Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell laptop has 2 trojans I can't remove--Help!!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Phydron

Phydron

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 27 October 2012 - 02:41 PM

My old Dell 1150 has, somehow, been infected with Trojan.Generic.30HTX and WD-HEUR. Most software tools won't run. I did manage to get Gmer to
run and have a text file. When I try to run DDS, it give an error message, "Temp file invalid". You guys were generious enough to fix my other
laptop and I'm hopeing to impose on you to help fix this one. They were on the same router/repeater which I have discarded in case it's the source
of these infections. Two wireless computers were uneffected.

Any help will be greatly appreciated.

PS. I did get DDS to run.


DDS (Ver_2012-10-19.01) - FAT32_x86
Internet Explorer: 6.0.2900.2180
Run by Owner at 8:10:44 on 2012-10-28
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.667 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
Hosts: 0.0.0.0 localhost
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-10-23 97440]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-10-26 439632]
.
=============== Created Last 30 ================
.
2012-10-27 20:04:48 -------- d--h--w- c:\windows\PIF
2012-10-27 16:40:27 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2012-10-27 04:21:36 -------- d-sh--w- C:\Recycled
2012-10-27 04:02:11 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2012-10-27 04:02:11 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2012-10-27 03:47:28 -------- d-----w- c:\documents and settings\owner\DoctorWeb
2012-10-27 03:42:00 -------- d-----w- c:\program files\WinPcap
2012-10-27 03:41:41 -------- d-----w- c:\program files\Trend Micro
2012-10-27 02:48:39 -------- d-----w- C:\bd_logs
2012-10-24 20:18:24 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-10-24 20:18:24 52864 ----a-w- c:\windows\system32\dllcache\dmusic.sys
2012-10-24 20:18:23 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-10-24 20:18:23 54272 ----a-w- c:\windows\system32\dllcache\swmidi.sys
2012-10-24 19:33:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
2012-10-23 19:50:06 -------- d-sh--w- C:\FOUND.001
2012-10-23 19:47:33 -------- d-----w- c:\documents and settings\all users\application data\SMR311
2012-10-23 19:37:58 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-10-23 19:37:57 -------- d-----w- c:\documents and settings\owner\application data\SPE
2012-10-23 18:43:36 -------- d-sh--w- C:\FOUND.000
2012-10-22 01:02:44 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-10-22 00:52:40 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-22 00:06:22 -------- d-----w- c:\documents and settings\owner\application data\AVG2013
2012-10-22 00:03:03 -------- d-----w- c:\documents and settings\owner\application data\TuneUp Software
2012-10-22 00:01:49 -------- d--h--w- C:\$AVG
2012-10-22 00:01:49 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-10-21 23:58:38 -------- d-----w- c:\program files\AVG
2012-10-21 23:44:41 -------- d-----w- C:\FRST
2012-10-21 23:41:50 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-10-21 23:41:48 -------- d-----w- c:\documents and settings\owner\local settings\application data\Avg2013
2012-10-21 23:41:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\MFAData
2012-10-21 23:41:47 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-10-21 23:00:10 290304 ----a-w- C:\subinacl.exe
2012-10-21 20:35:35 -------- d-----w- C:\MGTools
2012-10-21 20:35:34 -------- d-----w- C:\JRT
2012-10-21 20:33:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-21 20:09:33 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-10-21 20:05:37 -------- d--h--w- c:\documents and settings\owner\WLANProfiles
2012-10-21 20:05:37 -------- d--h--w- c:\documents and settings\all users\WLANProfiles
2012-10-21 20:05:14 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-10-21 20:04:33 -------- d-----w- c:\windows\system32\LogFiles
2012-10-21 19:47:26 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2012-10-21 19:47:11 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2012-10-21 19:47:11 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2012-10-21 19:47:06 89088 ----a-w- c:\windows\system32\ATL71.DLL
2012-10-21 19:47:06 86016 ----a-w- c:\windows\system32\preflib.dll
2012-10-21 19:47:06 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2012-10-21 19:47:06 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
2012-10-21 19:47:06 44032 ----a-w- c:\windows\system32\wltrynt.dll
2012-10-21 19:47:06 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2012-10-21 19:47:06 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2012-10-21 19:47:06 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-10-21 19:47:06 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2012-10-21 19:18:42 -------- d-----w- c:\windows\PCTEL
2012-10-21 18:49:18 -------- d-----w- c:\program files\Broadcom
2012-10-21 18:48:57 -------- d-----w- c:\windows\Downloaded Installations
2012-10-21 18:44:47 155648 ----a-w- c:\windows\system32\igfxres.dll
2012-10-21 18:42:05 57344 ----a-w- c:\windows\BCMSMD2K.exe
2012-10-21 18:42:05 49152 ----a-w- c:\windows\system32\BCMSM168.dll
2012-10-21 18:42:05 151552 ----a-w- c:\windows\BCMSMU.exe
2012-10-21 18:42:05 122880 ----a-w- c:\windows\system32\BCMSMI32.dll
2012-10-21 18:42:05 122880 ----a-w- c:\windows\BCMSMMSG.exe
2012-10-21 18:42:05 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys
2012-10-21 00:49:29 -------- d-----w- c:\windows\Drivers
2012-10-21 00:47:33 3096576 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-10-21 00:47:33 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-10-21 00:47:33 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-10-21 00:47:32 424448 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2012-10-21 00:47:32 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-10-21 00:37:04 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-21 00:36:54 -------- d-----w- c:\program files\Tweaking.com
2012-10-21 00:15:33 53248 ----a-w- c:\windows\system32\DellSys.dll
2012-10-21 00:15:26 -------- d-----w- c:\program files\Dell
2012-10-20 23:49:44 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-20 23:49:44 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-20 23:49:38 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-10-20 23:49:38 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-20 23:49:23 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-10-20 23:49:23 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-10-20 23:27:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\NPE
2012-10-20 23:27:37 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-10-20 19:32:47 -------- d-----w- c:\program files\Digital Line Detect
2012-10-20 19:20:13 -------- d-----w- c:\program files\CONEXANT
2012-10-20 19:12:09 -------- d-----w- c:\program files\Modem Helper
2012-10-20 19:00:32 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-10-20 19:00:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-20 19:00:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 19:00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-10-02 11:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 11:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 11:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 11:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 11:45:52 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 11:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 11:11:20 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 8:12:37.80 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2012 10:28:13 AM
System Uptime: 10/28/2012 8:07:02 AM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 0F3553
Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2397/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 11 GiB total, 7.241 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell TrueMobile 1300 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_43201737&REV_02\5&2F938BA4&0&0020F0
Manufacturer: Broadcom
Name: Dell TrueMobile 1300 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_43201737&REV_02\5&2F938BA4&0&0020F0
Service: BCM43XX
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_017F1028&REV_01\3&61AAA01&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_017F1028&REV_01\3&61AAA01&0&FD
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AVG 2013
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Dell ResourceCD
Dell Wireless WLAN Card
Digital Line Detect
Intel® Extreme Graphics 2 Driver
Intel® PROSet
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Modem Helper
Trend Micro RUBotted 2.0 Beta
Tweaking.com - Windows Repair (All in One)
WebFldrs XP
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 6:41:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT PCIIde RasAcd Rdbss Tcpip WS2IFSL
10/28/2012 6:41:00 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2012 6:41:00 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2012 6:41:00 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2012 6:41:00 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2012 6:41:00 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2012 6:40:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2012 6:40:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/27/2012 9:46:48 AM, error: Dhcp [1002] - The IP address lease 192.168.69.148 for the Network Card with network address 000B7D0A0686 has been denied by the DHCP server 192.168.1.9 (The DHCP Server sent a DHCPNACK message).
10/27/2012 9:46:08 AM, error: Dhcp [1002] - The IP address lease 192.168.1.13 for the Network Card with network address 000625412E6C has been denied by the DHCP server 192.168.1.9 (The DHCP Server sent a DHCPNACK message).
10/27/2012 9:12:01 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.13 with the system having network hardware address 00:13:10:2B:80:87. Network operations on this system may be disrupted as a result.
10/27/2012 10:31:56 AM, error: Dhcp [1002] - The IP address lease 192.168.1.14 for the Network Card with network address 000625412E6C has been denied by the DHCP server 192.168.1.9 (The DHCP Server sent a DHCPNACK message).
10/26/2012 6:06:38 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
10/26/2012 6:06:26 AM, error: SRService [104] - The System Restore initialization process failed.
10/23/2012 8:44:51 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
10/23/2012 11:44:05 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 000B7D0A0686 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/21/2012 2:55:28 PM, error: Service Control Manager [7034] - The WLTRYSVC service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 2:55:28 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 2:55:25 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 2:54:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 000B7D0A0686 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/21/2012 2:19:40 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR311\0000 disappeared from the system without first being prepared for removal.
10/21/2012 2:12:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
10/21/2012 12:26:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-27 12:03:44
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e IBM-DARA-212000 rev.AR4OA54A
Running: z7sgkvth.exe; Driver: C:\pfdcipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwAdjustPrivilegesToken [0xEE044690]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwClose [0xEE044F94]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwConnectPort [0xEE045DC8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateEvent [0xEE046312]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateFile [0xEE045270]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateKey [0xEE043500]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateMutant [0xEE0461F8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateNamedPipeFile [0xEE04427E]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreatePort [0xEE0460CC]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateSection [0xEE044426]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateSemaphore [0xEE046432]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateThread [0xEE044C1C]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwCreateWaitablePort [0xEE046162]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwDebugActiveProcess [0xEE047B1A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwDeleteKey [0xEE043B0A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwDeleteValueKey [0xEE043EBE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwDeviceIoControlFile [0xEE0456F2]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwDuplicateObject [0xEE048D26]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwEnumerateKey [0xEE04400A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwEnumerateValueKey [0xEE0440A2]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwFsControlFile [0xEE045500]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwLoadDriver [0xEE047C0C]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwLoadKey [0xEE0434DC]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwLoadKey2 [0xEE0434EE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwMapViewOfSection [0xEE048374]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwNotifyChangeKey [0xEE0441CE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF766B21A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenEvent [0xEE0463A8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenFile [0xEE045016]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenKey [0xEE0436C0]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenMutant [0xEE046288]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenProcess [0xEE0448CC]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenSection [0xEE04810E]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenSemaphore [0xEE0464C8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwOpenThread [0xEE0447BE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwQueryKey [0xEE04413A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwQueryMultipleValueKey [0xEE043D72]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwQuerySection [0xEE0486AE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwQueryValueKey [0xEE04399C]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwQueueApcThread [0xEE047FA0]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwRenameKey [0xEE043C2C]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwReplaceKey [0xEE042F16]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwReplyPort [0xEE04682C]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwReplyWaitReceivePort [0xEE0466F2]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwRequestWaitReplyPort [0xEE0478B4]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwRestoreKey [0xEE04328E]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwResumeThread [0xEE048BC8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSaveKey [0xEE042EAE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSecureConnectPort [0xEE045B0E]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSetContextThread [0xEE044E38]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSetInformationToken [0xEE047154]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSetSecurityObject [0xEE047DAA]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSetSystemInformation [0xEE0487FE]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSetValueKey [0xEE043816]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSuspendProcess [0xEE0488F0]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSuspendThread [0xEE048A2A]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwSystemDebugControl [0xEE047A3E]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwTerminateProcess [0xEE044A68]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwTerminateThread [0xEE0449C8]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwUnmapViewOfSection [0xEE048552]
SSDT \SystemRoot\system32\DRIVERS\5443961drv.sys ZwWriteVirtualMemory [0xEE044B52]

Code \SystemRoot\system32\DRIVERS\5443961drv.sys FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\5443961drv.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [0C, 7C, 04, EE, DC, 34, 04, ...] {OR AL, 0x7c; ADD AL, 0xee; FDIV QWORD [ESP+EAX]; OUT DX, AL ; OUT DX, AL ; XOR AL, 0x4; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 34F 804E3020 16 Bytes [2C, 3C, 04, EE, 16, 2F, 04, ...]
.text ntoskrnl.exe!_abnormal_termination + 443 804E3114 12 Bytes [F0, 88, 04, EE, 2A, 8A, 04, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP EE0373AC \SystemRoot\system32\DRIVERS\5443961drv.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP EE036FD0 \SystemRoot\system32\DRIVERS\5443961drv.sys
? system32\DRIVERS\5443961drv.sys The system cannot find the path specified. !
? system32\DRIVERS\17705781.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by Phydron, 28 October 2012 - 01:57 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 29 October 2012 - 10:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 29 October 2012 - 12:23 PM

Thanks for your help. Here are the logs you requested:

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 08:41:26
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - NORM-B4E2122487
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


Thanks, Norm


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

*************************

AdwCleaner[R2].txt - [686 octets] - [23/10/2012 10:40:17]
AdwCleaner[R3].txt - [745 octets] - [23/10/2012 10:40:47]
AdwCleaner[S1].txt - [804 octets] - [23/10/2012 10:41:11]
AdwCleaner[R4].txt - [862 octets] - [24/10/2012 12:04:00]
AdwCleaner[R5].txt - [862 octets] - [24/10/2012 12:04:13]
AdwCleaner[S2].txt - [921 octets] - [24/10/2012 12:04:42]
AdwCleaner[R6].txt - [980 octets] - [26/10/2012 20:15:26]
AdwCleaner[R7].txt - [1050 octets] - [28/10/2012 06:50:05]
AdwCleaner[S3].txt - [1171 octets] - [28/10/2012 06:50:36]
AdwCleaner[R8].txt - [1203 octets] - [29/10/2012 08:40:48]
AdwCleaner[S4].txt - [1134 octets] - [29/10/2012 08:41:26]

########## EOF - C:\AdwCleaner[S4].txt - [1194 octets] ##########

ComboFix 12-10-29.04 - Owner 10/29/2012 8:29.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.626 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\SMR311\Archive\afd.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-28 16:21 . 2012-10-28 16:21 -------- d-----w- C:\cdb3a692c4ecc9c529bd6807498a
2012-10-27 02:48 . 2012-10-27 02:48 -------- d-----w- C:\bd_logs
2012-10-23 19:50 . 2012-10-23 19:50 -------- d-----w- C:\FOUND.001
2012-10-23 18:43 . 2012-10-23 18:43 -------- d-----w- C:\FOUND.000
2012-10-22 00:01 . 2012-10-22 00:01 -------- d-----w- C:\$AVG
2012-10-21 23:44 . 2012-10-21 23:44 -------- d-----w- C:\FRST
2012-10-21 23:00 . 2004-06-12 00:33 290304 ----a-w- C:\subinacl.exe
2012-10-21 20:35 . 2012-10-21 20:35 -------- d-----w- C:\MGTools
2012-10-21 20:35 . 2012-10-21 20:35 -------- d-----w- C:\JRT
2012-10-21 20:33 . 2012-10-21 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-21 00:37 . 2012-10-21 00:37 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 11:46 . 2012-09-21 11:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 11:46 . 2012-09-21 11:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 11:45 . 2012-09-21 11:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 11:45 . 2012-09-21 11:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 11:05 . 2012-09-14 11:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 11:11 . 2012-09-13 11:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-26 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-26 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-10-20 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7ac):
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 09:33 188482 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [10/23/2012 11:37 AM 97440]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/2/2012 3:32 AM 193568]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [10/26/2012 7:41 PM 439632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [10/2/2012 3:32 AM 5783672]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.9
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 08:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2012-10-29 08:37:00
ComboFix-quarantined-files.txt 2012-10-29 16:36
.
Pre-Run: 8,222,007,296 bytes free
Post-Run: 8,190,222,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D7B4906D35270F6CA1A66F8484D6E6D5



AVG 2013
Trend Micro RUBotted 2.0 Beta
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Trend Micro RUBotted RUBotSrv.exe
Trend Micro RUBotted RUBottedGUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Edited by Phydron, 29 October 2012 - 12:24 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 29 October 2012 - 01:03 PM

Nothing much found on your logs.

Let check further.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review and let me know if the problem persists.

#5 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 29 October 2012 - 02:10 PM

Thanks again, Here are the files you requested:

Farbar Service Scanner Version: 27-10-2012
Ran by Owner (administrator) on 29-10-2012 at 10:52:53
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-12 14:01] - [2004-08-12 14:01] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-12 14:07] - [2004-08-12 14:07] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-12 13:58] - [2004-08-12 13:58] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-12 13:56] - [2004-08-12 13:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-12 13:58] - [2004-08-12 13:58] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-12 14:02] - [2004-08-12 14:02] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-10-20 10:11] - [2004-08-12 07:10] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2012-10-20 10:15] - [2004-08-12 07:06] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2012-10-20 10:15] - [2004-08-12 07:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-12 14:10] - [2004-08-12 14:10] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-10-20 10:11] - [2004-08-12 07:10] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2012-10-20 10:15] - [2004-08-12 07:10] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2012-10-20 10:15] - [2004-08-12 07:03] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-12 13:57] - [2004-08-12 13:57] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-12 13:56] - [2004-08-12 13:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-12 14:06] - [2004-08-12 14:06] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-12 14:04] - [2004-08-12 14:04] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-12 14:05] - [2004-08-12 14:05] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
AegisP(9) Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

10:37:07.0737 3320 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:37:08.0558 3320 ============================================================
10:37:08.0558 3320 Current date / time: 2012/10/29 10:37:08.0558
10:37:08.0558 3320 SystemInfo:
10:37:08.0558 3320
10:37:08.0558 3320 OS Version: 5.1.2600 ServicePack: 2.0
10:37:08.0558 3320 Product type: Workstation
10:37:08.0558 3320 ComputerName: NORM-B4E2122487
10:37:08.0558 3320 UserName: Owner
10:37:08.0558 3320 Windows directory: C:\WINDOWS
10:37:08.0558 3320 System windows directory: C:\WINDOWS
10:37:08.0558 3320 Processor architecture: Intel x86
10:37:08.0558 3320 Number of processors: 1
10:37:08.0558 3320 Page size: 0x1000
10:37:08.0558 3320 Boot type: Normal boot
10:37:08.0558 3320 ============================================================
10:37:11.0633 3320 Drive \Device\Harddisk0\DR0 - Size: 0x2CF940000 (11.24 Gb), SectorSize: 0x200, Cylinders: 0x5BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:37:11.0643 3320 Drive \Device\Harddisk1\DR2 - Size: 0xEEDA0000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:37:11.0643 3320 ============================================================
10:37:11.0643 3320 \Device\Harddisk0\DR0:
10:37:11.0643 3320 MBR partitions:
10:37:11.0643 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1679BBC
10:37:11.0643 3320 \Device\Harddisk1\DR2:
10:37:11.0643 3320 MBR partitions:
10:37:11.0643 3320 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x776CC1
10:37:11.0643 3320 ============================================================
10:37:11.0643 3320 C: <-> \Device\Harddisk0\DR0\Partition1
10:37:11.0643 3320 ============================================================
10:37:11.0643 3320 Initialize success
10:37:11.0643 3320 ============================================================
10:37:26.0204 3832 ============================================================
10:37:26.0204 3832 Scan started
10:37:26.0204 3832 Mode: Manual; SigCheck; TDLFS;
10:37:26.0204 3832 ============================================================
10:37:27.0726 3832 ================ Scan system memory ========================
10:37:27.0736 3832 System memory - ok
10:37:27.0736 3832 ================ Scan services =============================
10:37:27.0796 3832 Abiosdsk - ok
10:37:27.0816 3832 abp480n5 - ok
10:37:27.0886 3832 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:37:28.0787 3832 ACPI - ok
10:37:28.0837 3832 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:37:29.0068 3832 ACPIEC - ok
10:37:29.0088 3832 adpu160m - ok
10:37:29.0298 3832 [ 82F6F4A317BD71C21100C11D23B46955 ] ADZIDSG C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ADZIDSG.exe
10:37:29.0579 3832 ADZIDSG ( UnsignedFile.Multi.Generic ) - warning
10:37:29.0579 3832 ADZIDSG - detected UnsignedFile.Multi.Generic (1)
10:37:29.0629 3832 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:37:29.0649 3832 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:37:29.0649 3832 AegisP - detected UnsignedFile.Multi.Generic (1)
10:37:29.0719 3832 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:37:29.0949 3832 AFD - ok
10:37:29.0969 3832 Aha154x - ok
10:37:29.0979 3832 aic78u2 - ok
10:37:29.0999 3832 aic78xx - ok
10:37:30.0209 3832 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:37:30.0430 3832 Alerter - ok
10:37:30.0540 3832 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
10:37:30.0650 3832 ALG - ok
10:37:30.0670 3832 AliIde - ok
10:37:30.0680 3832 amsint - ok
10:37:30.0830 3832 AppMgmt - ok
10:37:30.0850 3832 asc - ok
10:37:30.0870 3832 asc3350p - ok
10:37:30.0880 3832 asc3550 - ok
10:37:30.0910 3832 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:37:31.0181 3832 AsyncMac - ok
10:37:31.0221 3832 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:37:31.0481 3832 atapi - ok
10:37:31.0491 3832 Atdisk - ok
10:37:31.0541 3832 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:37:31.0832 3832 Atmarpc - ok
10:37:32.0032 3832 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:37:32.0332 3832 AudioSrv - ok
10:37:32.0603 3832 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:37:32.0853 3832 audstub - ok
10:37:33.0955 3832 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:37:35.0407 3832 AVGIDSAgent - ok
10:37:35.0978 3832 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:37:36.0679 3832 AVGIDSDriver - ok
10:37:37.0019 3832 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:37:37.0129 3832 AVGIDSHX - ok
10:37:37.0300 3832 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:37:37.0380 3832 AVGIDSShim - ok
10:37:37.0560 3832 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:37:37.0650 3832 Avgldx86 - ok
10:37:37.0910 3832 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:37:37.0981 3832 Avglogx - ok
10:37:38.0011 3832 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:37:38.0091 3832 Avgmfx86 - ok
10:37:38.0151 3832 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:37:38.0221 3832 Avgrkx86 - ok
10:37:38.0291 3832 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:37:38.0361 3832 Avgtdix - ok
10:37:40.0004 3832 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:37:40.0044 3832 avgwd - ok
10:37:43.0549 3832 [ BF84C5CAB6392BB4EF01248287F69388 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:37:43.0959 3832 BCM43XX - ok
10:37:44.0370 3832 [ E727776A56A51B7E6B7C87C02EA8B405 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:37:44.0560 3832 bcm4sbxp - ok
10:37:45.0531 3832 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:37:45.0782 3832 BCMModem - ok
10:37:45.0822 3832 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:37:46.0062 3832 Beep - ok
10:37:46.0403 3832 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
10:37:46.0753 3832 BITS - ok
10:37:46.0833 3832 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
10:37:47.0054 3832 Browser - ok
10:37:47.0074 3832 bvrp_pci - ok
10:37:47.0204 3832 catchme - ok
10:37:47.0234 3832 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:37:47.0474 3832 cbidf2k - ok
10:37:47.0494 3832 cd20xrnt - ok
10:37:47.0594 3832 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:37:47.0845 3832 Cdaudio - ok
10:37:47.0925 3832 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:37:48.0205 3832 Cdfs - ok
10:37:48.0305 3832 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:37:48.0576 3832 Cdrom - ok
10:37:48.0586 3832 Changer - ok
10:37:48.0646 3832 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:37:48.0896 3832 CiSvc - ok
10:37:49.0157 3832 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:37:49.0407 3832 ClipSrv - ok
10:37:49.0517 3832 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:37:49.0778 3832 CmBatt - ok
10:37:49.0788 3832 CmdIde - ok
10:37:49.0828 3832 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:37:50.0098 3832 Compbatt - ok
10:37:50.0168 3832 COMSysApp - ok
10:37:50.0188 3832 Cpqarray - ok
10:37:50.0248 3832 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:37:50.0489 3832 CryptSvc - ok
10:37:50.0499 3832 dac2w2k - ok
10:37:50.0519 3832 dac960nt - ok
10:37:50.0619 3832 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:37:50.0899 3832 DcomLaunch - ok
10:37:51.0029 3832 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:37:51.0270 3832 Dhcp - ok
10:37:51.0320 3832 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:37:51.0580 3832 Disk - ok
10:37:51.0610 3832 dmadmin - ok
10:37:51.0770 3832 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:37:52.0431 3832 dmboot - ok
10:37:52.0542 3832 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:37:52.0802 3832 dmio - ok
10:37:52.0902 3832 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:37:53.0172 3832 dmload - ok
10:37:53.0202 3832 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
10:37:53.0463 3832 dmserver - ok
10:37:53.0523 3832 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:37:53.0773 3832 DMusic - ok
10:37:53.0813 3832 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:37:54.0054 3832 Dnscache - ok
10:37:54.0064 3832 dpti2o - ok
10:37:54.0154 3832 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:37:54.0374 3832 ERSvc - ok
10:37:54.0434 3832 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
10:37:54.0665 3832 Eventlog - ok
10:37:54.0755 3832 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
10:37:54.0975 3832 EventSystem - ok
10:37:55.0015 3832 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:37:55.0306 3832 Fastfat - ok
10:37:55.0416 3832 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:37:55.0646 3832 FastUserSwitchingCompatibility - ok
10:37:55.0736 3832 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:37:55.0996 3832 Fdc - ok
10:37:56.0167 3832 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:37:56.0417 3832 Fips - ok
10:37:56.0507 3832 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:37:56.0758 3832 Flpydisk - ok
10:37:56.0818 3832 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:37:57.0088 3832 FltMgr - ok
10:37:57.0138 3832 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:37:57.0388 3832 Fs_Rec - ok
10:37:57.0519 3832 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:37:57.0779 3832 Ftdisk - ok
10:37:57.0899 3832 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:37:58.0170 3832 Gpc - ok
10:37:58.0220 3832 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:37:58.0460 3832 helpsvc - ok
10:37:58.0640 3832 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:37:58.0871 3832 HidServ - ok
10:37:58.0901 3832 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:37:59.0171 3832 hidusb - ok
10:37:59.0181 3832 hpn - ok
10:37:59.0271 3832 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:37:59.0512 3832 HTTP - ok
10:37:59.0622 3832 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:37:59.0862 3832 HTTPFilter - ok
10:37:59.0882 3832 i2omgmt - ok
10:37:59.0902 3832 i2omp - ok
10:37:59.0942 3832 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:38:00.0203 3832 i8042prt - ok
10:38:00.0303 3832 [ 43D989987EFA0056AD04E1D8996C5567 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:38:00.0563 3832 ialm - ok
10:38:00.0603 3832 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:38:00.0863 3832 Imapi - ok
10:38:00.0914 3832 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:38:01.0134 3832 ImapiService - ok
10:38:01.0164 3832 ini910u - ok
10:38:01.0194 3832 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:38:01.0434 3832 IntelIde - ok
10:38:01.0494 3832 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:38:01.0715 3832 intelppm - ok
10:38:01.0815 3832 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:38:02.0065 3832 Ip6Fw - ok
10:38:02.0145 3832 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:38:02.0396 3832 IpFilterDriver - ok
10:38:02.0496 3832 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:38:02.0736 3832 IpInIp - ok
10:38:02.0816 3832 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:38:03.0047 3832 IpNat - ok
10:38:03.0177 3832 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:38:03.0447 3832 IPSec - ok
10:38:03.0517 3832 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:38:03.0637 3832 IRENUM - ok
10:38:03.0688 3832 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:38:03.0938 3832 isapnp - ok
10:38:03.0998 3832 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:38:04.0268 3832 Kbdclass - ok
10:38:04.0288 3832 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:38:04.0559 3832 kbdhid - ok
10:38:04.0599 3832 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:38:04.0859 3832 KSecDD - ok
10:38:04.0919 3832 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:38:05.0150 3832 lanmanserver - ok
10:38:05.0230 3832 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:38:05.0470 3832 lanmanworkstation - ok
10:38:05.0490 3832 lbrtfdc - ok
10:38:05.0560 3832 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:38:05.0791 3832 LmHosts - ok
10:38:05.0901 3832 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:38:06.0151 3832 Messenger - ok
10:38:06.0181 3832 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:38:06.0432 3832 mnmdd - ok
10:38:06.0562 3832 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:38:06.0812 3832 mnmsrvc - ok
10:38:06.0902 3832 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:38:07.0143 3832 Modem - ok
10:38:07.0173 3832 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:38:07.0433 3832 Mouclass - ok
10:38:07.0493 3832 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:38:07.0743 3832 mouhid - ok
10:38:07.0803 3832 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:38:08.0064 3832 MountMgr - ok
10:38:08.0074 3832 mraid35x - ok
10:38:08.0174 3832 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:38:08.0444 3832 MRxDAV - ok
10:38:08.0535 3832 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:38:08.0905 3832 MRxSmb - ok
10:38:09.0015 3832 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:38:09.0276 3832 MSDTC - ok
10:38:09.0316 3832 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:38:09.0576 3832 Msfs - ok
10:38:09.0716 3832 MSIServer - ok
10:38:09.0756 3832 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:38:09.0987 3832 mssmbios - ok
10:38:10.0187 3832 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:38:10.0467 3832 Mup - ok
10:38:10.0527 3832 [ EBBEF7D3DDEB24239AB8D067F3A27CCF ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
10:38:10.0608 3832 NAL ( UnsignedFile.Multi.Generic ) - warning
10:38:10.0608 3832 NAL - detected UnsignedFile.Multi.Generic (1)
10:38:10.0658 3832 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:38:10.0918 3832 NDIS - ok
10:38:10.0988 3832 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:38:11.0238 3832 NdisTapi - ok
10:38:11.0258 3832 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:38:11.0519 3832 Ndisuio - ok
10:38:11.0599 3832 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:38:11.0849 3832 NdisWan - ok
10:38:11.0899 3832 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:38:12.0170 3832 NDProxy - ok
10:38:12.0240 3832 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:38:12.0510 3832 NetBIOS - ok
10:38:12.0600 3832 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:38:12.0861 3832 NetBT - ok
10:38:12.0931 3832 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:38:13.0181 3832 NetDDE - ok
10:38:13.0191 3832 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:38:13.0422 3832 NetDDEdsdm - ok
10:38:13.0492 3832 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:38:13.0722 3832 Netlogon - ok
10:38:13.0842 3832 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
10:38:14.0083 3832 Netman - ok
10:38:14.0914 3832 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
10:38:15.0004 3832 NetSvc ( UnsignedFile.Multi.Generic ) - warning
10:38:15.0004 3832 NetSvc - detected UnsignedFile.Multi.Generic (1)
10:38:15.0164 3832 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
10:38:15.0404 3832 Nla - ok
10:38:15.0515 3832 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
10:38:15.0545 3832 NPF - ok
10:38:15.0585 3832 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:38:15.0845 3832 Npfs - ok
10:38:15.0975 3832 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:38:16.0306 3832 Ntfs - ok
10:38:16.0326 3832 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:38:16.0546 3832 NtLmSsp - ok
10:38:16.0656 3832 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:38:16.0997 3832 NtmsSvc - ok
10:38:17.0037 3832 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:38:17.0297 3832 Null - ok
10:38:17.0407 3832 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:38:17.0668 3832 NwlnkFlt - ok
10:38:17.0688 3832 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:38:17.0938 3832 NwlnkFwd - ok
10:38:17.0988 3832 [ 1D98907D80461371437A7C898C58C8AE ] OMCI C:\WINDOWS\system32\DRIVERS\omci.sys
10:38:18.0048 3832 OMCI ( UnsignedFile.Multi.Generic ) - warning
10:38:18.0048 3832 OMCI - detected UnsignedFile.Multi.Generic (1)
10:38:18.0178 3832 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:38:18.0439 3832 Parport - ok
10:38:18.0499 3832 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:38:18.0739 3832 PartMgr - ok
10:38:18.0799 3832 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:38:19.0020 3832 ParVdm - ok
10:38:19.0040 3832 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:38:19.0310 3832 PCI - ok
10:38:19.0330 3832 PCIDump - ok
10:38:19.0390 3832 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
10:38:19.0630 3832 PCIIde - ok
10:38:19.0701 3832 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:38:19.0961 3832 Pcmcia - ok
10:38:19.0971 3832 PDCOMP - ok
10:38:19.0981 3832 PDFRAME - ok
10:38:20.0001 3832 PDRELI - ok
10:38:20.0011 3832 PDRFRAME - ok
10:38:20.0031 3832 perc2 - ok
10:38:20.0051 3832 perc2hib - ok
10:38:20.0201 3832 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
10:38:20.0432 3832 PlugPlay - ok
10:38:20.0452 3832 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:38:20.0662 3832 PolicyAgent - ok
10:38:20.0672 3832 PORTMON - ok
10:38:20.0712 3832 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:38:20.0972 3832 PptpMiniport - ok
10:38:20.0992 3832 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:38:21.0203 3832 ProtectedStorage - ok
10:38:21.0243 3832 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:38:21.0503 3832 PSched - ok
10:38:21.0523 3832 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:38:21.0754 3832 Ptilink - ok
10:38:21.0764 3832 ql1080 - ok
10:38:21.0784 3832 Ql10wnt - ok
10:38:21.0794 3832 ql12160 - ok
10:38:21.0814 3832 ql1240 - ok
10:38:21.0824 3832 ql1280 - ok
10:38:21.0864 3832 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:38:22.0094 3832 RasAcd - ok
10:38:22.0194 3832 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:38:22.0435 3832 RasAuto - ok
10:38:22.0495 3832 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:38:22.0795 3832 Rasl2tp - ok
10:38:22.0875 3832 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:38:23.0196 3832 RasMan - ok
10:38:23.0256 3832 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:38:23.0566 3832 RasPppoe - ok
10:38:23.0606 3832 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:38:23.0917 3832 Raspti - ok
10:38:24.0007 3832 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:38:24.0327 3832 Rdbss - ok
10:38:24.0397 3832 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:38:24.0698 3832 RDPCDD - ok
10:38:24.0828 3832 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:38:25.0128 3832 RDPWD - ok
10:38:25.0259 3832 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:38:25.0669 3832 RDSessMgr - ok
10:38:25.0709 3832 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:38:25.0960 3832 redbook - ok
10:38:26.0240 3832 [ 06B6E4CC67DD02434F8FF80CCB922909 ] RegSrvc C:\WINDOWS\system32\RegSrvc.exe
10:38:26.0290 3832 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
10:38:26.0290 3832 RegSrvc - detected UnsignedFile.Multi.Generic (1)
10:38:26.0350 3832 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:38:26.0611 3832 RemoteAccess - ok
10:38:26.0781 3832 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
10:38:26.0831 3832 rpcapd - ok
10:38:26.0891 3832 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
10:38:27.0151 3832 RpcLocator - ok
10:38:27.0271 3832 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:38:27.0522 3832 RpcSs - ok
10:38:27.0612 3832 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:38:27.0852 3832 RSVP - ok
10:38:27.0982 3832 [ A0EEA6F631349D0E0B7A6CAA7E099CB0 ] RUBotSrv C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
10:38:28.0073 3832 RUBotSrv - ok
10:38:28.0243 3832 [ 672CF74E8FA09E6CE6F49AB9A272D562 ] S24EventMonitor C:\WINDOWS\system32\S24EvMon.exe
10:38:28.0343 3832 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
10:38:28.0343 3832 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
10:38:28.0373 3832 [ 423AE506C8D55BBA9E429EEEEC035A40 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:38:28.0433 3832 s24trans ( UnsignedFile.Multi.Generic ) - warning
10:38:28.0433 3832 s24trans - detected UnsignedFile.Multi.Generic (1)
10:38:28.0473 3832 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
10:38:28.0683 3832 SamSs - ok
10:38:28.0754 3832 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:38:28.0994 3832 SCardSvr - ok
10:38:29.0194 3832 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:38:29.0425 3832 Schedule - ok
10:38:29.0495 3832 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:38:29.0625 3832 Secdrv - ok
10:38:29.0675 3832 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
10:38:29.0875 3832 seclogon - ok
10:38:29.0995 3832 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
10:38:30.0206 3832 SENS - ok
10:38:30.0266 3832 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:38:30.0516 3832 Serial - ok
10:38:30.0606 3832 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:38:30.0857 3832 Sfloppy - ok
10:38:30.0957 3832 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:38:31.0237 3832 SharedAccess - ok
10:38:31.0297 3832 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:38:31.0488 3832 ShellHWDetection - ok
10:38:31.0508 3832 Simbad - ok
10:38:31.0648 3832 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\WINDOWS\system32\drivers\SMR311.SYS
10:38:31.0778 3832 SMR311 - ok
10:38:31.0788 3832 Sparrow - ok
10:38:31.0918 3832 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:38:32.0148 3832 Spooler - ok
10:38:32.0279 3832 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:38:32.0509 3832 sr - ok
10:38:32.0569 3832 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
10:38:32.0669 3832 srservice - ok
10:38:32.0829 3832 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:38:33.0140 3832 Srv - ok
10:38:33.0230 3832 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:38:33.0310 3832 SSDPSRV - ok
10:38:33.0400 3832 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:38:33.0701 3832 stisvc - ok
10:38:33.0811 3832 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:38:34.0071 3832 swenum - ok
10:38:34.0241 3832 SwPrv - ok
10:38:34.0262 3832 symc810 - ok
10:38:34.0282 3832 symc8xx - ok
10:38:34.0302 3832 sym_hi - ok
10:38:34.0322 3832 sym_u3 - ok
10:38:34.0382 3832 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:38:34.0662 3832 SysmonLog - ok
10:38:34.0752 3832 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:38:35.0023 3832 TapiSrv - ok
10:38:35.0123 3832 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:38:35.0603 3832 Tcpip - ok
10:38:35.0704 3832 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:38:35.0944 3832 TDPIPE - ok
10:38:35.0974 3832 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:38:36.0234 3832 TDTCP - ok
10:38:36.0274 3832 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:38:36.0535 3832 TermDD - ok
10:38:36.0615 3832 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
10:38:36.0865 3832 TermService - ok
10:38:36.0915 3832 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:38:37.0136 3832 Themes - ok
10:38:37.0156 3832 TosIde - ok
10:38:37.0226 3832 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:38:37.0456 3832 TrkWks - ok
10:38:37.0496 3832 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:38:37.0747 3832 Udfs - ok
10:38:37.0767 3832 UIUSys - ok
10:38:37.0787 3832 ultra - ok
10:38:37.0847 3832 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:38:38.0107 3832 Update - ok
10:38:38.0287 3832 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
10:38:38.0458 3832 upnphost - ok
10:38:38.0488 3832 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
10:38:38.0698 3832 UPS - ok
10:38:38.0788 3832 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:38:39.0048 3832 usbccgp - ok
10:38:39.0098 3832 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:38:39.0369 3832 usbehci - ok
10:38:39.0409 3832 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:38:39.0669 3832 usbhub - ok
10:38:39.0789 3832 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:38:40.0030 3832 USBSTOR - ok
10:38:40.0110 3832 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:38:40.0370 3832 usbuhci - ok
10:38:40.0400 3832 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:38:40.0661 3832 VgaSave - ok
10:38:40.0681 3832 ViaIde - ok
10:38:40.0801 3832 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:38:41.0051 3832 VolSnap - ok
10:38:41.0131 3832 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
10:38:41.0372 3832 VSS - ok
10:38:41.0452 3832 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
10:38:41.0652 3832 W32Time - ok
10:38:41.0692 3832 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:38:41.0933 3832 Wanarp - ok
10:38:41.0943 3832 WDICA - ok
10:38:42.0013 3832 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:38:42.0263 3832 WebClient - ok
10:38:42.0333 3832 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:38:42.0543 3832 winmgmt - ok
10:38:42.0744 3832 WLTRYSVC - ok
10:38:42.0784 3832 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:38:43.0034 3832 WmdmPmSN - ok
10:38:43.0134 3832 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:38:43.0485 3832 WmiApSrv - ok
10:38:43.0605 3832 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:38:43.0865 3832 WS2IFSL - ok
10:38:43.0996 3832 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:38:44.0246 3832 wscsvc - ok
10:38:44.0286 3832 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:38:44.0516 3832 wuauserv - ok
10:38:44.0646 3832 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:38:44.0957 3832 WZCSVC - ok
10:38:45.0037 3832 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:38:45.0317 3832 xmlprov - ok
10:38:45.0347 3832 ================ Scan global ===============================
10:38:45.0428 3832 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
10:38:45.0498 3832 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:38:45.0538 3832 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:38:45.0608 3832 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
10:38:45.0618 3832 [Global] - ok
10:38:45.0618 3832 ================ Scan MBR ==================================
10:38:45.0648 3832 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:38:46.0289 3832 \Device\Harddisk0\DR0 - ok
10:38:46.0309 3832 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
10:38:47.0000 3832 \Device\Harddisk1\DR2 - ok
10:38:47.0000 3832 ================ Scan VBR ==================================
10:38:47.0030 3832 [ C7028C9C9DE0BA18202FB9E83085F6DA ] \Device\Harddisk0\DR0\Partition1
10:38:47.0030 3832 \Device\Harddisk0\DR0\Partition1 - ok
10:38:47.0050 3832 [ 4C889C11DA08AA5896434575214E84BA ] \Device\Harddisk1\DR2\Partition1
10:38:47.0050 3832 \Device\Harddisk1\DR2\Partition1 - ok
10:38:47.0060 3832 ============================================================
10:38:47.0060 3832 Scan finished
10:38:47.0060 3832 ============================================================
10:38:47.0190 3824 Detected object count: 8
10:38:47.0190 3824 Actual detected object count: 8
10:39:07.0279 3824 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ADZIDSG.exe - copied to quarantine
10:39:07.0279 3824 ADZIDSG ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:07.0399 3824 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
10:39:07.0399 3824 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:07.0529 3824 C:\WINDOWS\system32\Drivers\iqvw32.sys - copied to quarantine
10:39:07.0549 3824 NAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:07.0820 3824 C:\Program Files\Intel\NCS\Sync\NetSvc.exe - copied to quarantine
10:39:07.0820 3824 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:07.0930 3824 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine
10:39:07.0950 3824 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:08.0280 3824 C:\WINDOWS\system32\RegSrvc.exe - copied to quarantine
10:39:08.0300 3824 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:08.0531 3824 C:\WINDOWS\system32\S24EvMon.exe - copied to quarantine
10:39:08.0531 3824 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:08.0621 3824 C:\WINDOWS\system32\DRIVERS\s24trans.sys - copied to quarantine
10:39:08.0641 3824 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:39:18.0665 2560 ============================================================
10:39:18.0665 2560 Scan started
10:39:18.0665 2560 Mode: Manual; SigCheck; TDLFS;
10:39:18.0665 2560 ============================================================
10:39:19.0326 2560 ================ Scan system memory ========================
10:39:19.0326 2560 System memory - ok
10:39:19.0336 2560 ================ Scan services =============================
10:39:19.0396 2560 Abiosdsk - ok
10:39:19.0426 2560 abp480n5 - ok
10:39:19.0487 2560 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:39:19.0737 2560 ACPI - ok
10:39:19.0797 2560 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:39:20.0017 2560 ACPIEC - ok
10:39:20.0037 2560 adpu160m - ok
10:39:20.0298 2560 [ 82F6F4A317BD71C21100C11D23B46955 ] ADZIDSG C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ADZIDSG.exe
10:39:20.0358 2560 ADZIDSG ( UnsignedFile.Multi.Generic ) - warning
10:39:20.0358 2560 ADZIDSG - detected UnsignedFile.Multi.Generic (1)
10:39:20.0418 2560 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:39:20.0448 2560 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:39:20.0448 2560 AegisP - detected UnsignedFile.Multi.Generic (1)
10:39:20.0528 2560 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:39:20.0728 2560 AFD - ok
10:39:20.0748 2560 Aha154x - ok
10:39:20.0768 2560 aic78u2 - ok
10:39:20.0778 2560 aic78xx - ok
10:39:20.0949 2560 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:39:21.0159 2560 Alerter - ok
10:39:21.0369 2560 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
10:39:21.0469 2560 ALG - ok
10:39:21.0479 2560 AliIde - ok
10:39:21.0499 2560 amsint - ok
10:39:21.0670 2560 AppMgmt - ok
10:39:21.0700 2560 asc - ok
10:39:21.0720 2560 asc3350p - ok
10:39:21.0740 2560 asc3550 - ok
10:39:21.0770 2560 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:39:21.0970 2560 AsyncMac - ok
10:39:22.0130 2560 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:39:22.0371 2560 atapi - ok
10:39:22.0391 2560 Atdisk - ok
10:39:22.0481 2560 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:39:22.0711 2560 Atmarpc - ok
10:39:22.0801 2560 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:39:23.0012 2560 AudioSrv - ok
10:39:23.0092 2560 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:39:23.0312 2560 audstub - ok
10:39:24.0313 2560 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:39:24.0944 2560 AVGIDSAgent - ok
10:39:25.0065 2560 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:39:25.0105 2560 AVGIDSDriver - ok
10:39:25.0185 2560 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:39:25.0225 2560 AVGIDSHX - ok
10:39:25.0265 2560 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:39:25.0305 2560 AVGIDSShim - ok
10:39:25.0355 2560 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:39:25.0405 2560 Avgldx86 - ok
10:39:25.0455 2560 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:39:25.0505 2560 Avglogx - ok
10:39:25.0535 2560 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:39:25.0575 2560 Avgmfx86 - ok
10:39:25.0615 2560 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:39:25.0655 2560 Avgrkx86 - ok
10:39:25.0695 2560 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:39:25.0736 2560 Avgtdix - ok
10:39:25.0856 2560 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:39:25.0896 2560 avgwd - ok
10:39:25.0986 2560 [ BF84C5CAB6392BB4EF01248287F69388 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:39:26.0076 2560 BCM43XX - ok
10:39:26.0146 2560 [ E727776A56A51B7E6B7C87C02EA8B405 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:39:26.0216 2560 bcm4sbxp - ok
10:39:26.0386 2560 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:39:26.0507 2560 BCMModem - ok
10:39:26.0537 2560 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:39:26.0737 2560 Beep - ok
10:39:27.0057 2560 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
10:39:27.0298 2560 BITS - ok
10:39:27.0368 2560 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
10:39:27.0578 2560 Browser - ok
10:39:27.0598 2560 bvrp_pci - ok
10:39:27.0748 2560 catchme - ok
10:39:27.0799 2560 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:39:28.0019 2560 cbidf2k - ok
10:39:28.0029 2560 cd20xrnt - ok
10:39:28.0069 2560 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:39:28.0279 2560 Cdaudio - ok
10:39:28.0329 2560 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:39:28.0550 2560 Cdfs - ok
10:39:28.0600 2560 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:39:28.0820 2560 Cdrom - ok
10:39:28.0830 2560 Changer - ok
10:39:28.0900 2560 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:39:29.0100 2560 CiSvc - ok
10:39:29.0191 2560 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:39:29.0441 2560 ClipSrv - ok
10:39:29.0491 2560 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:39:29.0691 2560 CmBatt - ok
10:39:29.0701 2560 CmdIde - ok
10:39:29.0771 2560 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:39:29.0962 2560 Compbatt - ok
10:39:30.0092 2560 COMSysApp - ok
10:39:30.0112 2560 Cpqarray - ok
10:39:30.0172 2560 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:39:30.0432 2560 CryptSvc - ok
10:39:30.0442 2560 dac2w2k - ok
10:39:30.0452 2560 dac960nt - ok
10:39:30.0643 2560 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:39:30.0863 2560 DcomLaunch - ok
10:39:31.0003 2560 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:39:31.0233 2560 Dhcp - ok
10:39:31.0284 2560 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:39:31.0474 2560 Disk - ok
10:39:31.0494 2560 dmadmin - ok
10:39:31.0714 2560 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:39:31.0975 2560 dmboot - ok
10:39:32.0105 2560 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:39:32.0335 2560 dmio - ok
10:39:32.0375 2560 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:39:32.0575 2560 dmload - ok
10:39:32.0676 2560 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
10:39:32.0856 2560 dmserver - ok
10:39:32.0916 2560 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:39:33.0116 2560 DMusic - ok
10:39:33.0156 2560 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:39:33.0367 2560 Dnscache - ok
10:39:33.0397 2560 dpti2o - ok
10:39:33.0497 2560 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:39:33.0687 2560 ERSvc - ok
10:39:33.0797 2560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
10:39:34.0007 2560 Eventlog - ok
10:39:34.0098 2560 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
10:39:34.0308 2560 EventSystem - ok
10:39:34.0358 2560 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:39:34.0548 2560 Fastfat - ok
10:39:34.0608 2560 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:39:34.0799 2560 FastUserSwitchingCompatibility - ok
10:39:34.0899 2560 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:39:35.0099 2560 Fdc - ok
10:39:35.0199 2560 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:39:35.0460 2560 Fips - ok
10:39:35.0500 2560 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:39:35.0690 2560 Flpydisk - ok
10:39:35.0720 2560 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:39:35.0930 2560 FltMgr - ok
10:39:35.0940 2560 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:39:36.0161 2560 Fs_Rec - ok
10:39:36.0211 2560 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:39:36.0451 2560 Ftdisk - ok
10:39:36.0501 2560 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:39:36.0691 2560 Gpc - ok
10:39:36.0761 2560 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:39:36.0972 2560 helpsvc - ok
10:39:37.0142 2560 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:39:37.0372 2560 HidServ - ok
10:39:37.0412 2560 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:39:37.0613 2560 hidusb - ok
10:39:37.0633 2560 hpn - ok
10:39:37.0703 2560 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:39:37.0933 2560 HTTP - ok
10:39:38.0003 2560 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:39:38.0193 2560 HTTPFilter - ok
10:39:38.0203 2560 i2omgmt - ok
10:39:38.0223 2560 i2omp - ok
10:39:38.0284 2560 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:39:38.0474 2560 i8042prt - ok
10:39:38.0584 2560 [ 43D989987EFA0056AD04E1D8996C5567 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:39:38.0664 2560 ialm - ok
10:39:38.0704 2560 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:39:38.0884 2560 Imapi - ok
10:39:38.0935 2560 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:39:39.0135 2560 ImapiService - ok
10:39:39.0155 2560 ini910u - ok
10:39:39.0205 2560 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:39:39.0425 2560 IntelIde - ok
10:39:39.0455 2560 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:39:39.0676 2560 intelppm - ok
10:39:39.0716 2560 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:39:39.0916 2560 Ip6Fw - ok
10:39:39.0956 2560 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:39:40.0166 2560 IpFilterDriver - ok
10:39:40.0206 2560 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:39:40.0457 2560 IpInIp - ok
10:39:40.0497 2560 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:39:40.0727 2560 IpNat - ok
10:39:40.0777 2560 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:39:40.0977 2560 IPSec - ok
10:39:41.0018 2560 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:39:41.0128 2560 IRENUM - ok
10:39:41.0188 2560 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:39:41.0408 2560 isapnp - ok
10:39:41.0448 2560 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:39:41.0658 2560 Kbdclass - ok
10:39:41.0688 2560 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:39:41.0919 2560 kbdhid - ok
10:39:41.0949 2560 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:39:42.0149 2560 KSecDD - ok
10:39:42.0199 2560 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:39:42.0440 2560 lanmanserver - ok
10:39:42.0530 2560 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:39:42.0740 2560 lanmanworkstation - ok
10:39:42.0760 2560 lbrtfdc - ok
10:39:42.0830 2560 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:39:43.0030 2560 LmHosts - ok
10:39:43.0080 2560 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:39:43.0311 2560 Messenger - ok
10:39:43.0341 2560 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:39:43.0561 2560 mnmdd - ok
10:39:43.0671 2560 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:39:43.0872 2560 mnmsrvc - ok
10:39:43.0912 2560 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:39:44.0122 2560 Modem - ok
10:39:44.0162 2560 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:39:44.0372 2560 Mouclass - ok
10:39:44.0402 2560 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:39:44.0613 2560 mouhid - ok
10:39:44.0653 2560 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:39:44.0873 2560 MountMgr - ok
10:39:44.0893 2560 mraid35x - ok
10:39:44.0943 2560 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:39:45.0153 2560 MRxDAV - ok
10:39:45.0314 2560 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:39:45.0524 2560 MRxSmb - ok
10:39:45.0584 2560 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:39:45.0794 2560 MSDTC - ok
10:39:45.0834 2560 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:39:46.0035 2560 Msfs - ok
10:39:46.0115 2560 MSIServer - ok
10:39:46.0145 2560 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:39:46.0355 2560 mssmbios - ok
10:39:46.0405 2560 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:39:46.0606 2560 Mup - ok
10:39:46.0666 2560 [ EBBEF7D3DDEB24239AB8D067F3A27CCF ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
10:39:46.0726 2560 NAL ( UnsignedFile.Multi.Generic ) - warning
10:39:46.0726 2560 NAL - detected UnsignedFile.Multi.Generic (1)
10:39:46.0786 2560 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:39:47.0006 2560 NDIS - ok
10:39:47.0036 2560 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:39:47.0246 2560 NdisTapi - ok
10:39:47.0317 2560 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:39:47.0547 2560 Ndisuio - ok
10:39:47.0597 2560 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:39:47.0777 2560 NdisWan - ok
10:39:47.0807 2560 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:39:48.0018 2560 NDProxy - ok
10:39:48.0048 2560 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:39:48.0248 2560 NetBIOS - ok
10:39:48.0318 2560 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:39:48.0538 2560 NetBT - ok
10:39:48.0618 2560 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:39:48.0819 2560 NetDDE - ok
10:39:48.0839 2560 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:39:49.0029 2560 NetDDEdsdm - ok
10:39:49.0089 2560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:39:49.0289 2560 Netlogon - ok
10:39:49.0370 2560 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
10:39:49.0560 2560 Netman - ok
10:39:49.0700 2560 [ 25D4FD2151185172B6643C94F34F36BE ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
10:39:49.0740 2560 NetSvc ( UnsignedFile.Multi.Generic ) - warning
10:39:49.0740 2560 NetSvc - detected UnsignedFile.Multi.Generic (1)
10:39:49.0840 2560 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
10:39:50.0061 2560 Nla - ok
10:39:50.0131 2560 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
10:39:50.0161 2560 NPF - ok
10:39:50.0201 2560 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:39:50.0391 2560 Npfs - ok
10:39:50.0501 2560 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:39:50.0741 2560 Ntfs - ok
10:39:50.0762 2560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:39:50.0982 2560 NtLmSsp - ok
10:39:51.0132 2560 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:39:51.0362 2560 NtmsSvc - ok
10:39:51.0392 2560 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:39:51.0613 2560 Null - ok
10:39:51.0663 2560 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:39:51.0873 2560 NwlnkFlt - ok
10:39:51.0893 2560 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:39:52.0103 2560 NwlnkFwd - ok
10:39:52.0164 2560 [ 1D98907D80461371437A7C898C58C8AE ] OMCI C:\WINDOWS\system32\DRIVERS\omci.sys
10:39:52.0234 2560 OMCI ( UnsignedFile.Multi.Generic ) - warning
10:39:52.0234 2560 OMCI - detected UnsignedFile.Multi.Generic (1)
10:39:52.0314 2560 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:39:52.0534 2560 Parport - ok
10:39:52.0564 2560 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:39:52.0754 2560 PartMgr - ok
10:39:52.0814 2560 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:39:53.0025 2560 ParVdm - ok
10:39:53.0055 2560 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:39:53.0265 2560 PCI - ok
10:39:53.0285 2560 PCIDump - ok
10:39:53.0335 2560 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
10:39:53.0536 2560 PCIIde - ok
10:39:53.0606 2560 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:39:53.0806 2560 Pcmcia - ok
10:39:53.0826 2560 PDCOMP - ok
10:39:53.0846 2560 PDFRAME - ok
10:39:53.0866 2560 PDRELI - ok
10:39:53.0886 2560 PDRFRAME - ok
10:39:53.0896 2560 perc2 - ok
10:39:53.0916 2560 perc2hib - ok
10:39:54.0026 2560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
10:39:54.0247 2560 PlugPlay - ok
10:39:54.0267 2560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:39:54.0467 2560 PolicyAgent - ok
10:39:54.0487 2560 PORTMON - ok
10:39:54.0537 2560 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:39:54.0737 2560 PptpMiniport - ok
10:39:54.0767 2560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:39:54.0968 2560 ProtectedStorage - ok
10:39:54.0998 2560 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:39:55.0218 2560 PSched - ok
10:39:55.0318 2560 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:39:55.0518 2560 Ptilink - ok
10:39:55.0528 2560 ql1080 - ok
10:39:55.0538 2560 Ql10wnt - ok
10:39:55.0558 2560 ql12160 - ok
10:39:55.0578 2560 ql1240 - ok
10:39:55.0588 2560 ql1280 - ok
10:39:55.0629 2560 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:39:55.0839 2560 RasAcd - ok
10:39:55.0899 2560 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:39:56.0139 2560 RasAuto - ok
10:39:56.0189 2560 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:39:56.0490 2560 Rasl2tp - ok
10:39:56.0570 2560 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:39:56.0790 2560 RasMan - ok
10:39:56.0820 2560 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:39:57.0081 2560 RasPppoe - ok
10:39:57.0121 2560 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:39:57.0391 2560 Raspti - ok
10:39:57.0451 2560 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:39:57.0681 2560 Rdbss - ok
10:39:57.0712 2560 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:39:57.0952 2560 RDPCDD - ok
10:39:58.0032 2560 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:39:58.0312 2560 RDPWD - ok
10:39:58.0433 2560 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:39:58.0693 2560 RDSessMgr - ok
10:39:58.0733 2560 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:39:58.0963 2560 redbook - ok
10:39:59.0124 2560 [ 06B6E4CC67DD02434F8FF80CCB922909 ] RegSrvc C:\WINDOWS\system32\RegSrvc.exe
10:39:59.0184 2560 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
10:39:59.0184 2560 RegSrvc - detected UnsignedFile.Multi.Generic (1)
10:39:59.0254 2560 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:39:59.0504 2560 RemoteAccess - ok
10:39:59.0624 2560 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
10:39:59.0674 2560 rpcapd - ok
10:39:59.0754 2560 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
10:40:00.0015 2560 RpcLocator - ok
10:40:00.0095 2560 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:40:00.0285 2560 RpcSs - ok
10:40:00.0345 2560 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:40:00.0506 2560 RSVP - ok
10:40:00.0626 2560 [ A0EEA6F631349D0E0B7A6CAA7E099CB0 ] RUBotSrv C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
10:40:00.0676 2560 RUBotSrv - ok
10:40:00.0806 2560 [ 672CF74E8FA09E6CE6F49AB9A272D562 ] S24EventMonitor C:\WINDOWS\system32\S24EvMon.exe
10:40:00.0876 2560 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
10:40:00.0876 2560 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
10:40:00.0926 2560 [ 423AE506C8D55BBA9E429EEEEC035A40 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:40:00.0956 2560 s24trans ( UnsignedFile.Multi.Generic ) - warning
10:40:00.0956 2560 s24trans - detected UnsignedFile.Multi.Generic (1)
10:40:00.0986 2560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
10:40:01.0176 2560 SamSs - ok
10:40:01.0227 2560 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:40:01.0427 2560 SCardSvr - ok
10:40:01.0517 2560 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:40:01.0717 2560 Schedule - ok
10:40:01.0747 2560 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:40:01.0847 2560 Secdrv - ok
10:40:01.0918 2560 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
10:40:02.0118 2560 seclogon - ok
10:40:02.0188 2560 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
10:40:02.0378 2560 SENS - ok
10:40:02.0418 2560 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:40:02.0619 2560 Serial - ok
10:40:02.0659 2560 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:40:02.0859 2560 Sfloppy - ok
10:40:02.0939 2560 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:40:03.0169 2560 SharedAccess - ok
10:40:03.0229 2560 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:40:03.0430 2560 ShellHWDetection - ok
10:40:03.0450 2560 Simbad - ok
10:40:03.0520 2560 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\WINDOWS\system32\drivers\SMR311.SYS
10:40:03.0560 2560 SMR311 - ok
10:40:03.0580 2560 Sparrow - ok
10:40:03.0650 2560 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:40:03.0850 2560 Spooler - ok
10:40:03.0900 2560 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:40:04.0011 2560 sr - ok
10:40:04.0091 2560 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
10:40:04.0181 2560 srservice - ok
10:40:04.0251 2560 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:40:04.0471 2560 Srv - ok
10:40:04.0541 2560 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:40:04.0631 2560 SSDPSRV - ok
10:40:04.0732 2560 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:40:04.0972 2560 stisvc - ok
10:40:05.0022 2560 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:40:05.0232 2560 swenum - ok
10:40:05.0302 2560 SwPrv - ok
10:40:05.0332 2560 symc810 - ok
10:40:05.0342 2560 symc8xx - ok
10:40:05.0363 2560 sym_hi - ok
10:40:05.0383 2560 sym_u3 - ok
10:40:05.0443 2560 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:40:05.0653 2560 SysmonLog - ok
10:40:05.0753 2560 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:40:05.0963 2560 TapiSrv - ok
10:40:06.0043 2560 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:40:06.0294 2560 Tcpip - ok
10:40:06.0344 2560 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:40:06.0534 2560 TDPIPE - ok
10:40:06.0574 2560 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:40:06.0775 2560 TDTCP - ok
10:40:06.0825 2560 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:40:07.0025 2560 TermDD - ok
10:40:07.0125 2560 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
10:40:07.0325 2560 TermService - ok
10:40:07.0385 2560 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:40:07.0596 2560 Themes - ok
10:40:07.0626 2560 TosIde - ok
10:40:07.0706 2560 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:40:07.0926 2560 TrkWks - ok
10:40:07.0976 2560 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:40:08.0217 2560 Udfs - ok
10:40:08.0237 2560 UIUSys - ok
10:40:08.0257 2560 ultra - ok
10:40:08.0317 2560 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:40:08.0537 2560 Update - ok
10:40:08.0597 2560 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
10:40:08.0717 2560 upnphost - ok
10:40:08.0757 2560 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
10:40:08.0978 2560 UPS - ok
10:40:09.0008 2560 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:40:09.0228 2560 usbccgp - ok
10:40:09.0268 2560 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:40:09.0488 2560 usbehci - ok
10:40:09.0518 2560 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:40:09.0739 2560 usbhub - ok
10:40:09.0789 2560 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:40:09.0989 2560 USBSTOR - ok
10:40:10.0049 2560 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:40:10.0260 2560 usbuhci - ok
10:40:10.0290 2560 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:40:10.0540 2560 VgaSave - ok
10:40:10.0570 2560 ViaIde - ok
10:40:10.0620 2560 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:40:10.0840 2560 VolSnap - ok
10:40:10.0931 2560 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
10:40:11.0071 2560 VSS - ok
10:40:11.0161 2560 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
10:40:11.0401 2560 W32Time - ok
10:40:11.0451 2560 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:40:11.0692 2560 Wanarp - ok
10:40:11.0712 2560 WDICA - ok
10:40:11.0782 2560 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:40:12.0042 2560 WebClient - ok
10:40:12.0112 2560 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:40:12.0363 2560 winmgmt - ok
10:40:12.0473 2560 WLTRYSVC - ok
10:40:12.0523 2560 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:40:12.0763 2560 WmdmPmSN - ok
10:40:12.0833 2560 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:40:13.0104 2560 WmiApSrv - ok
10:40:13.0194 2560 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:40:13.0454 2560 WS2IFSL - ok
10:40:13.0524 2560 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:40:13.0795 2560 wscsvc - ok
10:40:13.0855 2560 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:40:14.0115 2560 wuauserv - ok
10:40:14.0245 2560 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:40:14.0546 2560 WZCSVC - ok
10:40:14.0636 2560 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:40:14.0906 2560 xmlprov - ok
10:40:14.0956 2560 ================ Scan global ===============================
10:40:15.0056 2560 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
10:40:15.0137 2560 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:40:15.0197 2560 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:40:15.0277 2560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
10:40:15.0287 2560 [Global] - ok
10:40:15.0297 2560 ================ Scan MBR ==================================
10:40:15.0327 2560 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:40:15.0828 2560 \Device\Harddisk0\DR0 - ok
10:40:15.0848 2560 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
10:40:16.0579 2560 \Device\Harddisk1\DR2 - ok
10:40:16.0589 2560 ================ Scan VBR ==================================
10:40:16.0619 2560 [ C7028C9C9DE0BA18202FB9E83085F6DA ] \Device\Harddisk0\DR0\Partition1
10:40:16.0619 2560 \Device\Harddisk0\DR0\Partition1 - ok
10:40:16.0639 2560 [ 4C889C11DA08AA5896434575214E84BA ] \Device\Harddisk1\DR2\Partition1
10:40:16.0639 2560 \Device\Harddisk1\DR2\Partition1 - ok
10:40:16.0649 2560 ============================================================
10:40:16.0649 2560 Scan finished
10:40:16.0649 2560 ============================================================
10:40:16.0669 2552 Detected object count: 8
10:40:16.0669 2552 Actual detected object count: 8
10:40:26.0623 2552 ADZIDSG ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0623 2552 ADZIDSG ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0623 2552 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0623 2552 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0633 2552 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0633 2552 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0633 2552 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0633 2552 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0643 2552 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0643 2552 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0643 2552 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0643 2552 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0653 2552 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0653 2552 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:26.0653 2552 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
10:40:26.0653 2552 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

The problems still here are, I can't boot from anything other than the hard drive, No UPS, CD, etc, no files can
be downloaded to the desktop, the computer slows so that any D/L would take hours.
Rkill reported HKLM\security\Policy\Secrets\SAC and SAI are infected and the files are inaccessable.

Thanks, Norm

Edited by Phydron, 29 October 2012 - 08:51 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 30 October 2012 - 08:31 AM

I suspect that you have a very nasty Rookit infection.

This speech uses Sysinternals' RootkitRevealer to search for files hidden from the Windows API.

Please download RootKitRevealer from here:
http://download.sysinternals.com/Files/RootkitRevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.

#7 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 30 October 2012 - 10:27 AM

Good morning,

I was afraid it was a rootkit. After a full format, the infection was still there.
I wasn't able to copy RootKit to the desktop, had to copy from card instead. Infection didn't allow
it to finish scanning, but here's what it did report. I had to attach it.

73, Norm

PS.

You won't be able to read that.

PPS.
RootKit finished after 30mins. Here's the report:

HKU\S-1-5-21-2000478354-113007714-1060284298-1003\Console 10/29/2012 8:37 AM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10/20/2012 9:43 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10/20/2012 9:43 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 10/30/2012 7:01 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell 10/30/2012 6:57 AM



Some more showed up:


HKU\S-1-5-21-2000478354-113007714-1060284298-1003\Console 10/29/2012 8:37 AM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10/20/2012 9:43 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10/20/2012 9:43 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 10/30/2012 7:01 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell 10/30/2012 6:57 AM 26 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent 10/30/2012 7:30 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent\A 2/5/1980 12:02 AM 5.44 MB Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent\D 2/3/1980 12:02 AM 4.50 MB Hidden from Windows API.
C:\Documents and Settings\LocalService\Recent\I 2/20/1980 12:02 AM 5.75 MB Hidden from Windows API.

Attached Files


Edited by Phydron, 30 October 2012 - 11:02 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 30 October 2012 - 01:15 PM

Try to run this tool and post the log.


http://www.spywareinfoforum.com/index.php?/topic/131575-roguekiller/page__pid__757504__st__0&#entry757504

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#9 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 30 October 2012 - 02:45 PM

The spywareinfo gave an error message, here is the RogueKiller file:


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/30/2012 11:37:19

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RogueKiller.exe -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IBM-DARA-212000 +++++
--- User ---
[MBR] c58b425a93ce6ba0745ecbe58dc35880
[BSP] 2efb4cb26f8f92be8a28e301b20a4b4d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 11507 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD/MMC Card Reader USB Device +++++
--- User ---
[MBR] 597c6a168ad6f84c302738214ddeb2db
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 31 October 2012 - 08:10 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Now click Delete on the right hand column under Options
===

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[SUSP PATH] RogueKiller.exe -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe -> KILLED [TermProc]

Now click Delete on the right hand column under Options
===

Post back the report which should be located on your desktop.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===


You will need the XP CD to execute this.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Please post the logs for my review.

#11 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 31 October 2012 - 11:43 AM

Good morning "Nasdaq",

I was able to run aswMBR and RogueKiller. The logs are posted here:

When I tried to open the Win XP disk, I was told it was the wrong version (it's the only one I have and the one installed on
this computer). I tried to start the pc with the Win XP disk and it ran for 10 min and just quit saying "TFP Sport.sys is corrupted. On the second try, it said "Prepairing
one time boot menu" and wouldn't allow anything to boot except the HDD. HKLM\Security\policy\secrets\SAC and SAI are still there. They
don't have the little dot in front that allows them to be opened, ie, they're locked.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 07:07:02
-----------------------------
07:07:02.987 OS Version: Windows 5.1.2600 Service Pack 2
07:07:02.987 Number of processors: 1 586 0x209
07:07:02.997 ComputerName: NORM-B4E2122487 UserName: Owner
07:07:05.050 Initialize success
07:07:44.767 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:07:44.767 Disk 0 Vendor: IBM-DARA-212000 AR4OA54A Size: 11513MB BusType: 3
07:07:44.787 Disk 0 MBR read successfully
07:07:44.797 Disk 0 MBR scan
07:07:44.797 Disk 0 Windows XP default MBR code
07:07:44.797 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSDOS5.0 11507 MB offset 63
07:07:44.797 Disk 0 scanning sectors +23567355
07:07:44.857 Disk 0 scanning C:\WINDOWS\system32\drivers
07:07:55.302 Service scanning
07:08:28.229 Modules scanning
07:08:48.629 Disk 0 trace - called modules:
07:08:48.659 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
07:08:48.669 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672bab8]
07:08:48.669 3 CLASSPNP.SYS[f78a405b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x867c7b00]
07:08:49.019 Scan finished successfully
07:09:07.285 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
07:09:07.285 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
07:09:28.606 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
07:09:28.626 The log file has been saved successfully to "E:\aswMBR.txt"


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : HOSTSFix -- Date : 10/31/2012 07:04:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 31 October 2012 - 01:09 PM

HKLM\Security\policy\secrets\SAC and SAI are still there


As you can see in the article below they are not necessarily bad.

http://forum.sysinternals.com/hklmsecuritypolicysecrets-rootkits_topic8748.html
Not my forte so I will not advance any opinion.

You may be able to get some good advice from the experts in the Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html
===

Do you have access to an other computer where you can download a copy of the Windows XP Home Edition Service Pack 3 and run it on your computer?

You will find the link here:

http://www.microsoft.com/en-us/download/details.aspx?id=24

Here you can get a CD from Microsoft that will be shipped to you. There might be a small fee.
http://support.microsoft.com/kb/322389#method2
===

Keep me posted.

#13 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 31 October 2012 - 01:53 PM

There isn't any way to install anything in this computer. Whatever it is that's in here won't allow any input from anything other
than the HDD, no thumb drives, CDs. DVDs, or anything else. It gives the message "Prepairing one time boot menu" and boots from the HDD, no matter
what boot device is selected. This is my main problem, I can't use repair or recovery disks. If you have any idea how to defeat this, I'll be
eternally gratefull.

Thanks, Norm

PS. This is a new install on a new HDD. The operating system and a few utilities are the only things on here. Whatever is on here survived a HDD
change.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 01 November 2012 - 08:02 AM

It gives the message "Prepairing one time boot menu" and boots from the HDD, no matter what boot device is selected.


If you Google this string "Prepairing one time boot menu" you will find as I did that there is no easy solution.

I suggest you start a new topic in the Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html

Some technical expert may be able to help you with this problem.

Good luck.

#15 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:02:10 AM

Posted 01 November 2012 - 08:59 AM

I figured out some things on my own, the boot message is due to an outdated BIOS. I still don't know why I can't boot
from external media, but I'll work it out.

Thanks for your help.

Norm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users