Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.FakeHDD


  • Please log in to reply
19 replies to this topic

#1 tomsmom

tomsmom

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 04 September 2012 - 10:22 PM

I have a Dell XPS 410 running WindowsXP, Service Pack 2. Ten days ago, my Trend Micro Internet Security popped up with warnings of Possible.App_Lnk. I shut down the computer cold, with the power button, but when I rebooted, I was confronted with the File Recovery screen. I have Malwarebytes installed as a demand scanner, and ran it. It identified and quarantined 2 files and a registry entry:

C:\Documents and Settings\All Users\Application Data\e73P5CvrGVuans.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1984\A0137816.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|e73P5CvrGVuans (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\e73P5CvrGVuans.exe -> Quarantined and deleted successfully


I then ran SuperAntiSpyware, which found and quarantined a trojan:

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1984\A0137888.EXE


Trend Micro really had done nothing beyond the initial alerts, at the time. The next day, I scanned with Trend Micro Internet Security twice, and a total of 12 files were quarantined, 8 of them Restore files, the rest files associated with File Recovery.lnk. I have the whole list of files that were quarantined. Obviously, not gone.


I did run Trend Micro Housecalls, nothing found.

Trend Micro support had me run a Hijackthis scan and send it to them. They identified one "malicious" item, a registry entry that I removed by the "fix" in Hijackthis:

O4 - HKLM\..\Run: [yhQukoGsgB.exe] C:\Documents and Settings\All Users\Application Data\yhQukoGsgB.exe

The next Hijackthis scan showed that this item was gone. Thinking I was done with this, I ran the "Unhide" program, which made all the missing files reappear.

Since then, I have done this each day, with hidden files shown:

Updated and scanned with Malwarebytes, nothing found

Updated and scanned with SuperAntiSpyware, nothing found.

Run TDSSKiller, nothing found. However, it was not renamed before I ran it.

The trojan and Rogue programs identified and quarantined by Malwarebytes and SuperAntiSpyware remain quarantined.I have also turned off System Restore, where so many infected files were found.


These are the things that make me extremely doubtful that this malware/virus is gone:

My desktop color is still the same very dark blue that showed up immediately after infection, no change since infection.

My Trend Micro Internet Security has not been working as it should, despite multiple installs; it can update and scan with the latest virus patterns, but at some point within a day of the install, the icon in the system tray indicates that something "requires fixing". That something is that I have no firewall, and the only thing that will fix that, despite multiple reboots, is to uninstall and reinstall the entire program.

I have always kept this computer at its best by running daily scans with up-to-date definitions with Malwarebytes, SuperAntiSpyware, and Trend Micro Internet Security.

At this point, I am not receiving help from anyone/any forum. I would really appreciate it if someone could please lead me to whatever series of steps that I can take to find out just what is still wrong with this computer following this infection.

Thank you!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 04 September 2012 - 10:24 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 04 September 2012 - 11:22 PM

tdsskiller log:

22:30:59.0468 2392 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:30:59.0859 2392 ============================================================
22:30:59.0859 2392 Current date / time: 2012/09/04 22:30:59.0859
22:30:59.0859 2392 SystemInfo:
22:30:59.0859 2392
22:30:59.0859 2392 OS Version: 5.1.2600 ServicePack: 2.0
22:30:59.0859 2392 Product type: Workstation
22:30:59.0859 2392 ComputerName: D90L61C1
22:30:59.0859 2392 UserName: Milly
22:30:59.0859 2392 Windows directory: C:\WINDOWS
22:30:59.0859 2392 System windows directory: C:\WINDOWS
22:30:59.0859 2392 Processor architecture: Intel x86
22:30:59.0859 2392 Number of processors: 2
22:30:59.0859 2392 Page size: 0x1000
22:30:59.0859 2392 Boot type: Normal boot
22:30:59.0859 2392 ============================================================
22:31:00.0218 2392 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:31:00.0250 2392 ============================================================
22:31:00.0250 2392 \Device\Harddisk0\DR0:
22:31:00.0265 2392 MBR partitions:
22:31:00.0265 2392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x153DC5E7
22:31:00.0281 2392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x153FBC2E, BlocksNum 0x742D6A0
22:31:00.0281 2392 ============================================================
22:31:00.0312 2392 C: <-> \Device\Harddisk0\DR0\Partition1
22:31:00.0343 2392 D: <-> \Device\Harddisk0\DR0\Partition2
22:31:00.0343 2392 ============================================================
22:31:00.0343 2392 Initialize success
22:31:00.0343 2392 ============================================================
22:32:04.0484 2688 ============================================================
22:32:04.0484 2688 Scan started
22:32:04.0484 2688 Mode: Manual; TDLFS;
22:32:04.0484 2688 ============================================================
22:32:04.0593 2688 ================ Scan system memory ========================
22:32:04.0593 2688 System memory - ok
22:32:04.0593 2688 ================ Scan services =============================
22:32:04.0687 2688 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:32:04.0687 2688 !SASCORE - ok
22:32:04.0781 2688 Abiosdsk - ok
22:32:04.0796 2688 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:32:04.0796 2688 abp480n5 - ok
22:32:04.0812 2688 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:32:04.0812 2688 ACPI - ok
22:32:04.0828 2688 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:32:04.0828 2688 ACPIEC - ok
22:32:04.0843 2688 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:32:04.0843 2688 adpu160m - ok
22:32:04.0890 2688 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
22:32:04.0890 2688 aec - ok
22:32:04.0937 2688 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:32:04.0937 2688 AFD - ok
22:32:04.0937 2688 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:32:04.0937 2688 agp440 - ok
22:32:04.0937 2688 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:32:04.0937 2688 agpCPQ - ok
22:32:04.0953 2688 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:32:04.0953 2688 Aha154x - ok
22:32:04.0984 2688 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:32:04.0984 2688 aic78u2 - ok
22:32:04.0984 2688 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:32:04.0984 2688 aic78xx - ok
22:32:05.0000 2688 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:32:05.0000 2688 Alerter - ok
22:32:05.0015 2688 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
22:32:05.0015 2688 ALG - ok
22:32:05.0031 2688 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:32:05.0031 2688 AliIde - ok
22:32:05.0031 2688 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:32:05.0031 2688 alim1541 - ok
22:32:05.0031 2688 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:32:05.0031 2688 amdagp - ok
22:32:05.0062 2688 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:32:05.0062 2688 amsint - ok
22:32:05.0078 2688 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:32:05.0093 2688 AppMgmt - ok
22:32:05.0109 2688 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:32:05.0109 2688 asc - ok
22:32:05.0109 2688 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:32:05.0109 2688 asc3350p - ok
22:32:05.0125 2688 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:32:05.0125 2688 asc3550 - ok
22:32:05.0140 2688 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
22:32:05.0140 2688 ASCTRM - ok
22:32:05.0171 2688 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:32:05.0171 2688 aspnet_state - ok
22:32:05.0203 2688 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:32:05.0203 2688 AsyncMac - ok
22:32:05.0203 2688 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:32:05.0203 2688 atapi - ok
22:32:05.0218 2688 Atdisk - ok
22:32:05.0234 2688 [ C23082B890F21267037CA6111C385FF3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:32:05.0234 2688 Ati HotKey Poller - ok
22:32:05.0296 2688 [ F5FC6AC1E7BC776871361D463FC86BE2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:32:05.0312 2688 ati2mtag - ok
22:32:05.0312 2688 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:32:05.0312 2688 Atmarpc - ok
22:32:05.0328 2688 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:32:05.0328 2688 AudioSrv - ok
22:32:05.0343 2688 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:32:05.0343 2688 audstub - ok
22:32:05.0359 2688 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:32:05.0359 2688 Beep - ok
22:32:05.0375 2688 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
22:32:05.0390 2688 BITS - ok
22:32:05.0406 2688 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
22:32:05.0406 2688 Browser - ok
22:32:05.0421 2688 bvrp_pci - ok
22:32:05.0437 2688 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:32:05.0437 2688 cbidf - ok
22:32:05.0437 2688 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:32:05.0437 2688 cbidf2k - ok
22:32:05.0453 2688 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:32:05.0453 2688 cd20xrnt - ok
22:32:05.0453 2688 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:32:05.0453 2688 Cdaudio - ok
22:32:05.0468 2688 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:32:05.0468 2688 Cdfs - ok
22:32:05.0484 2688 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:32:05.0484 2688 Cdrom - ok
22:32:05.0500 2688 Changer - ok
22:32:05.0500 2688 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:32:05.0500 2688 CiSvc - ok
22:32:05.0500 2688 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:32:05.0500 2688 ClipSrv - ok
22:32:05.0515 2688 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:32:05.0515 2688 clr_optimization_v2.0.50727_32 - ok
22:32:05.0531 2688 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:32:05.0531 2688 CmdIde - ok
22:32:05.0531 2688 COMSysApp - ok
22:32:05.0531 2688 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:32:05.0531 2688 Cpqarray - ok
22:32:05.0562 2688 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
22:32:05.0562 2688 Creative Labs Licensing Service - ok
22:32:05.0578 2688 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
22:32:05.0578 2688 Creative Service for CDROM Access - ok
22:32:05.0593 2688 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:32:05.0593 2688 CryptSvc - ok
22:32:05.0625 2688 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
22:32:05.0625 2688 ctsfm2k - ok
22:32:05.0640 2688 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
22:32:05.0640 2688 CTUSFSYN - ok
22:32:05.0656 2688 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:32:05.0656 2688 dac2w2k - ok
22:32:05.0656 2688 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:32:05.0656 2688 dac960nt - ok
22:32:05.0687 2688 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:32:05.0703 2688 DcomLaunch - ok
22:32:05.0703 2688 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
22:32:05.0703 2688 DgiVecp - ok
22:32:05.0734 2688 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:32:05.0734 2688 Dhcp - ok
22:32:05.0750 2688 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:32:05.0750 2688 Disk - ok
22:32:05.0781 2688 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:32:05.0781 2688 DLABOIOM - ok
22:32:05.0781 2688 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:32:05.0781 2688 DLACDBHM - ok
22:32:05.0796 2688 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
22:32:05.0796 2688 DLADResN - ok
22:32:05.0796 2688 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:32:05.0812 2688 DLAIFS_M - ok
22:32:05.0812 2688 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:32:05.0812 2688 DLAOPIOM - ok
22:32:05.0812 2688 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:32:05.0812 2688 DLAPoolM - ok
22:32:05.0812 2688 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:32:05.0812 2688 DLARTL_N - ok
22:32:05.0828 2688 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:32:05.0828 2688 DLAUDFAM - ok
22:32:05.0828 2688 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:32:05.0828 2688 DLAUDF_M - ok
22:32:05.0828 2688 dmadmin - ok
22:32:05.0875 2688 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:32:05.0890 2688 dmboot - ok
22:32:05.0906 2688 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:32:05.0906 2688 dmio - ok
22:32:05.0906 2688 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:32:05.0921 2688 dmload - ok
22:32:05.0937 2688 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
22:32:05.0937 2688 dmserver - ok
22:32:05.0953 2688 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:32:05.0953 2688 DMusic - ok
22:32:05.0968 2688 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:32:05.0968 2688 Dnscache - ok
22:32:05.0968 2688 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:32:05.0968 2688 dpti2o - ok
22:32:05.0984 2688 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:32:05.0984 2688 drmkaud - ok
22:32:06.0000 2688 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:32:06.0000 2688 DRVMCDB - ok
22:32:06.0000 2688 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:32:06.0000 2688 DRVNDDM - ok
22:32:06.0031 2688 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:32:06.0031 2688 DSproct - ok
22:32:06.0046 2688 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:32:06.0046 2688 E100B - ok
22:32:06.0062 2688 [ 6F7CCD3C02B26D530900F06D98171A69 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:32:06.0062 2688 e1express - ok
22:32:06.0093 2688 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:32:06.0093 2688 ehRecvr - ok
22:32:06.0093 2688 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:32:06.0093 2688 ehSched - ok
22:32:06.0125 2688 [ 0923AEC043F5D355B4EF0C2B29A362DE ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
22:32:06.0125 2688 ELacpi - ok
22:32:06.0140 2688 [ CBD71E7772F92BFB85CCC302B2DEEFBA ] ELhid C:\WINDOWS\System32\Drivers\Elhid.sys
22:32:06.0140 2688 ELhid - ok
22:32:06.0140 2688 [ AC75B576C45D144E146FD1F0576A1F53 ] ELkbd C:\WINDOWS\System32\Drivers\Elkbd.sys
22:32:06.0156 2688 ELkbd - ok
22:32:06.0156 2688 [ 483CCE5E40137D4E437F4DEF55C80007 ] ELmon C:\WINDOWS\System32\Drivers\Elmon.sys
22:32:06.0156 2688 ELmon - ok
22:32:06.0156 2688 [ 8E88CAFEAC0812BF2D15BEEEDFCCE8BD ] ELmou C:\WINDOWS\System32\Drivers\Elmou.sys
22:32:06.0156 2688 ELmou - ok
22:32:06.0234 2688 [ 47FCF6628E1A221C41F3F0130FBF258E ] ELService C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
22:32:06.0234 2688 ELService - ok
22:32:06.0234 2688 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:32:06.0234 2688 ERSvc - ok
22:32:06.0265 2688 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
22:32:06.0265 2688 Eventlog - ok
22:32:06.0281 2688 [ 34BBD9ACC1538818F2C878898C64E793 ] EventSystem C:\WINDOWS\system32\es.dll
22:32:06.0281 2688 EventSystem - ok
22:32:06.0296 2688 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:32:06.0296 2688 Fastfat - ok
22:32:06.0312 2688 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:32:06.0328 2688 FastUserSwitchingCompatibility - ok
22:32:06.0359 2688 [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:32:06.0359 2688 Fax - ok
22:32:06.0375 2688 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:32:06.0375 2688 Fdc - ok
22:32:06.0390 2688 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:32:06.0390 2688 Fips - ok
22:32:06.0390 2688 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:32:06.0390 2688 Flpydisk - ok
22:32:06.0406 2688 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:32:06.0406 2688 FltMgr - ok
22:32:06.0453 2688 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:32:06.0453 2688 FontCache3.0.0.0 - ok
22:32:06.0453 2688 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:32:06.0453 2688 Fs_Rec - ok
22:32:06.0453 2688 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:32:06.0468 2688 Ftdisk - ok
22:32:06.0500 2688 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:32:06.0500 2688 GoogleDesktopManager-051210-111108 - ok
22:32:06.0500 2688 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:32:06.0500 2688 Gpc - ok
22:32:06.0515 2688 gupdate - ok
22:32:06.0515 2688 gupdatem - ok
22:32:06.0546 2688 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:32:06.0546 2688 gusvc - ok
22:32:06.0562 2688 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:32:06.0578 2688 HDAudBus - ok
22:32:06.0593 2688 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:32:06.0593 2688 helpsvc - ok
22:32:06.0609 2688 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:32:06.0609 2688 HidServ - ok
22:32:06.0625 2688 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:32:06.0625 2688 HidUsb - ok
22:32:06.0625 2688 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:32:06.0625 2688 hpn - ok
22:32:06.0640 2688 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:32:06.0640 2688 HSFHWBS2 - ok
22:32:06.0687 2688 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:32:06.0703 2688 HSF_DP - ok
22:32:06.0703 2688 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:32:06.0718 2688 HTTP - ok
22:32:06.0734 2688 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:32:06.0734 2688 HTTPFilter - ok
22:32:06.0734 2688 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:32:06.0734 2688 i2omgmt - ok
22:32:06.0750 2688 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:32:06.0750 2688 i2omp - ok
22:32:06.0765 2688 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:32:06.0765 2688 i8042prt - ok
22:32:06.0781 2688 [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:32:06.0781 2688 IAANTMON - ok
22:32:06.0796 2688 [ 019CF5F31C67030841233C545A0E217A ] iastor C:\WINDOWS\system32\drivers\iastor.sys
22:32:06.0796 2688 iastor - ok
22:32:06.0843 2688 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:32:06.0843 2688 IDriverT - ok
22:32:06.0890 2688 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:32:06.0906 2688 idsvc - ok
22:32:06.0921 2688 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:32:06.0921 2688 Imapi - ok
22:32:06.0937 2688 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:32:06.0937 2688 ImapiService - ok
22:32:06.0937 2688 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:32:06.0937 2688 ini910u - ok
22:32:06.0953 2688 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:32:06.0953 2688 IntelIde - ok
22:32:06.0968 2688 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:32:06.0968 2688 intelppm - ok
22:32:06.0968 2688 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:32:06.0984 2688 Ip6Fw - ok
22:32:07.0000 2688 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:32:07.0015 2688 IpFilterDriver - ok
22:32:07.0015 2688 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:32:07.0015 2688 IpInIp - ok
22:32:07.0046 2688 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:32:07.0046 2688 IpNat - ok
22:32:07.0062 2688 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:32:07.0062 2688 IPSec - ok
22:32:07.0062 2688 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:32:07.0062 2688 IRENUM - ok
22:32:07.0078 2688 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:32:07.0078 2688 isapnp - ok
22:32:07.0125 2688 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:32:07.0125 2688 JavaQuickStarterService - ok
22:32:07.0171 2688 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:32:07.0171 2688 Kbdclass - ok
22:32:07.0171 2688 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:32:07.0171 2688 kbdhid - ok
22:32:07.0187 2688 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:32:07.0203 2688 kmixer - ok
22:32:07.0203 2688 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:32:07.0203 2688 KSecDD - ok
22:32:07.0234 2688 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:32:07.0250 2688 lanmanserver - ok
22:32:07.0250 2688 [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:32:07.0265 2688 lanmanworkstation - ok
22:32:07.0265 2688 Lavasoft Kernexplorer - ok
22:32:07.0265 2688 lbrtfdc - ok
22:32:07.0312 2688 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:32:07.0312 2688 LmHosts - ok
22:32:07.0328 2688 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
22:32:07.0343 2688 McrdSvc - ok
22:32:07.0375 2688 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:32:07.0375 2688 MDM - ok
22:32:07.0406 2688 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:32:07.0406 2688 mdmxsdk - ok
22:32:07.0421 2688 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:32:07.0421 2688 Messenger - ok
22:32:07.0437 2688 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:32:07.0437 2688 MHN - ok
22:32:07.0453 2688 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:32:07.0453 2688 MHNDRV - ok
22:32:07.0468 2688 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:32:07.0468 2688 mnmdd - ok
22:32:07.0500 2688 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:32:07.0500 2688 mnmsrvc - ok
22:32:07.0515 2688 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:32:07.0515 2688 Modem - ok
22:32:07.0515 2688 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:32:07.0515 2688 MODEMCSA - ok
22:32:07.0578 2688 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
22:32:07.0609 2688 monfilt - ok
22:32:07.0625 2688 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:32:07.0625 2688 Mouclass - ok
22:32:07.0625 2688 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:32:07.0625 2688 mouhid - ok
22:32:07.0640 2688 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:32:07.0640 2688 MountMgr - ok
22:32:07.0640 2688 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:32:07.0640 2688 mraid35x - ok
22:32:07.0656 2688 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:32:07.0656 2688 MRxDAV - ok
22:32:07.0687 2688 [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:32:07.0687 2688 MRxSmb - ok
22:32:07.0703 2688 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:32:07.0703 2688 MSDTC - ok
22:32:07.0718 2688 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:32:07.0718 2688 Msfs - ok
22:32:07.0718 2688 MSIServer - ok
22:32:07.0734 2688 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:32:07.0734 2688 MSKSSRV - ok
22:32:07.0750 2688 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:32:07.0750 2688 MSPCLOCK - ok
22:32:07.0765 2688 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:32:07.0765 2688 MSPQM - ok
22:32:07.0781 2688 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:32:07.0796 2688 mssmbios - ok
22:32:07.0796 2688 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:32:07.0796 2688 Mup - ok
22:32:07.0812 2688 [ 1E59AAED42A5E3A5ED86EC403F9C0776 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
22:32:07.0812 2688 NAL - ok
22:32:07.0843 2688 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:32:07.0843 2688 NDIS - ok
22:32:07.0859 2688 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:32:07.0859 2688 NdisTapi - ok
22:32:07.0875 2688 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:32:07.0875 2688 Ndisuio - ok
22:32:07.0875 2688 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:32:07.0875 2688 NdisWan - ok
22:32:07.0906 2688 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:32:07.0921 2688 NDProxy - ok
22:32:07.0921 2688 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:32:07.0921 2688 NetBIOS - ok
22:32:07.0937 2688 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:32:07.0937 2688 NetBT - ok
22:32:07.0953 2688 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:32:07.0953 2688 NetDDE - ok
22:32:07.0968 2688 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:32:07.0968 2688 NetDDEdsdm - ok
22:32:07.0984 2688 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:32:07.0984 2688 Netlogon - ok
22:32:08.0000 2688 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
22:32:08.0000 2688 Netman - ok
22:32:08.0031 2688 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:08.0031 2688 NetTcpPortSharing - ok
22:32:08.0046 2688 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
22:32:08.0046 2688 Nla - ok
22:32:08.0093 2688 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:32:08.0093 2688 Npfs - ok
22:32:08.0109 2688 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:32:08.0109 2688 Ntfs - ok
22:32:08.0140 2688 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:32:08.0140 2688 NtLmSsp - ok
22:32:08.0171 2688 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:32:08.0187 2688 NtmsSvc - ok
22:32:08.0187 2688 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:32:08.0187 2688 Null - ok
22:32:08.0250 2688 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:32:08.0281 2688 nv - ok
22:32:08.0312 2688 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:32:08.0312 2688 NwlnkFlt - ok
22:32:08.0328 2688 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:32:08.0328 2688 NwlnkFwd - ok
22:32:08.0359 2688 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:32:08.0375 2688 ose - ok
22:32:08.0390 2688 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
22:32:08.0390 2688 ossrv - ok
22:32:08.0406 2688 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:32:08.0406 2688 Parport - ok
22:32:08.0406 2688 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:32:08.0406 2688 PartMgr - ok
22:32:08.0421 2688 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:32:08.0437 2688 ParVdm - ok
22:32:08.0437 2688 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:32:08.0437 2688 PCI - ok
22:32:08.0437 2688 PCIDump - ok
22:32:08.0453 2688 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:32:08.0453 2688 PCIIde - ok
22:32:08.0484 2688 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:32:08.0484 2688 Pcmcia - ok
22:32:08.0484 2688 PDCOMP - ok
22:32:08.0484 2688 PDFRAME - ok
22:32:08.0500 2688 PDRELI - ok
22:32:08.0500 2688 PDRFRAME - ok
22:32:08.0515 2688 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:32:08.0515 2688 perc2 - ok
22:32:08.0531 2688 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:32:08.0531 2688 perc2hib - ok
22:32:08.0546 2688 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
22:32:08.0562 2688 pfc - ok
22:32:08.0578 2688 [ EDE8241B75DADEF090AADB6C81C8E1D7 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
22:32:08.0578 2688 PfModNT - ok
22:32:08.0578 2688 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:32:08.0593 2688 PlugPlay - ok
22:32:08.0593 2688 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:32:08.0593 2688 PolicyAgent - ok
22:32:08.0593 2688 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:32:08.0593 2688 PptpMiniport - ok
22:32:08.0593 2688 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:32:08.0609 2688 ProtectedStorage - ok
22:32:08.0609 2688 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:32:08.0609 2688 PSched - ok
22:32:08.0609 2688 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:32:08.0609 2688 Ptilink - ok
22:32:08.0640 2688 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:32:08.0640 2688 PxHelp20 - ok
22:32:08.0656 2688 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:32:08.0656 2688 ql1080 - ok
22:32:08.0671 2688 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:32:08.0671 2688 Ql10wnt - ok
22:32:08.0671 2688 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:32:08.0687 2688 ql12160 - ok
22:32:08.0687 2688 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:32:08.0687 2688 ql1240 - ok
22:32:08.0703 2688 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:32:08.0703 2688 ql1280 - ok
22:32:08.0703 2688 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:32:08.0718 2688 RasAcd - ok
22:32:08.0734 2688 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:32:08.0734 2688 RasAuto - ok
22:32:08.0750 2688 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:32:08.0750 2688 Rasl2tp - ok
22:32:08.0765 2688 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
22:32:08.0781 2688 RasMan - ok
22:32:08.0781 2688 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:32:08.0781 2688 RasPppoe - ok
22:32:08.0796 2688 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:32:08.0796 2688 Raspti - ok
22:32:08.0812 2688 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:32:08.0828 2688 Rdbss - ok
22:32:08.0828 2688 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:32:08.0828 2688 RDPCDD - ok
22:32:08.0828 2688 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:32:08.0843 2688 rdpdr - ok
22:32:08.0875 2688 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:32:08.0875 2688 RDPWD - ok
22:32:08.0906 2688 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:32:08.0906 2688 RDSessMgr - ok
22:32:08.0921 2688 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:32:08.0921 2688 redbook - ok
22:32:08.0953 2688 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:32:08.0953 2688 RemoteAccess - ok
22:32:08.0953 2688 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:32:08.0968 2688 RemoteRegistry - ok
22:32:08.0984 2688 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:32:09.0000 2688 RpcLocator - ok
22:32:09.0015 2688 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:32:09.0015 2688 RpcSs - ok
22:32:09.0046 2688 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:32:09.0046 2688 RSVP - ok
22:32:09.0062 2688 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
22:32:09.0062 2688 SamSs - ok
22:32:09.0125 2688 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:32:09.0125 2688 SASDIFSV - ok
22:32:09.0125 2688 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:32:09.0125 2688 SASKUTIL - ok
22:32:09.0156 2688 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:32:09.0156 2688 SCardSvr - ok
22:32:09.0203 2688 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:32:09.0218 2688 Schedule - ok
22:32:09.0234 2688 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:32:09.0234 2688 Secdrv - ok
22:32:09.0281 2688 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
22:32:09.0281 2688 seclogon - ok
22:32:09.0296 2688 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
22:32:09.0296 2688 SENS - ok
22:32:09.0312 2688 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:32:09.0312 2688 serenum - ok
22:32:09.0343 2688 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:32:09.0343 2688 Serial - ok
22:32:09.0359 2688 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:32:09.0359 2688 Sfloppy - ok
22:32:09.0375 2688 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:32:09.0375 2688 SharedAccess - ok
22:32:09.0390 2688 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:32:09.0390 2688 ShellHWDetection - ok
22:32:09.0406 2688 Simbad - ok
22:32:09.0421 2688 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:32:09.0421 2688 sisagp - ok
22:32:09.0421 2688 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:32:09.0421 2688 Sparrow - ok
22:32:09.0437 2688 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:32:09.0437 2688 splitter - ok
22:32:09.0453 2688 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:32:09.0453 2688 Spooler - ok
22:32:09.0468 2688 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:32:09.0484 2688 sr - ok
22:32:09.0484 2688 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
22:32:09.0500 2688 srservice - ok
22:32:09.0515 2688 [ AB9C79ED12D65E800AAAD3D72A04792F ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:32:09.0515 2688 Srv - ok
22:32:09.0515 2688 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:32:09.0515 2688 SSDPSRV - ok
22:32:09.0531 2688 SSPORT - ok
22:32:09.0578 2688 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:32:09.0593 2688 STHDA - ok
22:32:09.0609 2688 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:32:09.0609 2688 stisvc - ok
22:32:09.0625 2688 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:32:09.0625 2688 swenum - ok
22:32:09.0640 2688 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:32:09.0640 2688 swmidi - ok
22:32:09.0640 2688 SwPrv - ok
22:32:09.0656 2688 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:32:09.0656 2688 symc810 - ok
22:32:09.0656 2688 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:32:09.0656 2688 symc8xx - ok
22:32:09.0656 2688 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:32:09.0656 2688 sym_hi - ok
22:32:09.0656 2688 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:32:09.0656 2688 sym_u3 - ok
22:32:09.0671 2688 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:32:09.0671 2688 sysaudio - ok
22:32:09.0687 2688 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:32:09.0703 2688 SysmonLog - ok
22:32:09.0718 2688 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:32:09.0718 2688 TapiSrv - ok
22:32:09.0750 2688 [ 90CAFF4B094573449A0872A0F919B178 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:32:09.0750 2688 Tcpip - ok
22:32:09.0765 2688 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:32:09.0765 2688 TDPIPE - ok
22:32:09.0765 2688 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:32:09.0765 2688 TDTCP - ok
22:32:09.0781 2688 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:32:09.0781 2688 TermDD - ok
22:32:09.0828 2688 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
22:32:09.0828 2688 TermService - ok
22:32:09.0843 2688 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:32:09.0843 2688 Themes - ok
22:32:09.0859 2688 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:32:09.0859 2688 TlntSvr - ok
22:32:09.0875 2688 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:32:09.0875 2688 TosIde - ok
22:32:09.0890 2688 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:32:09.0890 2688 TrkWks - ok
22:32:09.0906 2688 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:32:09.0906 2688 Udfs - ok
22:32:09.0906 2688 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:32:09.0906 2688 ultra - ok
22:32:09.0937 2688 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:32:09.0937 2688 UMWdf - ok
22:32:09.0968 2688 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:32:09.0968 2688 Update - ok
22:32:10.0000 2688 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:32:10.0000 2688 upnphost - ok
22:32:10.0015 2688 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
22:32:10.0015 2688 UPS - ok
22:32:10.0031 2688 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:32:10.0031 2688 usbccgp - ok
22:32:10.0046 2688 [ 708579B01FED227AADB393CB0C3B4A2C ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:32:10.0046 2688 usbehci - ok
22:32:10.0062 2688 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:32:10.0062 2688 usbhub - ok
22:32:10.0078 2688 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:32:10.0078 2688 usbprint - ok
22:32:10.0109 2688 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:32:10.0109 2688 usbscan - ok
22:32:10.0125 2688 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:32:10.0125 2688 USBSTOR - ok
22:32:10.0125 2688 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:32:10.0125 2688 usbuhci - ok
22:32:10.0140 2688 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:32:10.0140 2688 VgaSave - ok
22:32:10.0187 2688 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:32:10.0187 2688 viaagp - ok
22:32:10.0203 2688 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:32:10.0203 2688 ViaIde - ok
22:32:10.0234 2688 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:32:10.0234 2688 VolSnap - ok
22:32:10.0265 2688 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
22:32:10.0265 2688 VSS - ok
22:32:10.0296 2688 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] w32time C:\WINDOWS\system32\w32time.dll
22:32:10.0296 2688 w32time - ok
22:32:10.0312 2688 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:32:10.0312 2688 Wanarp - ok
22:32:10.0312 2688 wanatw - ok
22:32:10.0312 2688 WDICA - ok
22:32:10.0328 2688 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:32:10.0343 2688 wdmaud - ok
22:32:10.0343 2688 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
22:32:10.0359 2688 WebClient - ok
22:32:10.0390 2688 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:32:10.0390 2688 winachsf - ok
22:32:10.0421 2688 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:32:10.0421 2688 winmgmt - ok
22:32:10.0453 2688 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:32:10.0453 2688 WmdmPmSN - ok
22:32:10.0500 2688 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
22:32:10.0515 2688 Wmi - ok
22:32:10.0546 2688 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:32:10.0546 2688 WmiApSrv - ok
22:32:10.0578 2688 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:32:10.0578 2688 wscsvc - ok
22:32:10.0593 2688 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:32:10.0593 2688 wuauserv - ok
22:32:10.0625 2688 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:32:10.0640 2688 WZCSVC - ok
22:32:10.0656 2688 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:32:10.0656 2688 xmlprov - ok
22:32:10.0656 2688 ================ Scan global ===============================
22:32:10.0671 2688 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:32:10.0687 2688 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
22:32:10.0718 2688 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
22:32:10.0718 2688 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
22:32:10.0718 2688 [Global] - ok
22:32:10.0718 2688 ================ Scan MBR ==================================
22:32:10.0750 2688 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
22:32:10.0953 2688 \Device\Harddisk0\DR0 - ok
22:32:10.0953 2688 ================ Scan VBR ==================================
22:32:10.0968 2688 [ 416D48A3F2DE60BDFC2D5DFEBC930EE8 ] \Device\Harddisk0\DR0\Partition1
22:32:10.0968 2688 \Device\Harddisk0\DR0\Partition1 - ok
22:32:10.0984 2688 [ 37AAA6D0DCCB6C48833AB81C800D40B4 ] \Device\Harddisk0\DR0\Partition2
22:32:10.0984 2688 \Device\Harddisk0\DR0\Partition2 - ok
22:32:10.0984 2688 ============================================================
22:32:10.0984 2688 Scan finished
22:32:10.0984 2688 ============================================================
22:32:11.0000 2992 Detected object count: 0
22:32:11.0000 2992 Actual detected object count: 0




aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 22:36:41
-----------------------------
22:36:41.765 OS Version: Windows 5.1.2600 Service Pack 2
22:36:41.765 Number of processors: 2 586 0xF06
22:36:41.765 ComputerName: D90L61C1 UserName: Milly
22:36:42.375 Initialize success
22:47:04.937 AVAST engine defs: 12090401
22:47:35.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:47:35.546 Disk 0 Vendor: Intel___ 1.0. Size: 238416MB BusType: 3
22:47:35.546 Disk 0 MBR read successfully
22:47:35.546 Disk 0 MBR scan
22:47:35.593 Disk 0 unknown MBR code
22:47:35.593 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:47:35.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 174008 MB offset 112455
22:47:35.593 Disk 0 Partition - 00 0F Extended LBA 59482 MB offset 356498415
22:47:35.625 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 4855 MB offset 478319310
22:47:35.640 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 59482 MB offset 356498478
22:47:35.640 Disk 0 scanning sectors +488263545
22:47:35.703 Disk 0 scanning C:\WINDOWS\system32\drivers
22:47:41.640 Service scanning
22:47:54.968 Modules scanning
22:47:58.843 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
22:47:59.531 Disk 0 trace - called modules:
22:47:59.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:47:59.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c6778]
22:47:59.546 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a161030]
22:47:59.921 AVAST engine scan C:\WINDOWS
22:48:07.671 AVAST engine scan C:\WINDOWS\system32
22:49:53.843 AVAST engine scan C:\WINDOWS\system32\drivers
22:50:06.890 AVAST engine scan C:\Documents and Settings\Milly
22:58:57.187 AVAST engine scan C:\Documents and Settings\All Users
22:59:48.546 Scan finished successfully
23:01:30.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Milly\Desktop\MBR.dat"
23:01:30.531 The log file has been saved successfully to "C:\Documents and Settings\Milly\Desktop\aswMBR.txt"



I have the ESET scan ready to go, but need some guidance as to scan settings. When the computer scan settings screen comes up, REMOVE FOUND THREATS is checked, as is ENABLE STEALTH TECHNOLOGY under advanced settings. What is recommended? I still have System Restore turned off, so don't want to change anything without guidance, so I would prefer just to do the scan and see what it reveals?

Also, the following are NOT checked, should any of them be checked before scanning?

Scan archives

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Use custom proxy settings ....configure

Edited by tomsmom, 04 September 2012 - 11:26 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 04 September 2012 - 11:23 PM

When the computer scan settings screen comes up, REMOVE FOUND THREATS


Remove them

#5 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 12:06 AM

Scanned with "Remove threats found" checked. No threats were found, log below:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=336345f484d75843ab857af4032116a1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 04:59:58
# local_time=2012-09-04 11:59:58 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74123
# found=0
# cleaned=0
# scan_time=1354


I ran another Eset scan, this time with "Scan potentially unwanted applications" AND "Remove threats found" checked:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=336345f484d75843ab857af4032116a1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 06:24:27
# local_time=2012-09-05 01:24:27 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74129
# found=0
# cleaned=0
# scan_time=1533


I noticed that Avast found a "suspicious" file, looked around as to what it might be from, and I do have Roxio on this computer, just to let you know.



Also, should I have run all these scans in safe mode?

Thank you.

Edited by tomsmom, 05 September 2012 - 01:29 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 05 September 2012 - 08:08 AM

You have to run all these scans in normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 04:46 PM

OK, done. All scans that you recommended have been done in Normal mode. On the first download on your list today (Malwarebytes), the version in your download link is the exact version that I have on this computer, 1.62.0.1300, with the latest update, v2012.09.05.10, Fingerprints loaded 316892. Instead of reinstalling, I ran the FULL scan after getting latest update for today, and it came up clean. If you want me to install again from your download link, please advise, and I will remove and reinstall.

I looked in the Malwarebytes Quarantine, and found something that was not there before, but there was no date on this entry, and I cannot find the log when it was discovered and quarantined.

The vendor is: Trojan Downloader
The file is: c:\documents and settings\Milly\Desktop\Local Settings\Temp\k41nansh.exe.part

It is still in quarantine, along with the three entries from the original Rogue.FakeHDD that were found and quarantined on 8/25/12. Those original 3 entries found and quarantined by Malwarebytes are at the top of my original post.

All of these 4 entries, the 3 Rogue.FakeHDD, and the Trojan Downloader, remain in Malwarebytes Quarantine. Should these all be deleted? Also, I DID ENABLE SYSTEM RESTORE BEFORE ATTEMPTING THE SCANS TODAY. Computer rebooted OK, no problem reaching internet.


TODAY'S SCANS:

MALWAREBYTES LOG:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Milly :: D90L61C1 [administrator]

9/5/2012 3:06:56 PM
mbam-log-2012-09-05 (15-06-56).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267161
Time elapsed: 22 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MINI TOOLBOX LOG:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Milly (administrator) on 05-09-2012 at 15:46:45
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : D90L61C1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-16-76-BE-D2-38
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
216.250.190.144
Lease Obtained. . . . . . . . . . : Wednesday, September 05, 2012 2:11:48 PM
Lease Expires . . . . . . . . . . : Thursday, September 06, 2012 2:11:48 PM
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.225.73, 74.125.225.78, 74.125.225.64, 74.125.225.65
74.125.225.66, 74.125.225.67, 74.125.225.68, 74.125.225.69, 74.125.225.70
74.125.225.71, 74.125.225.72


Pinging google.com [74.125.225.78] with 32 bytes of data:

Reply from 74.125.225.78: bytes=32 time=56ms TTL=56
Reply from 74.125.225.78: bytes=32 time=50ms TTL=56

Ping statistics for 74.125.225.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 56ms, Average = 53ms
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=764ms TTL=54
Reply from 72.30.38.140: bytes=32 time=710ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 710ms, Maximum = 764ms, Average = 737ms
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 16 76 be d2 38 ...... Intel® 82566DC Gigabit Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 20
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 20
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 20
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/31/2012 01:26:14 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 11.61.1250.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 01:18:47 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 11.61.1250.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 01:06:07 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 11.61.1250.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/30/2012 03:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application opera.exe, version 11.61.1250.0, faulting module gdi32.dll, version 5.1.2600.3466, fault address 0x0000b041.
Processing media-specific event for [opera.exe!ws!]

Error: (08/29/2012 03:04:43 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2012 04:59:05 PM) (Source: Application Error) (User: )
Description: Faulting application SfCtlCom.exe, version 16.60.0.3021, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [SfCtlCom.exe!ws!]

Error: (08/28/2012 10:48:08 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (08/27/2012 00:18:21 AM) (Source: Application Error) (User: )
Description: Faulting application SfCtlCom.exe, version 16.60.0.3021, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [SfCtlCom.exe!ws!]

Error: (08/26/2012 10:35:29 PM) (Source: Application Error) (User: )
Description: Faulting application opera.exe, version 11.61.1250.0, faulting module opera.dll, version 11.61.1250.0, fault address 0x001e19ee.
Processing media-specific event for [opera.exe!ws!]

Error: (08/25/2012 10:22:01 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/05/2012 02:11:59 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (09/05/2012 02:11:59 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/05/2012 02:29:27 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (09/05/2012 02:29:27 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/05/2012 02:28:15 AM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal.

Error: (09/04/2012 09:57:05 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal.

Error: (09/04/2012 09:10:54 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (09/04/2012 09:10:54 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/04/2012 09:04:21 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (09/04/2012 09:04:21 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20


Microsoft Office Sessions:
=========================
Error: (08/31/2012 01:26:14 AM) (Source: Application Hang)(User: )
Description: opera.exe11.61.1250.0hungapp0.0.0.000000000

Error: (08/31/2012 01:18:47 AM) (Source: Application Hang)(User: )
Description: opera.exe11.61.1250.0hungapp0.0.0.000000000

Error: (08/31/2012 01:06:07 AM) (Source: Application Hang)(User: )
Description: opera.exe11.61.1250.0hungapp0.0.0.000000000

Error: (08/30/2012 03:05:50 PM) (Source: Application Error)(User: )
Description: opera.exe11.61.1250.0gdi32.dll5.1.2600.34660000b041

Error: (08/29/2012 03:04:43 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.2180hungapp0.0.0.000000000

Error: (08/28/2012 04:59:05 PM) (Source: Application Error)(User: )
Description: SfCtlCom.exe16.60.0.3021unknown0.0.0.000000000

Error: (08/28/2012 10:48:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (08/27/2012 00:18:21 AM) (Source: Application Error)(User: )
Description: SfCtlCom.exe16.60.0.3021unknown0.0.0.000000000

Error: (08/26/2012 10:35:29 PM) (Source: Application Error)(User: )
Description: opera.exe11.61.1250.0opera.dll11.61.1250.0001e19ee

Error: (08/25/2012 10:22:01 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.87hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.3.13070)
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 6.0.1 (Version: 006.000.001)
Andrea VoiceCenter
AOLIcon (Version: 1.00.0000)
ATI Catalyst Control Center (Version: 1.2.2370.37610)
ATI Display Driver (Version: 8.263-060607a-034018C-Dell)
calibre (Version: 0.8.38)
CallWave
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement (Version: 1.10.0000)
Corel Paint Shop Pro Photo XI (Version: 11.00.0000)
Corel Snapfire Plus (Version: 1.00.0000)
Coupon Printer for Windows (Version: 5.0.0.1)
CreataCard Plus 3
Creative Audio Pack
Creative MediaSource 5 (Version: 5.00)
Dell CinePlayer (Version: 3.0)
Dell DataSafe (Version: 1.00.0000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Game Console
Dell Support 3.2 (Version: 5.5.2038)
Dell System Restore (Version: 2.00.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
Documentation & Support Launcher (Version: 1.00.0000)
EducateU (Version: 1.00.0000)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
Games, Music, & Photos Launcher (Version: 1.00.0000)
GemMaster Mystic
Get High Speed Internet! (Version: 1.00.0000)
Google Chrome (Version: 6.0.472.63)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.53)
Greeting Card Factory Deluxe 6.0 (Version: 6.0.0.20)
Hallmark Card Studio 2006 Deluxe (Version: 7.0.0.15)
Hallmark Card Studio 2009 Deluxe (Version: 10.0.0.28)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Deskjet 9800 (Version: 1.00.0000)
HP Deskjet 9800 Series
HP Imaging Device Functions 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software (Version: 1.0.3.2019)
Internet Service Offers Launcher (Version: 1.00.0000)
Invoke Solutions Participant 6.2.0.1450
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Works (Version: 08.05.0818)
Modem Helper (Version: 2.40)
Mozilla Firefox (3.0.10) (Version: 3.0.10 (en-US))
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NetWaiting (Version: 2.5.12)
Opera 11.61 (Version: 11.61.1250)
Otto
PanoStandAlone (Version: 70.0.170.000)
PDF-Viewer (Version: 2.0.46.0)
Picaboo X (Version: 10.131)
Picaboo X (Version: 10.131P)
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime
RealPlayer Basic
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Samsung ML-1630 Series
SearchAssist
Sonic Activation Module (Version: 1.0)
Sonic Advanced Decoder
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Sound Blaster Audigy ADVANCED MB Product Registration
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.0.1146)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.5.0)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB900485) (Version: 2)
Update for Windows XP (KB910437) (Version: 1)
Update for Windows XP (KB911280) (Version: 2)
Update for Windows XP (KB912945) (Version: 1)
Update for Windows XP (KB916595) (Version: 1)
Update for Windows XP (KB920872) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Update for Windows XP (KB927891) (Version: 3)
Update for Windows XP (KB929338) (Version: 1)
Update for Windows XP (KB930916) (Version: 1)
Update for Windows XP (KB931836) (Version: 1)
Update for Windows XP (KB933360) (Version: 1)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB938828) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB942840) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB889673 (Version: 20041116.085848)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB890927 (Version: 20050111.122717)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Music Jukebox (Version: 2.0.0.134)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 2045.98 MB
Available physical RAM: 1449.79 MB
Total Pagefile: 3938.36 MB
Available Pagefile: 3416.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.35 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:169.93 GB) (Free:142.19 GB) NTFS
3 Drive d: (Backup) (Fixed) (Total:58.09 GB) (Free:58.02 GB) NTFS

========================= Users: ========================================

User accounts for \\D90L61C1

Administrator Guest HelpAssistant
Milly SUPPORT_388945a0


**** End of log ****



FSS LOG:

Farbar Service Scanner Version: 06-08-2012
Ran by Milly (administrator) on 05-09-2012 at 15:55:16
Running from "C:\Documents and Settings\Milly\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2005-08-16 04:18] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2005-08-16 04:18] - [2004-08-10 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-08-16 04:18] - [2007-10-30 12:20] - 0360064 ____A (Microsoft Corporation) 90CAFF4B094573449A0872A0F919B178

C:\WINDOWS\system32\Drivers\ipsec.sys
[2005-08-16 04:18] - [2004-08-10 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2005-08-16 04:18] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2005-08-16 04:18] - [2004-08-10 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2005-08-16 04:18] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 04:37] - [2004-08-10 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2005-08-16 04:40] - [2004-08-10 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2005-08-16 04:40] - [2004-08-10 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2005-08-16 04:18] - [2004-08-10 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 04:37] - [2004-08-10 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2005-08-16 04:40] - [2004-08-10 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2005-08-16 04:40] - [2004-08-10 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2005-08-16 04:18] - [2005-07-25 23:39] - 0243200 ____A (Microsoft Corporation) 34BBD9ACC1538818F2C878898C64E793

C:\WINDOWS\system32\cryptsvc.dll
[2005-08-16 04:18] - [2004-08-10 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2005-08-16 04:18] - [2004-08-10 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2005-08-16 04:18] - [2005-07-25 23:39] - 0397824 ____A (Microsoft Corporation) CE94A2BD25E3E9F4D46A7373FF455C6D

C:\WINDOWS\system32\services.exe
[2005-08-16 04:18] - [2004-08-10 05:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x140000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000120000001300000014000000
IpSec Tag value is correct.

**** End of log ****



Adwarecleaner log

# AdwCleaner v2.000 - Logfile created 09/05/2012 at 15:59:10
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Milly - D90L61C1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milly\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Milly\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v3.0.10 (en-US)

Profile name : default
File : C:\Documents and Settings\Milly\Application Data\Mozilla\Firefox\Profiles\989qq65g.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v6.0.472.63

File : C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.61.1250.0

File : C:\Documents and Settings\Milly\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2841 octets] - [05/09/2012 15:59:10]

########## EOF - C:\AdwCleaner[S1].txt - [2901 octets] ##########

Edited by tomsmom, 05 September 2012 - 04:51 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 05 September 2012 - 05:03 PM

All of these 4 entries, the 3 Rogue.FakeHDD, and the Trojan Downloader, remain in Malwarebytes Quarantine. Should these all be deleted?


yes

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues>?

#9 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 09:38 PM

No, no other issues that I am aware of. I want to mention that all of the scans I have run have been with hidden files shown. I did just get another new update and full scan for Malwarebytes (v2012.09.06.02), came up clean again. I have also deleted those things mentioned in my last reply from Malwarebytes Quarantine.


MALWAREBYTES LATEST LOG:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Milly :: D90L61C1 [administrator]

9/5/2012 8:58:30 PM
mbam-log-2012-09-05 (20-58-30).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267489
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


RKILL LOG:

Rkill 2.3.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/05/2012 09:35:27 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\stsystra.exe (PID: 1600) [WD-HEUR]
* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 1720) [WD-HEUR]
* C:\DOCUME~1\Milly\LOCALS~1\Temp\clclean.0001 (PID: 1784) [SUP-HEUR]
* C:\DOCUME~1\Milly\LOCALS~1\Temp\clclean.0001 (PID: 1784) [T-HEUR]
* C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (PID: 2004) [WD-HEUR]
* C:\WINDOWS\system32\CTsvcCDA.exe (PID: 1716) [WD-HEUR]

6 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Disabled

* atapi => \SystemRoot\system32\DRIVERS\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/05/2012 09:35:54 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 05 September 2012 - 09:41 PM

I want you to check if your startmenu folders and programs have been restored.

#11 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 09:57 PM

As I mentioned in my first post, I ran Unhide.exe when I thought that I was over this mess. All of my icons, system tray, programs in my Start menu and Programs list are all there and normal-looking. Of course, with all the programs on the computer, I haven't used too many of them since this infection, but those that I have used appear to be functioning as before. The only thing that persists is the odd color of the desktop. I never had the black desktop that many have reported with this nasty, but since the infection it's turned from the usual light blue color to a very dark, almost navy, blue, and that remains.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 05 September 2012 - 10:02 PM

Press Windows+R key and type

regedit and click ok

Go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

On right side Delete the value NoDesktop & NoActiveDesktop.

go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Delete the value NoChangingWallPaper

Restart the PC and see if that helps

Skip the steps if you dont find the entry.

#13 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 10:29 PM

I don't have either of these, what I have is:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

NAME
ab (default)

TYPE
REG_SZ

DATA
(value not set)


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

I have:

NAME
ab (default)

TYPE
REG_SZ

DATA
(value not set)

NAME
NoDriveTypeAutoRun

TYPE
REG_DWORD

DATA
0X00000091 (145)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:46 PM

Posted 05 September 2012 - 10:36 PM

Restart the PC and change the desktop background and see if that helps.

Edited by narenxp, 05 September 2012 - 11:51 PM.


#15 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 September 2012 - 11:43 PM

Sorry for the delay, I messed up! I downloaded RogueKiller to my desktop, but instead of right clicking and selecting run as administrator as you said, I accidentally double clicked it. It immediately began scanning and I stopped it by closing the window. So, for the first time in my XP career, pretty good I guess--6 years, I got to see the "blue screen of death". It told me that a problem had been detected.........."The problem seems to be caused by the following file: Truesight.sys

DRIVER_UNLOADED_WITHOUT_CANCELING_PENDING_OPERATIONS

Technical information:

STOP: 0x000000CE
(0x9A79F57E, 0x00000008, 0x9A79F57E, 0x00000000)

I was able to recover by just shutting the computer off, then rebooting. So, that little icon is just sitting there on my desktop, I'm a little afraid to even touch it, LOL! Did I create this error by what I did, or is it some sort of conflict with the software and this machine?

Can you please tell me where we are up to this point? With all the scans so far, is it possible to determine if this computer is clean or infected? Is the fact that my desktop is still the wrong color a sign that there is still some malware influence?

Thanks.

Edited by tomsmom, 05 September 2012 - 11:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users