Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP3-- Three New Network Connections?


  • Please log in to reply
9 replies to this topic

#1 streim

streim

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 12 December 2012 - 04:38 PM

:question: I know this is probably a strange question... but within the past week, there have been 3 new network connections added to my PC by Microsoft. Is that possible??
Also, I have noticed when checking my firewall info, that my system is somehow connected to the strangest networks. Every so often I check my last network connection because of what I think is weird. Just a few moments ago, my system was sending info about my PC to a DNS location and I ran a check on it. It was UK Government Dept. For Work and Pensions. I think someone has hacked me, or hijacked me or whatever you call it.

Someone please help??

Much thanks
Streim

Edited by Orange Blossom, 12 December 2012 - 05:06 PM.
Moved from XP to AII. ~ OB

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


BC AdBot (Login to Remove)

 


#2 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 13 December 2012 - 01:21 PM

This morning my system was redirected in my Network Connections to a DNS that turned out to be Dept. of Defense Network Information Network in Ohio!! HELP PLEASE!!!

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:36 AM

Posted 13 December 2012 - 04:44 PM

Welcome,please do these scans,post the logs and see how things are...

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt).
A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET

      Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 14 December 2012 - 06:24 PM

Thank you...thank you...thank you~!! I've already done the MiniToolBox with the Avast team and the TDSSKiller but using different settings. They are stumped... anyway. I will do as per your instructions, doing the TDSSKiller first and then the ESET Online scan.
I'm writing to you now in safe mode with networking because of all this craziness. Is it safe to continue in normal mode to do use the tools?
Streim

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#5 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 14 December 2012 - 06:32 PM

Here's the results of the TDSSKiller:

17:26:01.0234 0472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:26:01.0859 0472 ============================================================
17:26:01.0859 0472 Current date / time: 2012/12/14 17:26:01.0859
17:26:01.0859 0472 SystemInfo:
17:26:01.0859 0472
17:26:01.0859 0472 OS Version: 5.1.2600 ServicePack: 3.0
17:26:01.0859 0472 Product type: Workstation
17:26:01.0859 0472 ComputerName: HOMESWEETHOME
17:26:01.0859 0472 UserName: Stephanie
17:26:01.0859 0472 Windows directory: C:\WINDOWS
17:26:01.0859 0472 System windows directory: C:\WINDOWS
17:26:01.0859 0472 Processor architecture: Intel x86
17:26:01.0859 0472 Number of processors: 1
17:26:01.0859 0472 Page size: 0x1000
17:26:01.0859 0472 Boot type: Safe boot with network
17:26:01.0859 0472 ============================================================
17:26:02.0859 0472 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:26:02.0859 0472 ============================================================
17:26:02.0859 0472 \Device\Harddisk0\DR0:
17:26:02.0859 0472 MBR partitions:
17:26:02.0859 0472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:26:02.0859 0472 ============================================================
17:26:02.0890 0472 C: <-> \Device\Harddisk0\DR0\Partition1
17:26:02.0890 0472 ============================================================
17:26:02.0890 0472 Initialize success
17:26:02.0890 0472 ============================================================
17:26:20.0843 0800 ============================================================
17:26:20.0843 0800 Scan started
17:26:20.0843 0800 Mode: Manual; TDLFS;
17:26:20.0843 0800 ============================================================
17:26:21.0453 0800 ================ Scan system memory ========================
17:26:21.0453 0800 System memory - ok
17:26:21.0468 0800 ================ Scan services =============================
17:26:21.0718 0800 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:26:21.0718 0800 Aavmker4 - ok
17:26:21.0750 0800 Abiosdsk - ok
17:26:21.0781 0800 abp480n5 - ok
17:26:21.0875 0800 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:26:21.0875 0800 ACPI - ok
17:26:21.0937 0800 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:26:21.0937 0800 ACPIEC - ok
17:26:22.0046 0800 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:22.0046 0800 AdobeFlashPlayerUpdateSvc - ok
17:26:22.0093 0800 adpu160m - ok
17:26:22.0156 0800 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:26:22.0156 0800 aeaudio - ok
17:26:22.0218 0800 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:26:22.0234 0800 aec - ok
17:26:22.0312 0800 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:26:22.0312 0800 AFD - ok
17:26:22.0343 0800 Aha154x - ok
17:26:22.0375 0800 aic78u2 - ok
17:26:22.0421 0800 aic78xx - ok
17:26:22.0500 0800 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:26:22.0500 0800 Alerter - ok
17:26:22.0562 0800 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:26:22.0562 0800 ALG - ok
17:26:22.0609 0800 AliIde - ok
17:26:22.0671 0800 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:26:22.0671 0800 AmdK7 - ok
17:26:22.0703 0800 amsint - ok
17:26:22.0734 0800 AppMgmt - ok
17:26:22.0781 0800 asc - ok
17:26:22.0828 0800 asc3350p - ok
17:26:22.0859 0800 asc3550 - ok
17:26:23.0046 0800 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:26:23.0046 0800 aspnet_state - ok
17:26:23.0109 0800 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:26:23.0125 0800 aswFsBlk - ok
17:26:23.0156 0800 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
17:26:23.0171 0800 aswFW - ok
17:26:23.0234 0800 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
17:26:23.0234 0800 aswKbd - ok
17:26:23.0281 0800 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:26:23.0281 0800 aswMon2 - ok
17:26:23.0328 0800 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
17:26:23.0328 0800 aswNdis - ok
17:26:23.0390 0800 [ DCF8B68A3A6217F87CA7FA95F535B47E ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
17:26:23.0390 0800 aswNdis2 - ok
17:26:23.0437 0800 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:26:23.0437 0800 AswRdr - ok
17:26:23.0500 0800 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:26:23.0515 0800 aswSnx - ok
17:26:23.0578 0800 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:26:23.0593 0800 aswSP - ok
17:26:23.0640 0800 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:26:23.0640 0800 aswTdi - ok
17:26:23.0703 0800 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:26:23.0703 0800 AsyncMac - ok
17:26:23.0750 0800 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:26:23.0765 0800 atapi - ok
17:26:23.0796 0800 Atdisk - ok
17:26:23.0875 0800 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:26:23.0875 0800 Ati HotKey Poller - ok
17:26:23.0968 0800 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:26:23.0968 0800 ATI Smart - ok
17:26:24.0046 0800 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:26:24.0062 0800 ati2mtag - ok
17:26:24.0140 0800 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:26:24.0140 0800 Atmarpc - ok
17:26:24.0203 0800 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:26:24.0218 0800 AudioSrv - ok
17:26:24.0281 0800 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:26:24.0281 0800 audstub - ok
17:26:24.0406 0800 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:26:24.0406 0800 avast! Antivirus - ok
17:26:24.0484 0800 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:26:24.0484 0800 avast! Firewall - ok
17:26:24.0562 0800 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:26:24.0562 0800 Beep - ok
17:26:24.0640 0800 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:26:24.0656 0800 BITS - ok
17:26:24.0734 0800 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:26:24.0734 0800 Browser - ok
17:26:24.0796 0800 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:26:24.0796 0800 cbidf2k - ok
17:26:24.0828 0800 cd20xrnt - ok
17:26:24.0875 0800 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:26:24.0875 0800 Cdaudio - ok
17:26:24.0921 0800 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:26:24.0921 0800 Cdfs - ok
17:26:24.0968 0800 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:26:24.0968 0800 Cdrom - ok
17:26:25.0000 0800 Changer - ok
17:26:25.0062 0800 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:26:25.0078 0800 CiSvc - ok
17:26:25.0109 0800 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:26:25.0109 0800 ClipSrv - ok
17:26:25.0171 0800 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:25.0171 0800 clr_optimization_v2.0.50727_32 - ok
17:26:25.0265 0800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:25.0265 0800 clr_optimization_v4.0.30319_32 - ok
17:26:25.0312 0800 CmdIde - ok
17:26:25.0359 0800 COMSysApp - ok
17:26:25.0437 0800 Cpqarray - ok
17:26:25.0468 0800 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:26:25.0468 0800 CryptSvc - ok
17:26:25.0515 0800 dac2w2k - ok
17:26:25.0546 0800 dac960nt - ok
17:26:25.0625 0800 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:26:25.0625 0800 DcomLaunch - ok
17:26:25.0671 0800 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:26:25.0687 0800 Dhcp - ok
17:26:25.0718 0800 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:26:25.0718 0800 Disk - ok
17:26:25.0750 0800 dmadmin - ok
17:26:25.0828 0800 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:26:25.0828 0800 dmboot - ok
17:26:25.0906 0800 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:26:25.0921 0800 dmio - ok
17:26:25.0968 0800 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:26:25.0968 0800 dmload - ok
17:26:26.0031 0800 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:26:26.0031 0800 dmserver - ok
17:26:26.0093 0800 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:26:26.0109 0800 DMusic - ok
17:26:26.0156 0800 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:26:26.0156 0800 Dnscache - ok
17:26:26.0218 0800 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:26:26.0218 0800 Dot3svc - ok
17:26:26.0250 0800 dpti2o - ok
17:26:26.0296 0800 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:26:26.0296 0800 drmkaud - ok
17:26:26.0359 0800 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:26:26.0359 0800 EapHost - ok
17:26:26.0421 0800 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:26:26.0421 0800 ERSvc - ok
17:26:26.0484 0800 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:26:26.0500 0800 Eventlog - ok
17:26:26.0546 0800 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:26:26.0562 0800 EventSystem - ok
17:26:26.0625 0800 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:26:26.0625 0800 Fastfat - ok
17:26:26.0703 0800 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:26:26.0718 0800 FastUserSwitchingCompatibility - ok
17:26:26.0765 0800 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:26:26.0765 0800 Fdc - ok
17:26:26.0812 0800 [ CFC4CC73C903152A23E1DB28EABA1F03 ] FETND5BV C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:26:26.0812 0800 FETND5BV - ok
17:26:26.0859 0800 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:26:26.0859 0800 FETNDIS - ok
17:26:26.0921 0800 [ A306E75D699DA98D0F9286B4E268661D ] FETNDISB C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
17:26:26.0921 0800 FETNDISB - ok
17:26:26.0984 0800 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:26:26.0984 0800 Fips - ok
17:26:27.0031 0800 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:26:27.0031 0800 Flpydisk - ok
17:26:27.0093 0800 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:26:27.0093 0800 FltMgr - ok
17:26:27.0187 0800 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:26:27.0203 0800 FontCache3.0.0.0 - ok
17:26:27.0250 0800 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:26:27.0250 0800 Fs_Rec - ok
17:26:27.0296 0800 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:26:27.0296 0800 Ftdisk - ok
17:26:27.0343 0800 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:26:27.0343 0800 gameenum - ok
17:26:27.0390 0800 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:26:27.0390 0800 Gpc - ok
17:26:27.0468 0800 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:26:27.0468 0800 gupdate - ok
17:26:27.0500 0800 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:26:27.0515 0800 gupdatem - ok
17:26:27.0562 0800 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:27.0578 0800 gusvc - ok
17:26:27.0671 0800 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:26:27.0671 0800 helpsvc - ok
17:26:27.0703 0800 HidServ - ok
17:26:27.0765 0800 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:26:27.0765 0800 hkmsvc - ok
17:26:27.0796 0800 hpn - ok
17:26:27.0953 0800 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:26:27.0953 0800 hpqcxs08 - ok
17:26:28.0015 0800 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:26:28.0031 0800 hpqddsvc - ok
17:26:28.0093 0800 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:26:28.0093 0800 HPZid412 - ok
17:26:28.0156 0800 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:26:28.0156 0800 HPZipr12 - ok
17:26:28.0187 0800 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:26:28.0187 0800 HPZius12 - ok
17:26:28.0265 0800 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:26:28.0265 0800 HTTP - ok
17:26:28.0328 0800 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:26:28.0328 0800 HTTPFilter - ok
17:26:28.0359 0800 i2omgmt - ok
17:26:28.0406 0800 i2omp - ok
17:26:28.0468 0800 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:26:28.0468 0800 i8042prt - ok
17:26:28.0578 0800 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:26:28.0578 0800 idsvc - ok
17:26:28.0625 0800 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:26:28.0625 0800 Imapi - ok
17:26:28.0718 0800 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:26:28.0718 0800 ImapiService - ok
17:26:28.0765 0800 ini910u - ok
17:26:28.0828 0800 IntelIde - ok
17:26:28.0875 0800 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:26:28.0875 0800 Ip6Fw - ok
17:26:28.0937 0800 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:26:28.0937 0800 IpFilterDriver - ok
17:26:29.0000 0800 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:26:29.0000 0800 IpInIp - ok
17:26:29.0046 0800 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:26:29.0046 0800 IpNat - ok
17:26:29.0093 0800 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:26:29.0093 0800 IPSec - ok
17:26:29.0156 0800 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:26:29.0156 0800 IRENUM - ok
17:26:29.0218 0800 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:26:29.0234 0800 isapnp - ok
17:26:29.0375 0800 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:26:29.0375 0800 JavaQuickStarterService - ok
17:26:29.0421 0800 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:26:29.0421 0800 Kbdclass - ok
17:26:29.0468 0800 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:26:29.0484 0800 kmixer - ok
17:26:29.0546 0800 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:26:29.0546 0800 KSecDD - ok
17:26:29.0609 0800 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:26:29.0609 0800 lanmanserver - ok
17:26:29.0671 0800 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:26:29.0687 0800 lanmanworkstation - ok
17:26:29.0718 0800 lbrtfdc - ok
17:26:29.0812 0800 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:26:29.0812 0800 LmHosts - ok
17:26:29.0859 0800 [ A2AE666CEE860BABE7FA6F1662B71737 ] MASPINT C:\WINDOWS\system32\drivers\MASPINT.sys
17:26:29.0859 0800 MASPINT - ok
17:26:29.0906 0800 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:26:29.0906 0800 Messenger - ok
17:26:29.0968 0800 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:26:29.0968 0800 mnmdd - ok
17:26:30.0031 0800 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:26:30.0031 0800 mnmsrvc - ok
17:26:30.0109 0800 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:26:30.0109 0800 Modem - ok
17:26:30.0156 0800 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:26:30.0156 0800 Mouclass - ok
17:26:30.0203 0800 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:26:30.0203 0800 MountMgr - ok
17:26:30.0265 0800 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:26:30.0265 0800 MozillaMaintenance - ok
17:26:30.0296 0800 mraid35x - ok
17:26:30.0359 0800 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:26:30.0359 0800 MRxDAV - ok
17:26:30.0453 0800 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:26:30.0453 0800 MRxSmb - ok
17:26:30.0484 0800 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:26:30.0484 0800 MSDTC - ok
17:26:30.0578 0800 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:26:30.0578 0800 Msfs - ok
17:26:30.0609 0800 MSIServer - ok
17:26:30.0671 0800 [ 85736F804191CB420A31ACA2A7F0674F ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:26:30.0671 0800 MSKSSRV - ok
17:26:30.0718 0800 [ E943ADB93D83C5CBC0CA3F53F53B48CC ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:26:30.0718 0800 MSPCLOCK - ok
17:26:30.0765 0800 [ F6A726B8832DB1F88326B8BE98B11981 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:26:30.0765 0800 MSPQM - ok
17:26:30.0828 0800 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:26:30.0828 0800 mssmbios - ok
17:26:30.0875 0800 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:26:30.0890 0800 Mup - ok
17:26:30.0953 0800 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:26:30.0968 0800 napagent - ok
17:26:31.0015 0800 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:26:31.0015 0800 NDIS - ok
17:26:31.0078 0800 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:26:31.0078 0800 NdisTapi - ok
17:26:31.0140 0800 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:26:31.0140 0800 Ndisuio - ok
17:26:31.0203 0800 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:26:31.0203 0800 NdisWan - ok
17:26:31.0250 0800 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:26:31.0250 0800 NDProxy - ok
17:26:31.0312 0800 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:26:31.0312 0800 Net Driver HPZ12 - ok
17:26:31.0359 0800 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:26:31.0359 0800 NetBIOS - ok
17:26:31.0406 0800 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:26:31.0406 0800 NetBT - ok
17:26:31.0484 0800 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:26:31.0484 0800 NetDDE - ok
17:26:31.0515 0800 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:26:31.0531 0800 NetDDEdsdm - ok
17:26:31.0578 0800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:26:31.0578 0800 Netlogon - ok
17:26:31.0625 0800 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:26:31.0625 0800 Netman - ok
17:26:31.0687 0800 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:31.0687 0800 NetTcpPortSharing - ok
17:26:31.0765 0800 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:26:31.0765 0800 Nla - ok
17:26:31.0812 0800 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:26:31.0812 0800 Npfs - ok
17:26:31.0875 0800 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:26:31.0875 0800 Ntfs - ok
17:26:31.0921 0800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:26:31.0921 0800 NtLmSsp - ok
17:26:31.0984 0800 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:26:31.0984 0800 NtmsSvc - ok
17:26:32.0046 0800 [ A568B9A9FFE2D9387222A5C90F86D731 ] NTSIM C:\WINDOWS\system32\ntsim.sys
17:26:32.0046 0800 NTSIM - ok
17:26:32.0093 0800 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:26:32.0093 0800 Null - ok
17:26:32.0171 0800 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:26:32.0171 0800 NwlnkFlt - ok
17:26:32.0218 0800 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:26:32.0218 0800 NwlnkFwd - ok
17:26:32.0281 0800 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:26:32.0281 0800 Parport - ok
17:26:32.0328 0800 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:26:32.0328 0800 PartMgr - ok
17:26:32.0390 0800 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:26:32.0390 0800 ParVdm - ok
17:26:32.0437 0800 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:26:32.0437 0800 PCI - ok
17:26:32.0484 0800 PCIDump - ok
17:26:32.0515 0800 PCIIde - ok
17:26:32.0578 0800 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:26:32.0578 0800 Pcmcia - ok
17:26:32.0609 0800 PDCOMP - ok
17:26:32.0656 0800 PDFRAME - ok
17:26:32.0703 0800 PDRELI - ok
17:26:32.0734 0800 PDRFRAME - ok
17:26:32.0765 0800 perc2 - ok
17:26:32.0812 0800 perc2hib - ok
17:26:32.0937 0800 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:26:32.0937 0800 PlugPlay - ok
17:26:33.0015 0800 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:26:33.0015 0800 Pml Driver HPZ12 - ok
17:26:33.0062 0800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:26:33.0062 0800 PolicyAgent - ok
17:26:33.0109 0800 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:26:33.0109 0800 PptpMiniport - ok
17:26:33.0140 0800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:26:33.0140 0800 ProtectedStorage - ok
17:26:33.0203 0800 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:26:33.0203 0800 PSched - ok
17:26:33.0234 0800 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:26:33.0234 0800 Ptilink - ok
17:26:33.0281 0800 ql1080 - ok
17:26:33.0312 0800 Ql10wnt - ok
17:26:33.0343 0800 ql12160 - ok
17:26:33.0390 0800 ql1240 - ok
17:26:33.0421 0800 ql1280 - ok
17:26:33.0468 0800 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:26:33.0468 0800 RasAcd - ok
17:26:33.0531 0800 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:26:33.0531 0800 RasAuto - ok
17:26:33.0578 0800 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:26:33.0578 0800 Rasl2tp - ok
17:26:33.0671 0800 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:26:33.0671 0800 RasMan - ok
17:26:33.0703 0800 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:26:33.0703 0800 RasPppoe - ok
17:26:33.0765 0800 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:26:33.0765 0800 Raspti - ok
17:26:33.0812 0800 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:26:33.0828 0800 Rdbss - ok
17:26:33.0859 0800 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:26:33.0859 0800 RDPCDD - ok
17:26:33.0968 0800 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:26:33.0968 0800 RDPWD - ok
17:26:34.0031 0800 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:26:34.0031 0800 RDSessMgr - ok
17:26:34.0078 0800 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:26:34.0078 0800 redbook - ok
17:26:34.0140 0800 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:26:34.0140 0800 RemoteAccess - ok
17:26:34.0171 0800 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:26:34.0187 0800 RpcLocator - ok
17:26:34.0234 0800 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:26:34.0250 0800 RpcSs - ok
17:26:34.0328 0800 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:26:34.0328 0800 RSVP - ok
17:26:34.0390 0800 [ 691DB86B09E13CA5D3E8881141738CC5 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\wg111v2.sys
17:26:34.0390 0800 RTLWUSB - ok
17:26:34.0453 0800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:26:34.0453 0800 SamSs - ok
17:26:34.0531 0800 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:26:34.0531 0800 SCardSvr - ok
17:26:34.0625 0800 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:26:34.0625 0800 Schedule - ok
17:26:34.0687 0800 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:26:34.0687 0800 Secdrv - ok
17:26:34.0750 0800 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:26:34.0750 0800 seclogon - ok
17:26:34.0796 0800 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:26:34.0796 0800 SENS - ok
17:26:34.0875 0800 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:26:34.0875 0800 serenum - ok
17:26:34.0906 0800 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:26:34.0906 0800 Serial - ok
17:26:35.0046 0800 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:26:35.0046 0800 Sfloppy - ok
17:26:35.0125 0800 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:26:35.0140 0800 SharedAccess - ok
17:26:35.0187 0800 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:26:35.0187 0800 ShellHWDetection - ok
17:26:35.0218 0800 Simbad - ok
17:26:35.0343 0800 [ 1D381A07361E4D6A8BE95026B3EBA47A ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:26:35.0343 0800 smwdm - ok
17:26:35.0406 0800 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
17:26:35.0406 0800 SoundMAX Agent Service (default) - ok
17:26:35.0453 0800 Sparrow - ok
17:26:35.0484 0800 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:26:35.0484 0800 splitter - ok
17:26:35.0562 0800 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:26:35.0562 0800 Spooler - ok
17:26:35.0609 0800 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:26:35.0625 0800 sr - ok
17:26:35.0687 0800 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:26:35.0687 0800 srservice - ok
17:26:35.0765 0800 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:26:35.0765 0800 Srv - ok
17:26:35.0828 0800 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:26:35.0828 0800 SSDPSRV - ok
17:26:35.0906 0800 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:26:35.0906 0800 stisvc - ok
17:26:35.0968 0800 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:26:35.0984 0800 swenum - ok
17:26:36.0015 0800 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:26:36.0015 0800 swmidi - ok
17:26:36.0046 0800 SwPrv - ok
17:26:36.0109 0800 symc810 - ok
17:26:36.0140 0800 symc8xx - ok
17:26:36.0171 0800 sym_hi - ok
17:26:36.0218 0800 sym_u3 - ok
17:26:36.0265 0800 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:26:36.0265 0800 sysaudio - ok
17:26:36.0312 0800 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:26:36.0328 0800 SysmonLog - ok
17:26:36.0375 0800 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:26:36.0375 0800 TapiSrv - ok
17:26:36.0453 0800 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:26:36.0468 0800 Tcpip - ok
17:26:36.0531 0800 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:26:36.0531 0800 TDPIPE - ok
17:26:36.0578 0800 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:26:36.0578 0800 TDTCP - ok
17:26:36.0609 0800 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:26:36.0625 0800 TermDD - ok
17:26:36.0687 0800 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:26:36.0687 0800 TermService - ok
17:26:36.0734 0800 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:26:36.0734 0800 Themes - ok
17:26:36.0796 0800 TosIde - ok
17:26:36.0843 0800 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:26:36.0843 0800 TrkWks - ok
17:26:36.0906 0800 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:26:36.0906 0800 uagp35 - ok
17:26:36.0953 0800 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:26:36.0968 0800 Udfs - ok
17:26:37.0000 0800 ultra - ok
17:26:37.0062 0800 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:26:37.0062 0800 Update - ok
17:26:37.0140 0800 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:26:37.0156 0800 upnphost - ok
17:26:37.0203 0800 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:26:37.0203 0800 UPS - ok
17:26:37.0265 0800 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:26:37.0265 0800 usbccgp - ok
17:26:37.0312 0800 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:26:37.0328 0800 usbehci - ok
17:26:37.0359 0800 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:26:37.0359 0800 usbhub - ok
17:26:37.0437 0800 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:26:37.0437 0800 usbprint - ok
17:26:37.0500 0800 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:26:37.0500 0800 usbscan - ok
17:26:37.0562 0800 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:26:37.0578 0800 USBSTOR - ok
17:26:37.0625 0800 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:26:37.0625 0800 usbuhci - ok
17:26:37.0687 0800 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS_XP C:\WINDOWS\system32\DRIVERS\usb8023.sys
17:26:37.0687 0800 USB_RNDIS_XP - ok
17:26:37.0734 0800 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:26:37.0734 0800 VgaSave - ok
17:26:37.0796 0800 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
17:26:37.0796 0800 viaagp1 - ok
17:26:37.0843 0800 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:26:37.0843 0800 ViaIde - ok
17:26:37.0890 0800 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:26:37.0890 0800 VolSnap - ok
17:26:37.0968 0800 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:26:37.0984 0800 VSS - ok
17:26:38.0031 0800 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:26:38.0031 0800 W32Time - ok
17:26:38.0093 0800 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:26:38.0093 0800 Wanarp - ok
17:26:38.0140 0800 WDICA - ok
17:26:38.0171 0800 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:26:38.0187 0800 wdmaud - ok
17:26:38.0234 0800 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:26:38.0234 0800 WebClient - ok
17:26:38.0375 0800 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:26:38.0375 0800 winmgmt - ok
17:26:38.0500 0800 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:26:38.0500 0800 WmdmPmSN - ok
17:26:38.0578 0800 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:26:38.0578 0800 WmiApSrv - ok
17:26:38.0703 0800 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:26:38.0703 0800 WMPNetworkSvc - ok
17:26:38.0828 0800 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:38.0843 0800 WPFFontCache_v0400 - ok
17:26:38.0906 0800 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:26:38.0906 0800 WS2IFSL - ok
17:26:38.0968 0800 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:26:38.0968 0800 wscsvc - ok
17:26:39.0031 0800 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:26:39.0031 0800 wuauserv - ok
17:26:39.0093 0800 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:26:39.0093 0800 WudfPf - ok
17:26:39.0156 0800 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:26:39.0156 0800 WudfRd - ok
17:26:39.0203 0800 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:26:39.0203 0800 WudfSvc - ok
17:26:39.0296 0800 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:26:39.0296 0800 WZCSVC - ok
17:26:39.0359 0800 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:26:39.0359 0800 xmlprov - ok
17:26:39.0437 0800 ================ Scan global ===============================
17:26:39.0484 0800 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:26:39.0578 0800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:26:39.0609 0800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:26:39.0640 0800 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:26:39.0640 0800 [Global] - ok
17:26:39.0656 0800 ================ Scan MBR ==================================
17:26:39.0687 0800 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:26:39.0906 0800 \Device\Harddisk0\DR0 - ok
17:26:39.0921 0800 ================ Scan VBR ==================================
17:26:39.0937 0800 [ D929D75D7A0B7C57D60A9FCD9C617CFA ] \Device\Harddisk0\DR0\Partition1
17:26:39.0953 0800 \Device\Harddisk0\DR0\Partition1 - ok
17:26:39.0968 0800 ============================================================
17:26:39.0968 0800 Scan finished
17:26:39.0968 0800 ============================================================
17:26:40.0015 0796 Detected object count: 0
17:26:40.0015 0796 Actual detected object count: 0

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#6 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 14 December 2012 - 07:34 PM

I downloaded and ran ESET as you suggested. It found "no threats".

I know you didn't ask for this but I am sending it along anyway. It does say there is something infected:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-13 13:58:41
-----------------------------
13:58:41.000 OS Version: Windows 5.1.2600 Service Pack 3
13:58:41.000 Number of processors: 1 586 0xA00
13:58:41.000 ComputerName: HOMESWEETHOME UserName: Stephanie
13:58:41.921 Initialize success
13:58:42.078 AVAST engine defs: 12121301
13:58:51.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:58:51.156 Disk 0 Vendor: ST380013A 3.06 Size: 76319MB BusType: 3
13:58:51.171 Disk 0 MBR read successfully
13:58:51.171 Disk 0 MBR scan
13:58:51.171 Disk 0 Windows XP default MBR code
13:58:51.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
13:58:51.171 Disk 0 scanning sectors +156280320
13:58:51.234 Disk 0 scanning C:\WINDOWS\system32\drivers
13:59:00.218 Service scanning
13:59:11.218 Modules scanning
13:59:15.984 Disk 0 trace - called modules:
13:59:16.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
13:59:16.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a84aab8]
13:59:16.500 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a882eb0]
13:59:16.500 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7fb940]
13:59:16.828 AVAST engine scan C:\WINDOWS
13:59:19.484 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
13:59:21.156 AVAST engine scan C:\WINDOWS\system32
14:02:00.640 AVAST engine scan C:\WINDOWS\system32\drivers
14:02:15.390 AVAST engine scan C:\Documents and Settings\Stephanie
14:04:40.062 AVAST engine scan C:\Documents and Settings\All Users
14:05:16.359 Scan finished successfully
14:05:48.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stephanie\Desktop\MBR.dat"
14:05:48.921 The log file has been saved successfully to "C:\Documents and Settings\Stephanie\Desktop\aswMBR.txt"

Edited by streim, 14 December 2012 - 07:37 PM.

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:36 AM

Posted 14 December 2012 - 10:17 PM

Hello.,,, Was there a choice to click a FIX or FIXMBR buttun>?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 14 December 2012 - 11:56 PM

Hello.,,, Was there a choice to click a FIX or FIXMBR buttun>?



No sir there was not. I expected the Avast guy to say something but he didn't.

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#9 streim

streim
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Just passing through...
  • Local time:08:36 AM

Posted 15 December 2012 - 01:24 PM


Hello.,,, Was there a choice to click a FIX or FIXMBR buttun>?



No sir there was not. I expected the Avast guy to say something but he didn't.



I ran mswMBR again and yes there is a fix it button... however when I click on it, a get a windows warning that "this will change the partitions on my system and am I sure I want to proceed?"
Now, this is much deeper than any other issue I've ever faced, and I surely don't want to "kill" my system, so I am asking you this question... If I proceed with the fix it, what, if anything should I do further to finish cleaning or resetting?

Thanks in advance.
Streim

In the world we live in "Apathy is the acceptance of the unacceptable"

 

 

 

 

 

 


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:36 AM

Posted 16 December 2012 - 11:32 AM

Sorry was ill, please run the Fix and rerun aswMBR..then we see what is next.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users