 7384 [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:42:41.0953 7384 LVUVC - ok
23:42:42.0078 7384 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:42:42.0078 7384 McrdSvc - ok
23:42:42.0109 7384 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:42:42.0125 7384 Messenger - ok
23:42:42.0156 7384 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:42:42.0171 7384 MHN - ok
23:42:42.0218 7384 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:42:42.0218 7384 MHNDRV - ok
23:42:42.0250 7384 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:42.0265 7384 mnmdd - ok
23:42:42.0281 7384 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:42:42.0281 7384 mnmsrvc - ok
23:42:42.0312 7384 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:42:42.0312 7384 Modem - ok
23:42:42.0343 7384 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:42.0359 7384 Mouclass - ok
23:42:42.0359 7384 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:42.0359 7384 mouhid - ok
23:42:42.0375 7384 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:42.0390 7384 MountMgr - ok
23:42:42.0390 7384 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:42:42.0406 7384 mraid35x - ok
23:42:42.0437 7384 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:42.0437 7384 MRxDAV - ok
23:42:42.0515 7384 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:42.0562 7384 MRxSmb - ok
23:42:42.0609 7384 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:42:42.0906 7384 MSDTC - ok
23:42:42.0953 7384 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:42:42.0953 7384 Msfs - ok
23:42:42.0968 7384 MSIServer - ok
23:42:43.0015 7384 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:43.0015 7384 MSKSSRV - ok
23:42:43.0031 7384 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:43.0031 7384 MSPCLOCK - ok
23:42:43.0046 7384 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:43.0046 7384 MSPQM - ok
23:42:43.0093 7384 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:43.0093 7384 mssmbios - ok
23:42:43.0125 7384 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:42:43.0125 7384 MSTEE - ok
23:42:43.0156 7384 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:42:43.0156 7384 Mup - ok
23:42:43.0265 7384 [ 96D706AF107E4C7B237000F1D163F267 ] MyDesktopWindows C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
23:42:43.0281 7384 MyDesktopWindows - ok
23:42:43.0328 7384 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:42:43.0328 7384 NABTSFEC - ok
23:42:43.0359 7384 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:42:43.0375 7384 napagent - ok
23:42:43.0484 7384 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120825.007\NAVENG.SYS
23:42:43.0484 7384 NAVENG - ok
23:42:43.0562 7384 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120825.007\NAVEX15.SYS
23:42:43.0625 7384 NAVEX15 - ok
23:42:43.0687 7384 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:42:43.0687 7384 NDIS - ok
23:42:43.0718 7384 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:42:43.0718 7384 NdisIP - ok
23:42:43.0781 7384 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:43.0781 7384 NdisTapi - ok
23:42:43.0796 7384 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:43.0796 7384 Ndisuio - ok
23:42:43.0812 7384 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:43.0812 7384 NdisWan - ok
23:42:43.0859 7384 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:43.0859 7384 NDProxy - ok
23:42:43.0875 7384 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:43.0875 7384 NetBIOS - ok
23:42:43.0890 7384 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:43.0906 7384 NetBT - ok
23:42:43.0968 7384 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:42:43.0968 7384 NetDDE - ok
23:42:43.0984 7384 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:42:43.0984 7384 NetDDEdsdm - ok
23:42:44.0031 7384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:42:44.0031 7384 Netlogon - ok
23:42:44.0078 7384 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:42:44.0093 7384 Netman - ok
23:42:44.0171 7384 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:44.0171 7384 NetTcpPortSharing - ok
23:42:44.0187 7384 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:44.0187 7384 NIC1394 - ok
23:42:44.0281 7384 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
23:42:44.0281 7384 NIS - ok
23:42:44.0343 7384 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:42:44.0359 7384 Nla - ok
23:42:44.0359 7384 NLNdisMP - ok
23:42:44.0359 7384 NLNdisPT - ok
23:42:44.0515 7384 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
23:42:44.0546 7384 nmservice - ok
23:42:44.0562 7384 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:42:44.0562 7384 Npfs - ok
23:42:44.0578 7384 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:44.0609 7384 Ntfs - ok
23:42:44.0625 7384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:42:44.0625 7384 NtLmSsp - ok
23:42:44.0671 7384 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:42:44.0687 7384 NtmsSvc - ok
23:42:44.0734 7384 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:42:44.0734 7384 Null - ok
23:42:45.0359 7384 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:42:46.0171 7384 nv - ok
23:42:46.0218 7384 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:42:46.0218 7384 NVSvc - ok
23:42:46.0375 7384 [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:42:46.0406 7384 nvUpdatusService - ok
23:42:46.0453 7384 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:46.0453 7384 NwlnkFlt - ok
23:42:46.0484 7384 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:46.0500 7384 NwlnkFwd - ok
23:42:46.0546 7384 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:46.0546 7384 ohci1394 - ok
23:42:46.0625 7384 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:42:46.0656 7384 ose - ok
23:42:46.0687 7384 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:46.0687 7384 Parport - ok
23:42:46.0734 7384 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:46.0734 7384 PartMgr - ok
23:42:46.0796 7384 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:46.0796 7384 ParVdm - ok
23:42:46.0796 7384 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:46.0843 7384 PCI - ok
23:42:46.0843 7384 PCIDump - ok
23:42:46.0843 7384 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:46.0859 7384 PCIIde - ok
23:42:46.0875 7384 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:42:46.0890 7384 Pcmcia - ok
23:42:46.0890 7384 PDCOMP - ok
23:42:46.0890 7384 PDFRAME - ok
23:42:46.0906 7384 PDRELI - ok
23:42:46.0906 7384 PDRFRAME - ok
23:42:46.0921 7384 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
23:42:46.0921 7384 perc2 - ok
23:42:46.0921 7384 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:42:46.0921 7384 perc2hib - ok
23:42:46.0968 7384 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:42:46.0968 7384 PlugPlay - ok
23:42:47.0015 7384 [ CE27FC8BDC54B3AC63D53E2D5F6CC929 ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
23:42:47.0031 7384 pnarp - ok
23:42:47.0031 7384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:42:47.0031 7384 PolicyAgent - ok
23:42:47.0171 7384 [ D483893AA28F060D2B2CDB69586D1CDB ] ppped C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
23:42:47.0203 7384 ppped - ok
23:42:47.0250 7384 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:47.0250 7384 PptpMiniport - ok
23:42:47.0296 7384 [ 6135B976E16F80C1B1363BE882344785 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
23:42:47.0296 7384 PrismXL - ok
23:42:47.0312 7384 PROCMON11 - ok
23:42:47.0312 7384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:42:47.0312 7384 ProtectedStorage - ok
23:42:47.0328 7384 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:47.0328 7384 PSched - ok
23:42:47.0359 7384 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:42:47.0375 7384 PSI - ok
23:42:47.0406 7384 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:47.0406 7384 Ptilink - ok
23:42:47.0406 7384 [ F4FD591E86ECB6B5D000C7D6C987416B ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
23:42:47.0437 7384 purendis - ok
23:42:47.0453 7384 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:47.0484 7384 PxHelp20 - ok
23:42:47.0484 7384 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:42:47.0484 7384 ql1080 - ok
23:42:47.0500 7384 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:42:47.0500 7384 Ql10wnt - ok
23:42:47.0531 7384 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:42:47.0531 7384 ql12160 - ok
23:42:47.0531 7384 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:42:47.0531 7384 ql1240 - ok
23:42:47.0546 7384 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:42:47.0546 7384 ql1280 - ok
23:42:47.0625 7384 [ F87E3F7372B185566D6BAE80399961DD ] QOSMyDesktop C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
23:42:47.0640 7384 QOSMyDesktop - ok
23:42:47.0656 7384 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:47.0671 7384 RasAcd - ok
23:42:47.0703 7384 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:42:47.0703 7384 RasAuto - ok
23:42:47.0750 7384 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:47.0750 7384 Rasl2tp - ok
23:42:47.0812 7384 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:42:47.0812 7384 RasMan - ok
23:42:47.0812 7384 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:47.0828 7384 RasPppoe - ok
23:42:47.0875 7384 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:47.0875 7384 Raspti - ok
23:42:47.0890 7384 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:47.0890 7384 Rdbss - ok
23:42:47.0890 7384 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:47.0937 7384 RDPCDD - ok
23:42:47.0968 7384 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:47.0968 7384 rdpdr - ok
23:42:48.0015 7384 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:48.0015 7384 RDPWD - ok
23:42:48.0062 7384 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:42:48.0062 7384 RDSessMgr - ok
23:42:48.0109 7384 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:48.0125 7384 redbook - ok
23:42:48.0171 7384 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:42:48.0187 7384 RemoteAccess - ok
23:42:48.0234 7384 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:42:48.0234 7384 RemoteRegistry - ok
23:42:48.0281 7384 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:42:48.0281 7384 RpcLocator - ok
23:42:48.0328 7384 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:42:48.0343 7384 RpcSs - ok
23:42:48.0390 7384 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:42:48.0390 7384 RSVP - ok
23:42:48.0421 7384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:42:48.0421 7384 SamSs - ok
23:42:48.0437 7384 SANDRA - ok
23:42:48.0546 7384 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:42:48.0546 7384 SASDIFSV - ok
23:42:48.0562 7384 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:42:48.0578 7384 SASKUTIL - ok
23:42:48.0625 7384 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:42:48.0640 7384 SCardSvr - ok
23:42:48.0687 7384 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:42:48.0687 7384 Schedule - ok
23:42:48.0750 7384 [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
23:42:48.0750 7384 SCREAMINGBDRIVER - ok
23:42:48.0796 7384 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:42:48.0812 7384 sdbus - ok
23:42:48.0859 7384 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:48.0859 7384 Secdrv - ok
23:42:48.0921 7384 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:42:48.0937 7384 seclogon - ok
23:42:49.0421 7384 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
23:42:49.0578 7384 Secunia PSI Agent - ok
23:42:49.0640 7384 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:42:49.0656 7384 SENS - ok
23:42:49.0750 7384 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:42:49.0828 7384 Serenum - ok
23:42:49.0843 7384 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:42:49.0843 7384 Serial - ok
23:42:49.0890 7384 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:49.0890 7384 Sfloppy - ok
23:42:49.0937 7384 [ 5FE18FFF6FBCF218290042009EAB023D ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
23:42:49.0937 7384 sfng32 - ok
23:42:50.0015 7384 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:42:50.0031 7384 SharedAccess - ok
23:42:50.0093 7384 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:42:50.0093 7384 ShellHWDetection - ok
23:42:50.0109 7384 Simbad - ok
23:42:50.0171 7384 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:42:50.0187 7384 sisagp - ok
23:42:50.0250 7384 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:42:50.0265 7384 SkypeUpdate - ok
23:42:50.0312 7384 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:42:50.0312 7384 SLIP - ok
23:42:50.0390 7384 [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
23:42:50.0421 7384 snapman - ok
23:42:50.0453 7384 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:42:50.0468 7384 Sparrow - ok
23:42:50.0484 7384 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:42:50.0484 7384 splitter - ok
23:42:50.0531 7384 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:42:50.0531 7384 Spooler - ok
23:42:50.0609 7384 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:42:50.0609 7384 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
23:42:50.0609 7384 sptd ( LockedFile.Multi.Generic ) - warning
23:42:50.0609 7384 sptd - detected LockedFile.Multi.Generic (1)
23:42:50.0609 7384 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:50.0687 7384 sr - ok
23:42:50.0734 7384 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:42:50.0734 7384 srservice - ok
23:42:50.0875 7384 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
23:42:50.0921 7384 SRTSP - ok
23:42:50.0968 7384 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
23:42:50.0968 7384 SRTSPX - ok
23:42:51.0015 7384 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:51.0031 7384 Srv - ok
23:42:51.0078 7384 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
23:42:51.0078 7384 sscdbus - ok
23:42:51.0093 7384 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
23:42:51.0109 7384 sscdmdfl - ok
23:42:51.0156 7384 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
23:42:51.0171 7384 sscdmdm - ok
23:42:51.0203 7384 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
23:42:51.0218 7384 sscdserd - ok
23:42:51.0281 7384 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:42:51.0281 7384 SSDPSRV - ok
23:42:51.0312 7384 Steam Client Service - ok
23:42:51.0390 7384 [ 3B24ADA55D3BDFDC0E6679D15FA668D8 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:42:51.0453 7384 STHDA - ok
23:42:51.0500 7384 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:42:51.0515 7384 stisvc - ok
23:42:51.0562 7384 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:42:51.0562 7384 streamip - ok
23:42:51.0609 7384 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:51.0609 7384 swenum - ok
23:42:51.0687 7384 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:42:51.0687 7384 swmidi - ok
23:42:51.0703 7384 SwPrv - ok
23:42:51.0765 7384 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
23:42:51.0765 7384 symc810 - ok
23:42:51.0765 7384 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:42:51.0765 7384 symc8xx - ok
23:42:51.0828 7384 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1308000.00E\SYMDS.SYS
23:42:51.0859 7384 SymDS - ok
23:42:51.0937 7384 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
23:42:51.0984 7384 SymEFA - ok
23:42:52.0031 7384 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:42:52.0062 7384 SymEvent - ok
23:42:52.0093 7384 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:42:52.0125 7384 SymIM - ok
23:42:52.0125 7384 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
23:42:52.0125 7384 SymIMMP - ok
23:42:52.0187 7384 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1308000.00E\Ironx86.SYS
23:42:52.0187 7384 SymIRON - ok
23:42:52.0250 7384 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1308000.00E\SYMTDI.SYS
23:42:52.0265 7384 SYMTDI - ok
23:42:52.0312 7384 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:42:52.0312 7384 sym_hi - ok
23:42:52.0312 7384 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:42:52.0328 7384 sym_u3 - ok
23:42:52.0375 7384 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:52.0375 7384 sysaudio - ok
23:42:52.0406 7384 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:42:52.0406 7384 SysmonLog - ok
23:42:52.0437 7384 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
23:42:52.0437 7384 taphss - ok
23:42:52.0468 7384 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:42:52.0484 7384 TapiSrv - ok
23:42:52.0546 7384 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:53.0000 7384 Tcpip - ok
23:42:53.0046 7384 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:53.0046 7384 TDPIPE - ok
23:42:53.0109 7384 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
23:42:53.0187 7384 tdrpman273 - ok
23:42:53.0218 7384 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:53.0218 7384 TDTCP - ok
23:42:53.0250 7384 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:53.0250 7384 TermDD - ok
23:42:53.0343 7384 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:42:53.0343 7384 TermService - ok
23:42:53.0390 7384 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:42:53.0390 7384 Themes - ok
23:42:53.0453 7384 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
23:42:53.0468 7384 timounter - ok
23:42:53.0500 7384 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:42:53.0515 7384 TlntSvr - ok
23:42:53.0531 7384 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
23:42:53.0531 7384 TosIde - ok
23:42:53.0578 7384 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:42:53.0578 7384 TrkWks - ok
23:42:53.0718 7384 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\Owner.BKTRCTAET-NEW\Local Settings\Application Data\CrossLoop\tvnserver.exe
23:42:53.0812 7384 tvnserver - ok
23:42:53.0843 7384 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:42:53.0843 7384 Udfs - ok
23:42:53.0875 7384 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
23:42:53.0906 7384 ultra - ok
23:42:54.0000 7384 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:42:54.0015 7384 UMVPFSrv - ok
23:42:54.0078 7384 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:42:54.0093 7384 Update - ok
23:42:54.0140 7384 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
23:42:54.0140 7384 UPHClean - ok
23:42:54.0187 7384 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:42:54.0203 7384 upnphost - ok
23:42:54.0234 7384 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:42:54.0250 7384 UPS - ok
23:42:54.0281 7384 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:42:54.0296 7384 usbaudio - ok
23:42:54.0343 7384 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:54.0343 7384 usbccgp - ok
23:42:54.0359 7384 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:54.0359 7384 usbehci - ok
23:42:54.0390 7384 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:54.0390 7384 usbhub - ok
23:42:54.0437 7384 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:42:54.0437 7384 usbohci - ok
23:42:54.0484 7384 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:42:54.0500 7384 usbprint - ok
23:42:54.0546 7384 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:54.0546 7384 usbscan - ok
23:42:54.0578 7384 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:54.0578 7384 usbstor - ok
23:42:54.0609 7384 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:54.0609 7384 usbuhci - ok
23:42:54.0640 7384 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:42:54.0640 7384 usbvideo - ok
23:42:54.0671 7384 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:42:54.0703 7384 VgaSave - ok
23:42:54.0765 7384 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:42:54.0765 7384 viaagp - ok
23:42:54.0765 7384 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
23:42:54.0765 7384 ViaIde - ok
23:42:54.0781 7384 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:54.0781 7384 VolSnap - ok
23:42:54.0906 7384 [ CAAFA2333B428A12BFA97ECD389F59C5 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
23:42:54.0937 7384 vpnagent - ok
23:42:55.0000 7384 [ 1B7C80C66742DAFAA31F98AF4C3A5BC2 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
23:42:55.0015 7384 vpnva - ok
23:42:55.0015 7384 vsdatant - ok
23:42:55.0046 7384 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:42:55.0062 7384 VSS - ok
23:42:55.0125 7384 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:42:55.0125 7384 W32Time - ok
23:42:55.0156 7384 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:55.0156 7384 Wanarp - ok
23:42:55.0218 7384 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23:42:55.0234 7384 wanatw - ok
23:42:55.0234 7384 WDICA - ok
23:42:55.0281 7384 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:55.0281 7384 wdmaud - ok
23:42:55.0296 7384 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:42:55.0296 7384 WebClient - ok
23:42:55.0421 7384 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:42:55.0421 7384 winmgmt - ok
23:42:55.0531 7384 [ 5817AA5B3FA37629A78A01697E43A16C ] WISOVD C:\Program Files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys
23:42:55.0531 7384 WISOVD - ok
23:42:55.0656 7384 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:42:55.0703 7384 wlidsvc - ok
23:42:55.0765 7384 [ 59C90BC8317BD3F6E5559A4DEAF35090 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
23:42:55.0781 7384 WmBEnum - ok
23:42:55.0828 7384 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:42:55.0828 7384 WmdmPmSN - ok
23:42:55.0875 7384 [ 999A4539AD634A741AFD357E290BD461 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
23:42:55.0875 7384 WmFilter - ok
23:42:55.0937 7384 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:42:55.0968 7384 Wmi - ok
23:42:56.0015 7384 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:42:56.0031 7384 WmiApSrv - ok
23:42:56.0093 7384 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:42:56.0109 7384 WMPNetworkSvc - ok
23:42:56.0140 7384 [ 0B8C64B13776F17537F0705FE62799C6 ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
23:42:56.0140 7384 WmVirHid - ok
23:42:56.0203 7384 [ 8D388AEB1A12C1192AA9B4EBCEABCBA6 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
23:42:56.0203 7384 WmXlCore - ok
23:42:56.0234 7384 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:42:56.0250 7384 WpdUsb - ok
23:42:56.0390 7384 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:42:56.0437 7384 WPFFontCache_v0400 - ok
23:42:56.0468 7384 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:42:56.0500 7384 wscsvc - ok
23:42:56.0515 7384 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:42:56.0515 7384 WSTCODEC - ok
23:42:56.0546 7384 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:42:56.0593 7384 wuauserv - ok
23:42:56.0625 7384 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:42:56.0640 7384 WudfPf - ok
23:42:56.0671 7384 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
23:42:56.0671 7384 WUDFRd - ok
23:42:56.0718 7384 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:42:56.0718 7384 WudfSvc - ok
23:42:56.0781 7384 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:42:56.0812 7384 WZCSVC - ok
23:42:56.0843 7384 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:42:56.0937 7384 xmlprov - ok
23:42:57.0062 7384 [ 74EC37B9EAF9FCA015B933A526825C7A ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files\CyberLink\PowerDVD8\000.fcl
23:42:57.0062 7384 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
23:42:57.0062 7384 ================ Scan global ===============================
23:42:57.0078 7384 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:42:57.0156 7384 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:42:57.0171 7384 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:42:57.0203 7384 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:42:57.0203 7384 [Global] - ok
23:42:57.0203 7384 ================ Scan MBR ==================================
23:42:57.0234 7384 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
23:42:57.0515 7384 \Device\Harddisk0\DR0 - ok
23:42:57.0531 7384 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk1\DR3
23:42:58.0062 7384 \Device\Harddisk1\DR3 - ok
23:42:58.0062 7384 ================ Scan VBR ==================================
23:42:58.0078 7384 [ 2387C6EEE2DAE1EFEA7B2F03A00AE950 ] \Device\Harddisk0\DR0\Partition1
23:42:58.0078 7384 \Device\Harddisk0\DR0\Partition1 - ok
23:42:58.0078 7384 [ A895C4DBF6587E0E4306F729C8F9C5DF ] \Device\Harddisk0\DR0\Partition2
23:42:58.0078 7384 \Device\Harddisk0\DR0\Partition2 - ok
23:42:58.0093 7384 [ E287751C22447C126971DF9CB0DBF166 ] \Device\Harddisk1\DR3\Partition1
23:42:58.0093 7384 \Device\Harddisk1\DR3\Partition1 - ok
23:42:58.0093 7384 ============================================================
23:42:58.0093 7384 Scan finished
23:42:58.0093 7384 ============================================================
23:42:58.0093 1648 Detected object count: 1
23:42:58.0093 1648 Actual detected object count: 1

#6 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 12:13 AM

@ narenxp,

Here is a partial aswMBR. Windows encouuntered an error with the program and had to close. Weird.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 00:49:22
-----------------------------
00:49:22.875 OS Version: Windows 5.1.2600 Service Pack 3
00:49:22.875 Number of processors: 2 586 0xF06
00:49:22.875 ComputerName: BradleyJ UserName: Owner
00:49:39.171 Initialize success
00:49:59.343 AVAST engine defs: 12082501
00:50:23.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:50:23.015 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
00:50:23.062 Disk 0 MBR read successfully
00:50:23.078 Disk 0 MBR scan
00:50:23.140 Disk 0 unknown MBR code
00:50:23.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 299728 MB offset 11293695
00:50:23.218 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5514 MB offset 63
00:50:23.250 Disk 0 scanning sectors +625137345
00:50:23.437 Disk 0 scanning C:\WINDOWS\system32\drivers
00:51:07.046 Service scanning
00:51:38.265 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
00:51:50.203 Modules scanning
00:53:29.187 Disk 0 trace - called modules:
00:53:29.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys IASTOR.SYS spzx.sys hal.dll >>UNKNOWN [0x8b3f1938]<<
00:53:29.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9f3730]
00:53:29.250 3 CLASSPNP.SYS[b8188fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b34e030]
00:53:36.859 AVAST engine scan C:\WINDOWS
00:54:44.031 AVAST engine scan C:\WINDOWS\system32
01:06:53.593 AVAST engine scan C:\WINDOWS\system32\drivers
01:09:06.906 AVAST engine scan C:\Documents and Settings\Owner.BRAD-NEW
01:11:25.718 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
01:11:25.734 The log file has been saved successfully to "C:\aswMBR.txt"

Edited by Bradley Jensen, 26 August 2012 - 12:50 AM.


#7 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 12:33 AM

ESET Scan running.

Here is what SAS picked up:


Rogue.Agent/Gen-Nullo[EXE]
C:\WINDOWS\ARESET.EXE
C:\WINDOWS\Prefetch\ARESET.EXE-0BBE2C82.pf

I will advise when ESET is complete.

BJ :)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:26 PM

Posted 26 August 2012 - 12:47 AM

After ESET scan completes

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#9 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 12:55 AM

@ narenxp,

FYI - per my initial post, I ran the MBAM earlier with complete (deep scan) - it did not detect anything. Nor did NIS 2012.

BJ

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:26 PM

Posted 26 August 2012 - 07:09 AM

ok fine,ignore it

#11 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 07:22 AM

@ narenxp -

NOTE: ESET and FSS scans are perfectly clean.

Here is the log from Adw Cleaner, running from my user (the problem one) as Administrator:

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 08:00:15
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - BradleyJ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner.BRAD-NEW\Local Settings\Temporary Internet Files\Content.IE5\W4JZO0ZX\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1763 octets] - [26/08/2012 08:00:15]

########## EOF - C:\AdwCleaner[S1].txt - [1891 octets] ##########

Edited by Bradley Jensen, 26 August 2012 - 07:26 AM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:26 PM

Posted 26 August 2012 - 07:29 AM

I need to see your minitoolbox and FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#13 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 07:42 AM

Hi narenxp -

Here is the MiniToolBox dump:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 26-08-2012 at 08:25:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Cisco AnyConnect VPN Client Connection (Disconnected)
1394 Net Adapter = 1394 Interface Connection (Disconnected)
Intel® 82562V 10/100 Network Connection = Local Area Connection for BradleyJ (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection for BradleyJ"

set address name="Local Area Connection for BradleyJ" source=dhcp
set dns name="Local Area Connection for BradleyJ" source=dhcp register=PRIMARY
set wins name="Local Area Connection for BradleyJ" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BradleyJ

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection for Bradley:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection

Physical Address. . . . . . . . . : 00-22-34-A7-6H-B4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

I removed this.

I removed this.

Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 8:03:24 AM

Lease Expires . . . . . . . . . . : Monday, August 27, 2012 8:03:24 AM

Server: vdns1.srv.prnynj.cv.net
Address: I removed this.

Name: google.com
Addresses: 173.194.43.2, 173.194.43.8, 173.194.43.3, 173.194.43.1
173.194.43.14, 173.194.43.4, 173.194.43.7, 173.194.43.5, 173.194.43.9
173.194.43.0, 173.194.43.6



Pinging google.com [173.194.43.9] with 32 bytes of data:



Reply from 173.194.43.9: bytes=32 time=15ms TTL=55

Reply from 173.194.43.9: bytes=32 time=15ms TTL=55



Ping statistics for 173.194.43.9:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 15ms, Average = 15ms

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=95ms TTL=49

Reply from 98.138.253.109: bytes=32 time=101ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 95ms, Maximum = 101ms, Average = 98ms

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ... 00-22-34-A7-6H-B4 ...... Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 00:42:32 AM) (Source: Application Error) (User: )
Description: Fault bucket -1387697246.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/26/2012 00:41:41 AM) (Source: Application Error) (User: )
Description: Faulting application aswmbr.exe, version 0.9.9.1665, faulting module aswmbr.exe, version 0.9.9.1665, fault address 0x00005b96.
Processing media-specific event for [aswmbr.exe!ws!]

Error: (08/25/2012 04:45:55 PM) (Source: Application Hang) (User: )
Description: Fault bucket 72089603.

Error: (08/25/2012 04:45:44 PM) (Source: Application Hang) (User: )
Description: Fault bucket 72089603.

Error: (08/25/2012 04:45:40 PM) (Source: Application Hang) (User: )
Description: Hanging application 2600.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/25/2012 04:45:37 PM) (Source: Application Hang) (User: )
Description: Hanging application 2600.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/22/2012 08:50:54 PM) (Source: Application Error) (User: )
Description: Fault bucket -1806918336.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/22/2012 08:50:46 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0006ccd5.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/21/2012 03:24:48 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8345.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/21/2012 03:24:43 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/26/2012 08:12:45 AM) (Source: DCOM) (User: BradleyJ)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/26/2012 08:04:44 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (08/26/2012 01:24:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (08/26/2012 00:21:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (08/25/2012 09:52:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (08/25/2012 08:37:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (08/25/2012 06:40:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (08/25/2012 05:42:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (08/25/2012 05:40:29 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (08/25/2012 05:32:54 PM) (Source: DCOM) (User: SECURE-1)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (08/26/2012 00:42:32 AM) (Source: Application Error)(User: )
Description: -1387697246

Error: (08/26/2012 00:41:41 AM) (Source: Application Error)(User: )
Description: aswmbr.exe0.9.9.1665aswmbr.exe0.9.9.166500005b96

Error: (08/25/2012 04:45:55 PM) (Source: Application Hang)(User: )
Description: 72089603

Error: (08/25/2012 04:45:44 PM) (Source: Application Hang)(User: )
Description: 72089603

Error: (08/25/2012 04:45:40 PM) (Source: Application Hang)(User: )
Description: 2600.exe0.0.0.0hungapp0.0.0.000000000

Error: (08/25/2012 04:45:37 PM) (Source: Application Hang)(User: )
Description: 2600.exe0.0.0.0hungapp0.0.0.000000000

Error: (08/22/2012 08:50:54 PM) (Source: Application Error)(User: )
Description: -1806918336

Error: (08/22/2012 08:50:46 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msvcr90.dll9.0.30729.61610006ccd5

Error: (08/21/2012 03:24:48 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8345.0hungapp0.0.0.000000000

Error: (08/21/2012 03:24:43 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000


=========================== Installed Programs ============================

3D Canyon Flight Screensaver 2.0 (Version: 2.0)
3D Windows XP Screen Saver
Acronis True Image Home 2011 (Version: 14.0.6857)
Adobe AIR (Version: 3.4.0.2540)
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 3 (Version: 1.0.8.6128)
Beyond Compare Version 3.3.4
Bookworm Deluxe 1.03
Brain Training For Dummies® (Version: 116)
CameraHelperMsi (Version: 13.30.1395.0)
Canon Camera Access Library (Version: 8.5.0.2)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.3.0.11)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities CameraWindow (Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.6.18)
Canon Utilities EOS Utility (Version: 1.0.3.17)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.20.44)
Canon Utilities RemoteCapture DC (Version: 3.1.0.5)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
CCleaner (Version: 3.21)
Chessmaster Grandmaster Edition (Version: 1.00.0000)
Chessmaster Grandmaster Edition (Version: 1.02.0000)
Choice Guard (Version: 1.2.87.0)
Cisco AnyConnect VPN Client (Version: 2.5.0217)
CloneDVD2 (Version: 2.9.3.0)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer 3 Kane's Wrath™ Worldbuilder (Version: 1.0)
Command & Conquer™ Red Alert™ 3 Worldbuilder (Version: 1.0)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0)
Command & Conquer™ Red Alert™ 3 Uprising (Version: 1.0.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.98)
Crazy Machines (Version: 1.14)
Crazy Machines 1.5 (Version: 1.0)
Crazy Machines II (Version: 1.03)
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.82 (Version: 2.82)
CutePDF Writer 2.8
CyberLink PowerDVD 8 (Version: 8.0.3228g)
CyberPower PowerPanel Personal Edition 1.2.7 (Version: 1.2.7)
Digital Media Reader (Version: 2.01.00.02)
DVD Solution

erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Fly on Desktop Screensaver 1.2
Free Fire Screensaver
getPlus®_ocx
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GTK+ Runtime 2.14.7 rev a (remove only)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ICA (Version: 1.6.1.98)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Inpaint 4.3
Intel Audio Studio 2.0 (Version: 2.00.00128)
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
IPM_PSP_Pro (Version: 1.00.0000)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Codec Pack 6.9.0 (Standard) (Version: 6.9.0)
Learning Essentials for Microsoft Office (Version: 2.0)
LEGO Digital Designer
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 1200 Series
Linksys EasyLink Advisor
Linksys EasyLink Advisor (Version: 3.11.9139.94)
Logitech Gaming Software 5.04 (Version: 5.04.110)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Baseline Security Analyzer 1.2.1 (Version: 1.2.4013.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Flight (Version: 1.0.0000.129)
Microsoft Flight (Version: 1.0.0004.129)
Microsoft Flight Simulator X Photo Scenery Display Update (Version: 10.0.61023.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Mathematics (Version: 4.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! for Windows XP (Version: 1.00.01.0732)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Moffsoft Calculator 2 (Version: 2.1.1)
Mozilla Thunderbird 14.0 (x86 en-US) (Version: 14.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Muvizu (Version: 2012.05.10.01R)
Next Generation Visualisations (Version: 1.0.0)
Norton Internet Security (Version: 19.8.0.14)
Notepad++ (Version: 5.9.8)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Octoshape add-in for Adobe Flash Player
OpenAL
Plants vs. Zombies
Plus Pack for Acronis True Image Home 2011 (Version: 14.0.6696)
Portal
Process Lasso (Version: 5.0.0.24)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
Pure Networks Platform (Version: 11.1.9051.0)
QuickTime (Version: 7.72.80.56)
RollerCoaster Tycoon 3 Platinum (Version: 1.00.000)
Savings Bond Wizard
Scratch (Version: 1.4.0.0)
SeaStorm 3D Screensaver 1.5 (Version: 1.5)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Segoe UI (Version: 14.0.4327.805)
SereneScreen Marine Aquarium 3 (Version: 3.0)
Setup (Version: 1.6.1.98)
Sid Meier's Civilization V
Sid Meier's Pirates! (Version: 2.00.0000)
SigmaTel Audio (Version: 5.10.4811.0)
Skype™ 5.10 (Version: 5.10.116)
SMAC 2.0
Snagit 10.0.2 (Version: 10.0.2)
Sonic Encoders (Version: 1.00)
Sound Editor Pro v7.5.1
Space Plasma 3D Screensaver (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
Starry Night Pro Plus 6 (Version: 6.0.0.0)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1142)
swMSM (Version: 12.0.0.1)
Tweak UI
Ulead Photo Explorer 8.6
UltraVNC 1.0.9.1 (Version: 1.0.9.1)
Unity Web Player (All users) (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Wireless Keyboard Driver
User Profile Hive Cleanup Service (Version: 1.6.30)
VirtualDrive Pro
VirtualDrive Pro (Version: 12.2)
WebFldrs XP (Version: 9.50.7523)
Windows Easy Transfer for Windows 7
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows Support Tools (Version: 5.1.2600.2180)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinISO (Version: 6.1.0.4472)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinX DVD Ripper Platinum 6.8.5
Xiph QuickTime Components
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3325.55 MB
Available physical RAM: 2406.57 MB
Total Pagefile: 8145.52 MB
Available Pagefile: 7331.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.81 MB

========================= Partitions: =====================================

1 Drive c: (Brad) (Fixed) (Total:292.7 GB) (Free:92.71 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:5.37 GB) (Free:1.67 GB) FAT32
8 Drive j: (Backup) (Fixed) (Total:298.09 GB) (Free:35.34 GB) NTFS

========================= Users: ========================================

User accounts for \\BradleyJ

Administrator James ASPNET
Guest HelpAssistant Owner
John - Home SUPPORT_388945a0
UpdatusUser


**** End of log ****

Edited by Bradley Jensen, 26 August 2012 - 08:10 AM.


#14 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 07:50 AM

Here's the FSS log:

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 26-08-2012 at 07:55:53
Running from "C:\Documents and Settings\Owner.BradleyJ\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(15) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(16) Tcpip(3)
0x1100000004000000010000000200000003000000100000000B000000080000000600000007000000090000000A0000000C0000000D0000000E0000000F0000001100000005000000
IpSec Tag value is correct.

**** End of log ****

Edited by Bradley Jensen, 26 August 2012 - 07:51 AM.


#15 Bradley Jensen

Bradley Jensen
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 26 August 2012 - 07:58 AM

RKill:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 08:55:35 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\CNYHKey.exe (PID: 3508) [WD-HEUR]
* C:\WINDOWS\mHotkey.exe (PID: 5412) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 08:56:18 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users