Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Elusive Virus, Survived Reformatting. Help, Please.


  • Please log in to reply
3 replies to this topic

#1 TechHelpPlease

TechHelpPlease

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 17 November 2012 - 05:41 PM

Some time ago, I got a virus that showed its presence by:
(1) having Windows Antispyware 2012 pop up
(2) redirecting Google searches
(3) having random web pages pop up
(4) changing my Google location from Los Angeles (which was always the same for 2 years) to other random California places
(5) adding some unknown Sony laptop to my router's home network
(6) significantly slowing down my internet
(7) making my computer run loudly.

I was a newby to computer stuff and still am, but I lurked all over the internet and ran some popular programs to combat backdoor trojans, rootkits, adware, spyware, etc. Some of the programs included the ones in the downloads section here. The programs came up with various things like ZeroAccess rootkits and trojans. So, I used the programs to get rid of the malware and the scans afterwards would come up clean. However, the problems would keep coming back and the scans would come up with them again. So, I reformatted my computer for the first time in years. The symptoms diminished, but my Google location was still unstable and constantly changing. I put a password on my router's home network and the Sony laptop vanished.

Flash to now, after some time, my computer started making loud noises again and I experienced slow internet again. I had location changes, Google redirects, and random pop ups again. However, this time it was more subtle and no rogue antispyware programs popped up. I ran scans and they all showed nothing this time. So this week, I reformatted again. However, it was weird this time. I saw some system32 command, 'cmd', boxes show up and disappear real fast in a flash during reformatting. Also this time, instead of taking some time for symptoms to reappear, the loud noises showed up immediately but the internet was faster than before. So, I really need help, please.

I don't have anything I need to back-up or preserve. I just want to wipe out this virus by any means like zero-fill, etc. Can anyone help me please?

(I'll sincerely give thanks to any help during Thanksgiving.)

Edit:
My computer's operating system is Windows XP Service Pack 3.

Edited by TechHelpPlease, 17 November 2012 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:27 PM

Posted 17 November 2012 - 08:40 PM

Hello TechHelpPlease,
Lets do these next....

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.


Reboot Windows in Safe Mode with Networking

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.




Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

>>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TechHelpPlease

TechHelpPlease
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 17 November 2012 - 10:51 PM

TDSSkiller:

17:49:26.0296 0780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:49:26.0703 0780 ============================================================
17:49:26.0703 0780 Current date / time: 2012/11/17 17:49:26.0703
17:49:26.0703 0780 SystemInfo:
17:49:26.0703 0780
17:49:26.0703 0780 OS Version: 5.1.2600 ServicePack: 3.0
17:49:26.0703 0780 Product type: Workstation
17:49:26.0703 0780 ComputerName: USER-4440C0D421
17:49:26.0703 0780 UserName: User
17:49:26.0703 0780 Windows directory: C:\WINDOWS
17:49:26.0703 0780 System windows directory: C:\WINDOWS
17:49:26.0703 0780 Processor architecture: Intel x86
17:49:26.0703 0780 Number of processors: 1
17:49:26.0703 0780 Page size: 0x1000
17:49:26.0703 0780 Boot type: Safe boot with network
17:49:26.0703 0780 ============================================================
17:49:28.0625 0780 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:28.0625 0780 ============================================================
17:49:28.0625 0780 \Device\Harddisk0\DR0:
17:49:28.0625 0780 MBR partitions:
17:49:28.0625 0780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:49:28.0625 0780 ============================================================
17:49:28.0656 0780 C: <-> \Device\Harddisk0\DR0\Partition1
17:49:28.0656 0780 ============================================================
17:49:28.0656 0780 Initialize success
17:49:28.0656 0780 ============================================================
17:49:47.0906 0812 ============================================================
17:49:47.0906 0812 Scan started
17:49:47.0906 0812 Mode: Manual; TDLFS;
17:49:47.0906 0812 ============================================================
17:49:48.0765 0812 ================ Scan system memory ========================
17:49:48.0765 0812 System memory - ok
17:49:48.0796 0812 ================ Scan services =============================
17:49:48.0968 0812 Abiosdsk - ok
17:49:49.0000 0812 abp480n5 - ok
17:49:49.0078 0812 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:49:49.0078 0812 ACPI - ok
17:49:49.0140 0812 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:49:49.0140 0812 ACPIEC - ok
17:49:49.0265 0812 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:49.0281 0812 AdobeFlashPlayerUpdateSvc - ok
17:49:49.0328 0812 adpu160m - ok
17:49:49.0406 0812 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:49:49.0406 0812 aec - ok
17:49:49.0468 0812 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:49:49.0468 0812 AFD - ok
17:49:49.0687 0812 Aha154x - ok
17:49:49.0703 0812 aic78u2 - ok
17:49:49.0718 0812 aic78xx - ok
17:49:49.0875 0812 [ 1CD7F9825EC43F4E8F85B8A074905513 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:49:49.0984 0812 ALCXWDM - ok
17:49:50.0031 0812 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:49:50.0031 0812 Alerter - ok
17:49:50.0046 0812 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:49:50.0062 0812 ALG - ok
17:49:50.0062 0812 AliIde - ok
17:49:50.0078 0812 amsint - ok
17:49:50.0125 0812 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:49:50.0125 0812 AppMgmt - ok
17:49:50.0125 0812 asc - ok
17:49:50.0140 0812 asc3350p - ok
17:49:50.0156 0812 asc3550 - ok
17:49:50.0265 0812 [ A986FCFDAC587E68478DB51547B90800 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:49:50.0265 0812 aspnet_state - ok
17:49:50.0296 0812 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:49:50.0296 0812 AsyncMac - ok
17:49:50.0328 0812 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:49:50.0328 0812 atapi - ok
17:49:50.0390 0812 Atdisk - ok
17:49:50.0734 0812 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:49:50.0734 0812 Atmarpc - ok
17:49:50.0765 0812 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:49:50.0765 0812 AudioSrv - ok
17:49:50.0812 0812 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:49:50.0812 0812 audstub - ok
17:49:50.0843 0812 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:49:50.0859 0812 Beep - ok
17:49:50.0890 0812 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
17:49:50.0890 0812 BIOS - ok
17:49:50.0968 0812 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:49:50.0984 0812 BITS - ok
17:49:51.0015 0812 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:49:51.0015 0812 Browser - ok
17:49:51.0046 0812 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:49:51.0046 0812 cbidf2k - ok
17:49:51.0062 0812 cd20xrnt - ok
17:49:51.0093 0812 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:49:51.0093 0812 Cdaudio - ok
17:49:51.0171 0812 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:49:51.0171 0812 Cdfs - ok
17:49:51.0187 0812 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:49:51.0187 0812 Cdrom - ok
17:49:51.0203 0812 Changer - ok
17:49:51.0234 0812 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:49:51.0234 0812 CiSvc - ok
17:49:51.0265 0812 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:49:51.0265 0812 ClipSrv - ok
17:49:51.0281 0812 CmdIde - ok
17:49:51.0296 0812 COMSysApp - ok
17:49:51.0312 0812 Cpqarray - ok
17:49:51.0359 0812 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:49:51.0359 0812 CryptSvc - ok
17:49:51.0359 0812 dac2w2k - ok
17:49:51.0375 0812 dac960nt - ok
17:49:51.0421 0812 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:49:51.0437 0812 DcomLaunch - ok
17:49:51.0453 0812 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:49:51.0453 0812 Dhcp - ok
17:49:51.0484 0812 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:49:51.0484 0812 Disk - ok
17:49:51.0484 0812 dmadmin - ok
17:49:51.0609 0812 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:49:51.0609 0812 dmboot - ok
17:49:51.0687 0812 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:49:51.0703 0812 dmio - ok
17:49:51.0718 0812 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:49:51.0718 0812 dmload - ok
17:49:51.0734 0812 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:49:51.0734 0812 dmserver - ok
17:49:51.0765 0812 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:49:51.0765 0812 DMusic - ok
17:49:51.0781 0812 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:49:51.0781 0812 Dnscache - ok
17:49:51.0843 0812 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:49:51.0843 0812 Dot3svc - ok
17:49:51.0859 0812 dpti2o - ok
17:49:51.0875 0812 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:49:51.0875 0812 drmkaud - ok
17:49:51.0906 0812 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:49:51.0921 0812 EapHost - ok
17:49:51.0953 0812 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:49:51.0953 0812 ERSvc - ok
17:49:51.0984 0812 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
17:49:51.0984 0812 Eventlog - ok
17:49:52.0015 0812 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
17:49:52.0015 0812 EventSystem - ok
17:49:52.0062 0812 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:49:52.0062 0812 Fastfat - ok
17:49:52.0109 0812 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:49:52.0109 0812 FastUserSwitchingCompatibility - ok
17:49:52.0140 0812 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:49:52.0140 0812 Fdc - ok
17:49:52.0171 0812 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:49:52.0171 0812 FETNDIS - ok
17:49:52.0234 0812 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:49:52.0234 0812 Fips - ok
17:49:52.0265 0812 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:49:52.0265 0812 Flpydisk - ok
17:49:52.0343 0812 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:49:52.0343 0812 FltMgr - ok
17:49:52.0375 0812 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:49:52.0375 0812 Fs_Rec - ok
17:49:52.0421 0812 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:49:52.0421 0812 Ftdisk - ok
17:49:52.0500 0812 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:49:52.0500 0812 Gpc - ok
17:49:52.0593 0812 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:49:52.0593 0812 helpsvc - ok
17:49:52.0640 0812 HidServ - ok
17:49:52.0687 0812 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:49:52.0687 0812 hidusb - ok
17:49:52.0781 0812 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:49:52.0781 0812 hkmsvc - ok
17:49:52.0812 0812 hpn - ok
17:49:52.0906 0812 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:49:52.0906 0812 HTTP - ok
17:49:52.0984 0812 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:49:52.0984 0812 HTTPFilter - ok
17:49:53.0031 0812 i2omgmt - ok
17:49:53.0078 0812 i2omp - ok
17:49:53.0156 0812 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:49:53.0156 0812 i8042prt - ok
17:49:53.0203 0812 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:49:53.0203 0812 Imapi - ok
17:49:53.0281 0812 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:49:53.0281 0812 ImapiService - ok
17:49:53.0343 0812 ini910u - ok
17:49:53.0421 0812 IntelIde - ok
17:49:53.0500 0812 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:49:53.0500 0812 intelppm - ok
17:49:53.0546 0812 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:49:53.0546 0812 Ip6Fw - ok
17:49:53.0593 0812 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:49:53.0609 0812 IpFilterDriver - ok
17:49:53.0640 0812 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:49:53.0640 0812 IpInIp - ok
17:49:53.0703 0812 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:49:53.0703 0812 IpNat - ok
17:49:53.0734 0812 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:49:53.0734 0812 IPSec - ok
17:49:53.0796 0812 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:49:53.0796 0812 IRENUM - ok
17:49:53.0875 0812 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:49:53.0875 0812 isapnp - ok
17:49:53.0968 0812 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:49:53.0984 0812 JavaQuickStarterService - ok
17:49:54.0046 0812 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:49:54.0046 0812 Kbdclass - ok
17:49:54.0093 0812 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:49:54.0093 0812 kmixer - ok
17:49:54.0125 0812 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:49:54.0140 0812 KSecDD - ok
17:49:54.0203 0812 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:49:54.0218 0812 lanmanserver - ok
17:49:54.0250 0812 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:49:54.0265 0812 lanmanworkstation - ok
17:49:54.0281 0812 lbrtfdc - ok
17:49:54.0359 0812 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:49:54.0359 0812 LmHosts - ok
17:49:54.0421 0812 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:49:54.0421 0812 Messenger - ok
17:49:54.0484 0812 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:49:54.0484 0812 mnmdd - ok
17:49:54.0546 0812 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:49:54.0546 0812 mnmsrvc - ok
17:49:54.0593 0812 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:49:54.0593 0812 Modem - ok
17:49:54.0640 0812 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:49:54.0640 0812 Mouclass - ok
17:49:54.0687 0812 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:49:54.0687 0812 mouhid - ok
17:49:54.0718 0812 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:49:54.0718 0812 MountMgr - ok
17:49:54.0796 0812 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:49:54.0796 0812 MozillaMaintenance - ok
17:49:54.0843 0812 mraid35x - ok
17:49:54.0890 0812 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:49:54.0906 0812 MRxDAV - ok
17:49:54.0968 0812 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:49:54.0968 0812 MRxSmb - ok
17:49:55.0031 0812 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:49:55.0031 0812 MSDTC - ok
17:49:55.0062 0812 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:49:55.0062 0812 Msfs - ok
17:49:55.0093 0812 MSIServer - ok
17:49:55.0140 0812 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:49:55.0140 0812 MSKSSRV - ok
17:49:55.0203 0812 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:49:55.0203 0812 MSPCLOCK - ok
17:49:55.0234 0812 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:49:55.0234 0812 MSPQM - ok
17:49:55.0281 0812 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:49:55.0281 0812 mssmbios - ok
17:49:55.0328 0812 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:49:55.0328 0812 Mup - ok
17:49:55.0406 0812 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:49:55.0406 0812 napagent - ok
17:49:55.0484 0812 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:49:55.0484 0812 NDIS - ok
17:49:55.0531 0812 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:49:55.0531 0812 NdisTapi - ok
17:49:55.0593 0812 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:49:55.0593 0812 Ndisuio - ok
17:49:55.0625 0812 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:49:55.0625 0812 NdisWan - ok
17:49:55.0671 0812 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:49:55.0671 0812 NDProxy - ok
17:49:55.0718 0812 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:49:55.0734 0812 NetBIOS - ok
17:49:55.0781 0812 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:49:55.0796 0812 NetBT - ok
17:49:55.0859 0812 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:49:55.0859 0812 NetDDE - ok
17:49:55.0890 0812 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:49:55.0906 0812 NetDDEdsdm - ok
17:49:55.0968 0812 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:49:55.0968 0812 Netlogon - ok
17:49:56.0031 0812 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:49:56.0046 0812 Netman - ok
17:49:56.0109 0812 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
17:49:56.0109 0812 Nla - ok
17:49:56.0156 0812 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:49:56.0171 0812 Npfs - ok
17:49:56.0218 0812 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:49:56.0218 0812 Ntfs - ok
17:49:56.0250 0812 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:49:56.0250 0812 NtLmSsp - ok
17:49:56.0343 0812 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:49:56.0359 0812 NtmsSvc - ok
17:49:56.0375 0812 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:49:56.0375 0812 Null - ok
17:49:56.0421 0812 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:49:56.0421 0812 NwlnkFlt - ok
17:49:56.0453 0812 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:49:56.0453 0812 NwlnkFwd - ok
17:49:56.0546 0812 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:56.0546 0812 ose - ok
17:49:56.0609 0812 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:49:56.0609 0812 Parport - ok
17:49:56.0656 0812 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:49:56.0656 0812 PartMgr - ok
17:49:56.0734 0812 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:49:56.0734 0812 ParVdm - ok
17:49:56.0781 0812 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:49:56.0781 0812 PCI - ok
17:49:56.0796 0812 PCIDump - ok
17:49:56.0843 0812 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:49:56.0859 0812 PCIIde - ok
17:49:56.0906 0812 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:49:56.0906 0812 Pcmcia - ok
17:49:56.0921 0812 PDCOMP - ok
17:49:56.0968 0812 PDFRAME - ok
17:49:57.0015 0812 PDRELI - ok
17:49:57.0062 0812 PDRFRAME - ok
17:49:57.0109 0812 perc2 - ok
17:49:57.0140 0812 perc2hib - ok
17:49:57.0281 0812 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
17:49:57.0296 0812 PlugPlay - ok
17:49:57.0328 0812 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:49:57.0328 0812 PolicyAgent - ok
17:49:57.0375 0812 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:49:57.0375 0812 PptpMiniport - ok
17:49:57.0390 0812 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:49:57.0406 0812 ProtectedStorage - ok
17:49:57.0453 0812 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:49:57.0453 0812 PSched - ok
17:49:57.0515 0812 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:49:57.0515 0812 Ptilink - ok
17:49:57.0546 0812 ql1080 - ok
17:49:57.0593 0812 Ql10wnt - ok
17:49:57.0625 0812 ql12160 - ok
17:49:57.0656 0812 ql1240 - ok
17:49:57.0703 0812 ql1280 - ok
17:49:57.0750 0812 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:49:57.0750 0812 RasAcd - ok
17:49:57.0828 0812 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:49:57.0843 0812 RasAuto - ok
17:49:57.0890 0812 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:49:57.0890 0812 Rasl2tp - ok
17:49:57.0953 0812 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:49:57.0953 0812 RasMan - ok
17:49:58.0000 0812 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:49:58.0000 0812 RasPppoe - ok
17:49:58.0031 0812 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:49:58.0031 0812 Raspti - ok
17:49:58.0093 0812 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:49:58.0093 0812 Rdbss - ok
17:49:58.0125 0812 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:49:58.0125 0812 RDPCDD - ok
17:49:58.0203 0812 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:49:58.0203 0812 rdpdr - ok
17:49:58.0296 0812 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:49:58.0296 0812 RDPWD - ok
17:49:58.0359 0812 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:49:58.0359 0812 RDSessMgr - ok
17:49:58.0421 0812 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:49:58.0421 0812 redbook - ok
17:49:58.0484 0812 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:49:58.0484 0812 RemoteAccess - ok
17:49:58.0546 0812 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:49:58.0562 0812 RemoteRegistry - ok
17:49:58.0609 0812 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:49:58.0609 0812 RpcLocator - ok
17:49:58.0687 0812 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:49:58.0687 0812 RpcSs - ok
17:49:58.0734 0812 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:49:58.0750 0812 RSVP - ok
17:49:58.0812 0812 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:49:58.0812 0812 SamSs - ok
17:49:58.0859 0812 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:49:58.0859 0812 SCardSvr - ok
17:49:58.0937 0812 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:49:58.0953 0812 Schedule - ok
17:49:59.0046 0812 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:49:59.0046 0812 Secdrv - ok
17:49:59.0093 0812 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:49:59.0093 0812 seclogon - ok
17:49:59.0140 0812 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:49:59.0140 0812 SENS - ok
17:49:59.0203 0812 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:49:59.0203 0812 serenum - ok
17:49:59.0265 0812 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:49:59.0265 0812 Serial - ok
17:49:59.0328 0812 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:49:59.0328 0812 Sfloppy - ok
17:49:59.0406 0812 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:49:59.0437 0812 SharedAccess - ok
17:49:59.0500 0812 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:49:59.0500 0812 ShellHWDetection - ok
17:49:59.0546 0812 Simbad - ok
17:49:59.0593 0812 Sparrow - ok
17:49:59.0640 0812 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:49:59.0640 0812 splitter - ok
17:49:59.0703 0812 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:49:59.0703 0812 Spooler - ok
17:49:59.0781 0812 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:49:59.0781 0812 sr - ok
17:49:59.0828 0812 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:49:59.0828 0812 srservice - ok
17:49:59.0890 0812 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:49:59.0890 0812 Srv - ok
17:49:59.0984 0812 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:49:59.0984 0812 SSDPSRV - ok
17:50:00.0078 0812 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:50:00.0078 0812 stisvc - ok
17:50:00.0140 0812 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:50:00.0140 0812 swenum - ok
17:50:00.0218 0812 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:50:00.0218 0812 swmidi - ok
17:50:00.0250 0812 SwPrv - ok
17:50:00.0312 0812 symc810 - ok
17:50:00.0359 0812 symc8xx - ok
17:50:00.0406 0812 sym_hi - ok
17:50:00.0453 0812 sym_u3 - ok
17:50:00.0484 0812 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:50:00.0484 0812 sysaudio - ok
17:50:00.0531 0812 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:50:00.0531 0812 SysmonLog - ok
17:50:00.0609 0812 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:50:00.0609 0812 TapiSrv - ok
17:50:00.0687 0812 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:50:00.0687 0812 Tcpip - ok
17:50:00.0750 0812 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:50:00.0750 0812 TDPIPE - ok
17:50:00.0796 0812 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:50:00.0796 0812 TDTCP - ok
17:50:00.0843 0812 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:50:00.0843 0812 TermDD - ok
17:50:00.0906 0812 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:50:00.0921 0812 TermService - ok
17:50:00.0984 0812 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:50:01.0000 0812 Themes - ok
17:50:01.0062 0812 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:50:01.0062 0812 TlntSvr - ok
17:50:01.0078 0812 TosIde - ok
17:50:01.0156 0812 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:50:01.0156 0812 TrkWks - ok
17:50:01.0234 0812 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:50:01.0250 0812 uagp35 - ok
17:50:01.0312 0812 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:50:01.0312 0812 Udfs - ok
17:50:01.0359 0812 ultra - ok
17:50:01.0437 0812 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:50:01.0437 0812 Update - ok
17:50:01.0500 0812 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:50:01.0500 0812 upnphost - ok
17:50:01.0546 0812 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:50:01.0546 0812 UPS - ok
17:50:01.0593 0812 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:50:01.0593 0812 usbehci - ok
17:50:01.0656 0812 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:50:01.0656 0812 usbhub - ok
17:50:01.0703 0812 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:50:01.0703 0812 usbprint - ok
17:50:01.0734 0812 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:50:01.0734 0812 usbuhci - ok
17:50:01.0781 0812 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:50:01.0781 0812 VgaSave - ok
17:50:01.0859 0812 [ BCB2353661CB74A28C2E3E08CCFDFF12 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
17:50:01.0875 0812 viagfx - ok
17:50:01.0921 0812 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:50:01.0921 0812 ViaIde - ok
17:50:01.0968 0812 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:50:01.0968 0812 VolSnap - ok
17:50:02.0031 0812 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:50:02.0046 0812 VSS - ok
17:50:02.0109 0812 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:50:02.0109 0812 W32Time - ok
17:50:02.0187 0812 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:50:02.0187 0812 Wanarp - ok
17:50:02.0218 0812 WDICA - ok
17:50:02.0281 0812 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:50:02.0281 0812 wdmaud - ok
17:50:02.0312 0812 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:50:02.0328 0812 WebClient - ok
17:50:02.0421 0812 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:50:02.0437 0812 winmgmt - ok
17:50:02.0562 0812 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:50:02.0562 0812 WmdmPmSN - ok
17:50:02.0640 0812 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:50:02.0656 0812 Wmi - ok
17:50:02.0734 0812 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:50:02.0734 0812 WmiApSrv - ok
17:50:02.0843 0812 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:50:02.0843 0812 wscsvc - ok
17:50:02.0906 0812 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:50:02.0906 0812 wuauserv - ok
17:50:02.0984 0812 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:50:03.0000 0812 WZCSVC - ok
17:50:03.0093 0812 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:50:03.0093 0812 xmlprov - ok
17:50:03.0140 0812 ================ Scan global ===============================
17:50:03.0218 0812 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:50:03.0265 0812 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:50:03.0312 0812 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
17:50:03.0359 0812 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
17:50:03.0359 0812 [Global] - ok
17:50:03.0359 0812 ================ Scan MBR ==================================
17:50:03.0406 0812 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:50:03.0671 0812 \Device\Harddisk0\DR0 - ok
17:50:03.0687 0812 ================ Scan VBR ==================================
17:50:03.0703 0812 [ D0F47517ABABABFDB274F6F2EDA3951D ] \Device\Harddisk0\DR0\Partition1
17:50:03.0718 0812 \Device\Harddisk0\DR0\Partition1 - ok
17:50:03.0718 0812 ============================================================
17:50:03.0718 0812 Scan finished
17:50:03.0718 0812 ============================================================
17:50:03.0812 0804 Detected object count: 0
17:50:03.0812 0804 Actual detected object count: 0
17:50:08.0781 0636 Deinitialize success



aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 17:50:56
-----------------------------
17:50:56.609 OS Version: Windows 5.1.2600 Service Pack 3
17:50:56.609 Number of processors: 1 586 0x409
17:50:56.609 ComputerName: USER-4440C0D421 UserName: User
17:50:57.109 Initialize success
17:57:21.468 AVAST engine defs: 12111701
17:57:32.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-1b
17:57:32.281 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
17:57:32.312 Disk 0 MBR read successfully
17:57:32.343 Disk 0 MBR scan
17:57:32.781 Disk 0 Windows XP default MBR code
17:57:32.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
17:57:33.093 Disk 0 scanning sectors +312560640
17:57:33.437 Disk 0 scanning C:\WINDOWS\system32\drivers
17:57:54.937 Service scanning
17:58:13.796 Modules scanning
17:58:19.234 Disk 0 trace - called modules:
17:58:19.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
17:58:19.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843ce3c0]
17:58:20.656 3 CLASSPNP.SYS[f758ffd7] -> nt!IofCallDriver -> \Device\00000058[0x843cf650]
17:58:20.734 5 ACPI.sys[f7506620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-1b[0x843cf030]
17:58:21.281 AVAST engine scan C:\WINDOWS
17:58:26.343 AVAST engine scan C:\WINDOWS\system32
18:01:05.734 AVAST engine scan C:\WINDOWS\system32\drivers
18:01:32.031 AVAST engine scan C:\Documents and Settings\User
18:02:06.265 AVAST engine scan C:\Documents and Settings\All Users
18:02:09.375 Scan finished successfully
18:02:38.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
18:02:38.437 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"



ESET OnlineScan couldn't find any threats, so I think that's why there wasn't an option to Export.

I forgot to mention that, for the current symptoms, sometimes a download dialog box would pop up for strange PDF files when I visit my usual sites.

Edited by TechHelpPlease, 17 November 2012 - 10:51 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:27 PM

Posted 17 November 2012 - 11:22 PM

So I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users