Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer does not shut down, date/time change


  • Please log in to reply
5 replies to this topic

#1 Bezy

Bezy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 11 December 2012 - 09:22 PM

Hello,

For the past two weeks, my computer has been changing the date or time by itself. The date and time can be different the next time I would turn the computer on, or the date/time would change while the computer was on. I have not noticed the date/time changing when I start up something (like the internet), it just happens out of nowhere.

I know this may not help much, but the date/time doesn't change drastically. For example, on this past Sunday at about 10am, the computer time read that it was Sunday December 16th, 4 am. Whenever this would happen, I would just readjust the date/time on the Date & Time tab in the Date and Time Properties (I did not think to look at Time Zones and Internet Time then).

Another problem I have is that while shutting down my computer, sometimes my computer restarts instead. Sometimes, I see a blue screen when this happens. I cannot read the blue screen message as the screen disappears very quickly. I tried looking for the blue screen message in the event viewer, but it is not there.

I do not know if these two problems are related to one another.

I read that the random time/date changes can be caused by a dying motherboard battery. I asked some members of my family to check this, and they said that the battery is fine so the problem must be a virus. If anyone could guide me to check this again if needed, I would greatly appreciate it.
I fixed the time by going to the date and time properties. I found out that my time zone was changed, so I fixed that. Also, I went to Internet Time and synchronized the time with the time server. I read somewhere that the date/time change problem can be solved by choosing not to synchronize time by un-checking the box (Automatically synchronize with an Internet time server), but I did not want to attempt this as I was unsure about doing this.
The date and time have not changed again yet, but I am still concerned with that issue and the issue with the restarts.

I am running Windows XP Professional Version 2002 Service Pack 3.
I also ran virus scans using Kapersky Internet Security and the ESET Online Scanner. Both scans did not detect any infected files.

Thank you in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:32 PM

Posted 16 December 2012 - 12:19 PM

Hello, we can take a look for malware.. Sometimes the clock issues is a failing motherboard battery in older PC's

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


>>>>
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Lastly ... I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bezy

Bezy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 December 2012 - 03:15 PM

ESET OnlineScan did not create a log. Here are the others:

MiniToolBox by Farbar Version: 25-11-2012
Ran by Vicki (administrator) on 16-12-2012 at 13:40:16
Running from "C:\Documents and Settings\Vicki\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : deepthought

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

Physical Address. . . . . . . . . : 00-18-F3-AE-59-4E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.21

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Sunday, December 16, 2012 11:47:24 AM

Lease Expires . . . . . . . . . . : Wednesday, December 19, 2012 11:47:24 AM

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.69, 74.125.226.71, 74.125.226.78, 74.125.226.66
74.125.226.64, 74.125.226.67, 74.125.226.72, 74.125.226.68, 74.125.226.73
74.125.226.65, 74.125.226.70



Pinging google.com [74.125.226.69] with 32 bytes of data:



Reply from 74.125.226.69: bytes=32 time=20ms TTL=55

Reply from 74.125.226.69: bytes=32 time=19ms TTL=55



Ping statistics for 74.125.226.69:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=109ms TTL=51

Reply from 72.30.38.140: bytes=32 time=108ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 109ms, Average = 108ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time=-3ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = -3ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 ae 59 4e ...... NVIDIA nForce 10/100/1000 Mbps Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.21 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.21 192.168.2.21 20
192.168.2.21 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.21 192.168.2.21 20
224.0.0.0 240.0.0.0 192.168.2.21 192.168.2.21 20
255.255.255.255 255.255.255.255 192.168.2.21 192.168.2.21 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2012 08:21:11 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:30 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:28 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:28 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:27 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:25 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:24 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:24 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:19 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/06/2012 01:15:18 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (12/16/2012 01:33:18 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/16/2012 11:57:19 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/15/2012 10:40:39 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/15/2012 09:28:42 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/15/2012 08:28:36 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/15/2012 07:04:37 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/14/2012 03:05:05 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/14/2012 01:35:17 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/14/2012 00:59:13 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A

Error: (12/14/2012 11:50:12 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverCYBERNETICONetBT_Tcpip_{5EF62B15-C552-4A


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2540)
Adobe Download Assistant (Version: 1.2.2)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Brother MFL-Pro Suite MFC-490CW (Version: 1.1.5.0)
Data Fax SoftModem with SmartCP
ESET Online Scanner v3
Fraps (remove only)
Google Chrome (Version: 23.0.1271.97)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 24 (Version: 6.0.240)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
LightScribe System Software (Version: 1.18.17.1)
Luvinia (Version: 1010022)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
NVIDIA Drivers
Paint.NET v3.5.10 (Version: 3.60.0)
PaperPort Image Printer (Version: 1.00.0000)
Python 2.7 basemap-1.0.1
Python 2.7 h5py-2.0.1 (Version: 2.0.1)
Python 2.7 matplotlib-1.1.0
Python 2.7 netCDF4-0.9.9
Python 2.7 numpy-1.5.1
Python 2.7 PIL-1.1.7
Python 2.7 scipy-0.9.0
Python 2.7.1 (Version: 2.7.1150)
Realtek High Definition Audio Driver (Version: 5.10.0.6438)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Unlocker 1.9.0 (Version: 1.9.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VLC media player 2.0.3 (Version: 2.0.3)
VPython 5.72
WebFldrs XP (Version: 9.50.7523)
Windows PowerShell™ 1.0 (Version: 2)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3006.48 MB
Available physical RAM: 2421.33 MB
Total Pagefile: 4891.47 MB
Available Pagefile: 4330.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:441.17 GB) NTFS

========================= Users: ========================================

User accounts for \\DEEPTHOUGHT

Administrator Guest HelpAssistant
SUPPORT_388945a0 Vicki


**** End of log ****


13:40:40.0062 0244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:40:40.0531 0244 ============================================================
13:40:40.0531 0244 Current date / time: 2012/12/16 13:40:40.0531
13:40:40.0531 0244 SystemInfo:
13:40:40.0531 0244
13:40:40.0531 0244 OS Version: 5.1.2600 ServicePack: 3.0
13:40:40.0531 0244 Product type: Workstation
13:40:40.0531 0244 ComputerName: DEEPTHOUGHT
13:40:40.0531 0244 UserName: Vicki
13:40:40.0531 0244 Windows directory: C:\WINDOWS
13:40:40.0531 0244 System windows directory: C:\WINDOWS
13:40:40.0531 0244 Processor architecture: Intel x86
13:40:40.0531 0244 Number of processors: 2
13:40:40.0531 0244 Page size: 0x1000
13:40:40.0531 0244 Boot type: Normal boot
13:40:40.0531 0244 ============================================================
13:40:41.0437 0244 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:40:41.0468 0244 ============================================================
13:40:41.0468 0244 \Device\Harddisk0\DR0:
13:40:41.0468 0244 MBR partitions:
13:40:41.0468 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:40:41.0468 0244 ============================================================
13:40:41.0500 0244 C: <-> \Device\Harddisk0\DR0\Partition1
13:40:41.0500 0244 ============================================================
13:40:41.0500 0244 Initialize success
13:40:41.0500 0244 ============================================================
13:40:45.0828 5508 ============================================================
13:40:45.0828 5508 Scan started
13:40:45.0828 5508 Mode: Manual; TDLFS;
13:40:45.0828 5508 ============================================================
13:40:46.0609 5508 ================ Scan system memory ========================
13:40:46.0609 5508 System memory - ok
13:40:46.0609 5508 ================ Scan services =============================
13:40:47.0312 5508 1394hub - ok
13:40:47.0375 5508 Abiosdsk - ok
13:40:47.0390 5508 abp480n5 - ok
13:40:47.0406 5508 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:47.0421 5508 ACPI - ok
13:40:47.0437 5508 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:47.0453 5508 ACPIEC - ok
13:40:47.0453 5508 adpu160m - ok
13:40:47.0484 5508 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:40:47.0500 5508 aec - ok
13:40:47.0515 5508 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:40:47.0515 5508 AFD - ok
13:40:47.0515 5508 Aha154x - ok
13:40:47.0531 5508 aic78u2 - ok
13:40:47.0546 5508 aic78xx - ok
13:40:47.0578 5508 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:40:47.0578 5508 Alerter - ok
13:40:47.0593 5508 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:40:47.0593 5508 ALG - ok
13:40:47.0609 5508 AliIde - ok
13:40:47.0625 5508 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:40:47.0625 5508 AmdPPM - ok
13:40:47.0640 5508 amsint - ok
13:40:47.0656 5508 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:40:47.0656 5508 AppMgmt - ok
13:40:47.0671 5508 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:40:47.0671 5508 Arp1394 - ok
13:40:47.0671 5508 asc - ok
13:40:47.0687 5508 asc3350p - ok
13:40:47.0687 5508 asc3550 - ok
13:40:47.0718 5508 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
13:40:47.0718 5508 Aspi32 - ok
13:40:47.0890 5508 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:40:47.0890 5508 aspnet_state - ok
13:40:47.0906 5508 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:47.0906 5508 AsyncMac - ok
13:40:47.0937 5508 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:47.0937 5508 atapi - ok
13:40:47.0937 5508 Atdisk - ok
13:40:47.0953 5508 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:47.0953 5508 Atmarpc - ok
13:40:47.0968 5508 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:40:47.0968 5508 AudioSrv - ok
13:40:47.0968 5508 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:47.0984 5508 audstub - ok
13:40:48.0171 5508 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
13:40:48.0171 5508 AVP - ok
13:40:48.0203 5508 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:40:48.0203 5508 Beep - ok
13:40:48.0218 5508 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:40:48.0234 5508 BITS - ok
13:40:48.0250 5508 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll
13:40:48.0250 5508 Browser - ok
13:40:48.0265 5508 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:40:48.0265 5508 cbidf2k - ok
13:40:48.0265 5508 cd20xrnt - ok
13:40:48.0281 5508 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:40:48.0281 5508 Cdaudio - ok
13:40:48.0296 5508 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:40:48.0296 5508 Cdfs - ok
13:40:48.0312 5508 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:40:48.0312 5508 Cdrom - ok
13:40:48.0328 5508 Changer - ok
13:40:48.0328 5508 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:40:48.0328 5508 CiSvc - ok
13:40:48.0343 5508 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:40:48.0343 5508 ClipSrv - ok
13:40:48.0375 5508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:48.0375 5508 clr_optimization_v2.0.50727_32 - ok
13:40:48.0375 5508 CmdIde - ok
13:40:48.0390 5508 COMSysApp - ok
13:40:48.0406 5508 Cpqarray - ok
13:40:48.0421 5508 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:40:48.0421 5508 CryptSvc - ok
13:40:48.0421 5508 dac2w2k - ok
13:40:48.0437 5508 dac960nt - ok
13:40:48.0468 5508 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:40:48.0468 5508 DcomLaunch - ok
13:40:48.0484 5508 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:40:48.0484 5508 Dhcp - ok
13:40:48.0500 5508 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:40:48.0500 5508 Disk - ok
13:40:48.0500 5508 dmadmin - ok
13:40:48.0531 5508 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:40:48.0531 5508 dmboot - ok
13:40:48.0562 5508 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:40:48.0562 5508 dmio - ok
13:40:48.0578 5508 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:40:48.0593 5508 dmload - ok
13:40:48.0593 5508 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:40:48.0593 5508 dmserver - ok
13:40:48.0609 5508 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:40:48.0609 5508 DMusic - ok
13:40:48.0625 5508 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:40:48.0640 5508 Dnscache - ok
13:40:48.0640 5508 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:40:48.0640 5508 Dot3svc - ok
13:40:48.0656 5508 dpti2o - ok
13:40:48.0671 5508 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:40:48.0671 5508 drmkaud - ok
13:40:48.0687 5508 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:40:48.0687 5508 EapHost - ok
13:40:48.0718 5508 [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog C:\WINDOWS\system32\services.exe
13:40:48.0718 5508 Eventlog - ok
13:40:48.0734 5508 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
13:40:48.0734 5508 EventSystem - ok
13:40:48.0750 5508 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
13:40:48.0750 5508 exFat - ok
13:40:48.0765 5508 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:40:48.0765 5508 Fastfat - ok
13:40:48.0781 5508 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:40:48.0781 5508 FastUserSwitchingCompatibility - ok
13:40:48.0781 5508 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:40:48.0796 5508 Fdc - ok
13:40:48.0812 5508 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:40:48.0812 5508 Fips - ok
13:40:48.0828 5508 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:40:48.0828 5508 Flpydisk - ok
13:40:48.0859 5508 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:40:48.0859 5508 FltMgr - ok
13:40:48.0906 5508 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:40:48.0906 5508 FontCache3.0.0.0 - ok
13:40:48.0937 5508 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:40:48.0937 5508 Fs_Rec - ok
13:40:48.0937 5508 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:40:48.0953 5508 Ftdisk - ok
13:40:48.0953 5508 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:40:48.0953 5508 Gpc - ok
13:40:48.0968 5508 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:40:48.0984 5508 HDAudBus - ok
13:40:49.0000 5508 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:40:49.0000 5508 helpsvc - ok
13:40:49.0015 5508 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:40:49.0031 5508 HidServ - ok
13:40:49.0046 5508 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:40:49.0046 5508 hidusb - ok
13:40:49.0062 5508 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:40:49.0062 5508 hkmsvc - ok
13:40:49.0062 5508 hpn - ok
13:40:49.0078 5508 [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
13:40:49.0078 5508 HSXHWBS2 - ok
13:40:49.0125 5508 [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
13:40:49.0125 5508 HSX_DP - ok
13:40:49.0140 5508 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:40:49.0156 5508 HTTP - ok
13:40:49.0171 5508 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:40:49.0171 5508 HTTPFilter - ok
13:40:49.0171 5508 i2omgmt - ok
13:40:49.0187 5508 i2omp - ok
13:40:49.0203 5508 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:40:49.0203 5508 i8042prt - ok
13:40:49.0265 5508 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:40:49.0265 5508 idsvc - ok
13:40:49.0296 5508 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:40:49.0296 5508 Imapi - ok
13:40:49.0312 5508 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:40:49.0312 5508 ImapiService - ok
13:40:49.0328 5508 ini910u - ok
13:40:49.0453 5508 [ 440317795D6F9AF27BF305036AD43D1D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:40:49.0500 5508 IntcAzAudAddService - ok
13:40:49.0515 5508 IntelIde - ok
13:40:49.0515 5508 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:40:49.0515 5508 Ip6Fw - ok
13:40:49.0546 5508 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:40:49.0546 5508 IpFilterDriver - ok
13:40:49.0546 5508 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:40:49.0546 5508 IpInIp - ok
13:40:49.0562 5508 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:40:49.0562 5508 IpNat - ok
13:40:49.0593 5508 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:40:49.0593 5508 IPSec - ok
13:40:49.0609 5508 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:40:49.0609 5508 IRENUM - ok
13:40:49.0625 5508 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:40:49.0640 5508 isapnp - ok
13:40:49.0734 5508 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:40:49.0734 5508 JavaQuickStarterService - ok
13:40:49.0750 5508 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:40:49.0750 5508 Kbdclass - ok
13:40:49.0765 5508 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:40:49.0765 5508 kbdhid - ok
13:40:49.0796 5508 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
13:40:49.0796 5508 KL1 - ok
13:40:49.0812 5508 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
13:40:49.0812 5508 kl2 - ok
13:40:49.0859 5508 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
13:40:49.0859 5508 KLIF - ok
13:40:49.0890 5508 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
13:40:49.0890 5508 klim5 - ok
13:40:49.0906 5508 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:40:49.0906 5508 klmouflt - ok
13:40:49.0921 5508 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:40:49.0937 5508 kmixer - ok
13:40:49.0953 5508 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:40:49.0953 5508 KSecDD - ok
13:40:49.0968 5508 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:40:49.0984 5508 LanmanServer - ok
13:40:49.0984 5508 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:40:50.0000 5508 lanmanworkstation - ok
13:40:50.0000 5508 lbrtfdc - ok
13:40:50.0062 5508 [ B1E1C8BB1392537E4D415FCDCB93B1D3 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:40:50.0062 5508 LightScribeService - ok
13:40:50.0078 5508 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:40:50.0078 5508 LmHosts - ok
13:40:50.0093 5508 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:40:50.0093 5508 mdmxsdk - ok
13:40:50.0109 5508 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:40:50.0109 5508 Messenger - ok
13:40:50.0218 5508 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:40:50.0218 5508 Microsoft Office Groove Audit Service - ok
13:40:50.0250 5508 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:40:50.0250 5508 mnmdd - ok
13:40:50.0281 5508 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:40:50.0281 5508 mnmsrvc - ok
13:40:50.0296 5508 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:40:50.0296 5508 Modem - ok
13:40:50.0328 5508 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:40:50.0328 5508 Mouclass - ok
13:40:50.0343 5508 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:40:50.0343 5508 mouhid - ok
13:40:50.0343 5508 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:40:50.0343 5508 MountMgr - ok
13:40:50.0359 5508 mraid35x - ok
13:40:50.0375 5508 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:40:50.0375 5508 MRxDAV - ok
13:40:50.0406 5508 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:40:50.0406 5508 MRxSmb - ok
13:40:50.0437 5508 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:40:50.0437 5508 MSDTC - ok
13:40:50.0453 5508 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:40:50.0453 5508 Msfs - ok
13:40:50.0453 5508 MSIServer - ok
13:40:50.0484 5508 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:40:50.0484 5508 MSKSSRV - ok
13:40:50.0500 5508 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:40:50.0500 5508 MSPCLOCK - ok
13:40:50.0500 5508 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:40:50.0500 5508 MSPQM - ok
13:40:50.0515 5508 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:40:50.0515 5508 mssmbios - ok
13:40:50.0531 5508 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:40:50.0531 5508 Mup - ok
13:40:50.0562 5508 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:40:50.0562 5508 napagent - ok
13:40:50.0578 5508 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:40:50.0578 5508 NDIS - ok
13:40:50.0593 5508 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:50.0609 5508 NdisTapi - ok
13:40:50.0609 5508 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:50.0609 5508 Ndisuio - ok
13:40:50.0625 5508 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:50.0625 5508 NdisWan - ok
13:40:50.0625 5508 [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:50.0625 5508 NDProxy - ok
13:40:50.0656 5508 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:50.0656 5508 NetBIOS - ok
13:40:50.0671 5508 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:50.0671 5508 NetBT - ok
13:40:50.0687 5508 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:40:50.0687 5508 NetDDE - ok
13:40:50.0703 5508 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:40:50.0703 5508 NetDDEdsdm - ok
13:40:50.0718 5508 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:40:50.0718 5508 Netlogon - ok
13:40:50.0734 5508 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:40:50.0734 5508 Netman - ok
13:40:50.0765 5508 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:50.0765 5508 NetTcpPortSharing - ok
13:40:50.0781 5508 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:40:50.0781 5508 NIC1394 - ok
13:40:50.0796 5508 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll
13:40:50.0796 5508 Nla - ok
13:40:50.0828 5508 [ 139BF6BF53985DA698D57874E02C0E2E ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
13:40:50.0828 5508 nlsX86cc - ok
13:40:50.0843 5508 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:40:50.0843 5508 Npfs - ok
13:40:50.0875 5508 [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:50.0875 5508 Ntfs - ok
13:40:50.0875 5508 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:40:50.0890 5508 NtLmSsp - ok
13:40:50.0906 5508 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:40:50.0906 5508 NtmsSvc - ok
13:40:50.0937 5508 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:40:50.0937 5508 Null - ok
13:40:51.0031 5508 [ 642A87877F83313EB5302749CD479024 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:40:51.0062 5508 nv - ok
13:40:51.0093 5508 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:40:51.0093 5508 NVENETFD - ok
13:40:51.0093 5508 [ 619D8943725402D1179941FD58574CC8 ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:40:51.0109 5508 nvgts - ok
13:40:51.0109 5508 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:40:51.0109 5508 nvnetbus - ok
13:40:51.0125 5508 [ B0903C021BFCD6055C053A569EF98AEF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:40:51.0125 5508 NVSvc - ok
13:40:51.0156 5508 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:51.0156 5508 NwlnkFlt - ok
13:40:51.0156 5508 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:51.0156 5508 NwlnkFwd - ok
13:40:51.0234 5508 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:40:51.0250 5508 odserv - ok
13:40:51.0265 5508 [ 2553F7C60B8D291B5A812245E6D4DA6E ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:40:51.0265 5508 ohci1394 - ok
13:40:51.0296 5508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:51.0296 5508 ose - ok
13:40:51.0328 5508 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:40:51.0328 5508 Parport - ok
13:40:51.0328 5508 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:51.0343 5508 PartMgr - ok
13:40:51.0359 5508 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:51.0359 5508 ParVdm - ok
13:40:51.0375 5508 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:51.0375 5508 PCI - ok
13:40:51.0375 5508 PCIDump - ok
13:40:51.0390 5508 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:40:51.0390 5508 PCIIde - ok
13:40:51.0406 5508 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:51.0406 5508 Pcmcia - ok
13:40:51.0406 5508 PDCOMP - ok
13:40:51.0421 5508 PDFRAME - ok
13:40:51.0421 5508 PDRELI - ok
13:40:51.0437 5508 PDRFRAME - ok
13:40:51.0437 5508 perc2 - ok
13:40:51.0453 5508 perc2hib - ok
13:40:51.0484 5508 [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay C:\WINDOWS\system32\services.exe
13:40:51.0484 5508 PlugPlay - ok
13:40:51.0500 5508 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:40:51.0500 5508 PolicyAgent - ok
13:40:51.0515 5508 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:51.0515 5508 PptpMiniport - ok
13:40:51.0531 5508 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:40:51.0531 5508 ProtectedStorage - ok
13:40:51.0531 5508 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:51.0546 5508 PSched - ok
13:40:51.0562 5508 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:51.0562 5508 Ptilink - ok
13:40:51.0562 5508 ql1080 - ok
13:40:51.0578 5508 Ql10wnt - ok
13:40:51.0578 5508 ql12160 - ok
13:40:51.0593 5508 ql1240 - ok
13:40:51.0593 5508 ql1280 - ok
13:40:51.0609 5508 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:51.0609 5508 RasAcd - ok
13:40:51.0625 5508 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:40:51.0625 5508 RasAuto - ok
13:40:51.0640 5508 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:51.0640 5508 Rasl2tp - ok
13:40:51.0640 5508 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:40:51.0656 5508 RasMan - ok
13:40:51.0656 5508 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:51.0656 5508 RasPppoe - ok
13:40:51.0671 5508 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:51.0671 5508 Raspti - ok
13:40:51.0671 5508 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:51.0687 5508 Rdbss - ok
13:40:51.0687 5508 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:51.0687 5508 RDPCDD - ok
13:40:51.0718 5508 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:40:51.0718 5508 rdpdr - ok
13:40:51.0750 5508 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:51.0750 5508 RDPWD - ok
13:40:51.0781 5508 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:40:51.0781 5508 RDSessMgr - ok
13:40:51.0796 5508 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:51.0796 5508 redbook - ok
13:40:51.0812 5508 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:40:51.0828 5508 RemoteAccess - ok
13:40:51.0828 5508 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:40:51.0828 5508 RemoteRegistry - ok
13:40:51.0859 5508 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:40:51.0859 5508 RpcLocator - ok
13:40:51.0875 5508 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:40:51.0875 5508 RpcSs - ok
13:40:51.0906 5508 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:40:51.0906 5508 RSVP - ok
13:40:51.0921 5508 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:40:51.0921 5508 SamSs - ok
13:40:51.0937 5508 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:40:51.0953 5508 SCardSvr - ok
13:40:51.0984 5508 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:40:51.0984 5508 Schedule - ok
13:40:52.0000 5508 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:52.0000 5508 Secdrv - ok
13:40:52.0000 5508 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:40:52.0000 5508 seclogon - ok
13:40:52.0015 5508 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:40:52.0015 5508 SENS - ok
13:40:52.0031 5508 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:40:52.0031 5508 Serial - ok
13:40:52.0062 5508 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:52.0062 5508 Sfloppy - ok
13:40:52.0093 5508 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:40:52.0093 5508 SharedAccess - ok
13:40:52.0109 5508 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:40:52.0109 5508 ShellHWDetection - ok
13:40:52.0125 5508 [ F459DD5EE69D4B68CB6767C9731B5FAF ] Si3112 C:\WINDOWS\system32\drivers\Si3112.sys
13:40:52.0125 5508 Si3112 - ok
13:40:52.0125 5508 Simbad - ok
13:40:52.0140 5508 Sparrow - ok
13:40:52.0171 5508 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:40:52.0171 5508 splitter - ok
13:40:52.0187 5508 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:40:52.0187 5508 Spooler - ok
13:40:52.0218 5508 [ CA9A2690A2B53662565654B48F7AE68F ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
13:40:52.0218 5508 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: CA9A2690A2B53662565654B48F7AE68F
13:40:52.0218 5508 sptd ( LockedFile.Multi.Generic ) - warning
13:40:52.0218 5508 sptd - detected LockedFile.Multi.Generic (1)
13:40:52.0234 5508 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] Sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:52.0250 5508 Sr - ok
13:40:52.0265 5508 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:40:52.0265 5508 srservice - ok
13:40:52.0296 5508 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:52.0296 5508 Srv - ok
13:40:52.0312 5508 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:40:52.0312 5508 SSDPSRV - ok
13:40:52.0343 5508 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
13:40:52.0343 5508 StillCam - ok
13:40:52.0375 5508 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:40:52.0390 5508 stisvc - ok
13:40:52.0406 5508 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:52.0406 5508 swenum - ok
13:40:52.0421 5508 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:40:52.0421 5508 swmidi - ok
13:40:52.0421 5508 SwPrv - ok
13:40:52.0437 5508 symc810 - ok
13:40:52.0437 5508 symc8xx - ok
13:40:52.0453 5508 sym_hi - ok
13:40:52.0453 5508 sym_u3 - ok
13:40:52.0468 5508 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:52.0468 5508 sysaudio - ok
13:40:52.0484 5508 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:40:52.0484 5508 SysmonLog - ok
13:40:52.0500 5508 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:40:52.0500 5508 TapiSrv - ok
13:40:52.0515 5508 [ 474D3DCCB57DEFCD917311EEC47204B9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:52.0515 5508 Tcpip - ok
13:40:52.0546 5508 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:52.0546 5508 TDPIPE - ok
13:40:52.0546 5508 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:52.0562 5508 TDTCP - ok
13:40:52.0578 5508 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:52.0578 5508 TermDD - ok
13:40:52.0609 5508 [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService C:\WINDOWS\System32\termsrv.dll
13:40:52.0609 5508 TermService - ok
13:40:52.0625 5508 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes C:\WINDOWS\System32\shsvcs.dll
13:40:52.0640 5508 Themes - ok
13:40:52.0640 5508 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:40:52.0656 5508 TlntSvr - ok
13:40:52.0656 5508 TosIde - ok
13:40:52.0671 5508 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:40:52.0671 5508 TrkWks - ok
13:40:52.0687 5508 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:40:52.0687 5508 Udfs - ok
13:40:52.0703 5508 ultra - ok
13:40:52.0718 5508 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
13:40:52.0718 5508 UnlockerDriver5 - ok
13:40:52.0750 5508 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:40:52.0750 5508 Update - ok
13:40:52.0765 5508 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:40:52.0781 5508 upnphost - ok
13:40:52.0781 5508 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:40:52.0796 5508 UPS - ok
13:40:52.0812 5508 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:52.0812 5508 usbccgp - ok
13:40:52.0812 5508 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:52.0812 5508 usbehci - ok
13:40:52.0828 5508 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:52.0828 5508 usbhub - ok
13:40:52.0828 5508 [ C5E11CD822ADF0019A5A862D9C4E2222 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:40:52.0843 5508 usbohci - ok
13:40:52.0843 5508 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:52.0843 5508 usbstor - ok
13:40:52.0875 5508 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:40:52.0875 5508 VgaSave - ok
13:40:52.0875 5508 ViaIde - ok
13:40:52.0890 5508 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:52.0890 5508 VolSnap - ok
13:40:52.0906 5508 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:40:52.0906 5508 VSS - ok
13:40:52.0921 5508 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
13:40:52.0921 5508 W32Time - ok
13:40:52.0937 5508 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:52.0937 5508 Wanarp - ok
13:40:52.0937 5508 WDICA - ok
13:40:52.0953 5508 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:52.0968 5508 wdmaud - ok
13:40:52.0968 5508 [ 703591CD1403BC19E7198CA7B314E132 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:40:52.0968 5508 WebClient - ok
13:40:53.0000 5508 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:40:53.0000 5508 winachsx - ok
13:40:53.0093 5508 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:40:53.0093 5508 winmgmt - ok
13:40:53.0109 5508 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:40:53.0109 5508 WmdmPmSN - ok
13:40:53.0140 5508 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINDOWS\System32\advapi32.dll
13:40:53.0140 5508 Wmi - ok
13:40:53.0171 5508 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:40:53.0171 5508 WmiApSrv - ok
13:40:53.0234 5508 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:40:53.0234 5508 WMPNetworkSvc - ok
13:40:53.0265 5508 [ FC1E3B06AE8D160B686C5D04B5E85371 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:40:53.0265 5508 wuauserv - ok
13:40:53.0281 5508 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:40:53.0296 5508 WudfPf - ok
13:40:53.0296 5508 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:40:53.0296 5508 WudfRd - ok
13:40:53.0312 5508 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:40:53.0312 5508 WudfSvc - ok
13:40:53.0328 5508 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:40:53.0343 5508 WZCSVC - ok
13:40:53.0343 5508 XDva396 - ok
13:40:53.0359 5508 XDva399 - ok
13:40:53.0359 5508 XDva400 - ok
13:40:53.0375 5508 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:40:53.0375 5508 xmlprov - ok
13:40:53.0375 5508 ================ Scan global ===============================
13:40:53.0406 5508 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:40:53.0421 5508 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
13:40:53.0437 5508 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
13:40:53.0437 5508 [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
13:40:53.0453 5508 [Global] - ok
13:40:53.0453 5508 ================ Scan MBR ==================================
13:40:53.0453 5508 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:40:53.0687 5508 \Device\Harddisk0\DR0 - ok
13:40:53.0687 5508 ================ Scan VBR ==================================
13:40:53.0687 5508 [ B0F643DA92250D53B843288446178E76 ] \Device\Harddisk0\DR0\Partition1
13:40:53.0687 5508 \Device\Harddisk0\DR0\Partition1 - ok
13:40:53.0687 5508 ============================================================
13:40:53.0687 5508 Scan finished
13:40:53.0687 5508 ============================================================
13:40:53.0703 4068 Detected object count: 1
13:40:53.0703 4068 Actual detected object count: 1
13:40:55.0796 4068 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:40:55.0796 4068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:40:58.0218 0340 Deinitialize success


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Vicki :: DEEPTHOUGHT [administrator]

12/16/2012 1:41:18 PM
mbam-log-2012-12-16 (13-41-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213272
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Bezy, 16 December 2012 - 03:20 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:32 PM

Posted 16 December 2012 - 05:22 PM

It doesn't look like malware is at cause here .. Reask the first post in XP at the top. Mention we feel its not malware here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bezy

Bezy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 December 2012 - 06:25 PM

Thank you very much for the help!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:32 PM

Posted 16 December 2012 - 07:33 PM

You're welcome~
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users