Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe processes gone wild!


  • Please log in to reply
9 replies to this topic

#1 Krisjo

Krisjo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 January 2013 - 04:41 PM

Hi folks, not how I wanted to spend NY Day, but here I am. Appreciate any help with this!

The current issue is an XP SP3 system which is infected and spawing iexplore.exe processes. I recently installed McAfee software which may not have anything to do with all this. It didn't catch any of what happened over the last couple of days, so I'm not sure whether to get rid of it.

I previously had an XP Defender issue and got help through the site by downloading and running several scan and fix utilities following instructions. The infection seems to be not active although I still have XP Defender on my start menu and don't want to mess with it yet and reinstall it by mistake. Also, I can't access the Windows Firewall through the control panel, related?

But after that appeared to be neutralized, I see iexplore.exe processes running in the Task Manager when I'm not running IE 8. The browser windows are visible on shut down when the OS asks whether to end the program. I also see failed browser items show up in the Task Manager: Applications tab when I'm not connected to the internet.

I've tried to understand and follow instructions found by searching how to stop iexplore.exe but am getting nowhere.

I'll gladly accept advice and go through the process you recommend to fix the iexplore issue and dislodge any other stuff that may be lurking. A thorough sweep might make sense.

If you need more details, let me know.

Thanks, and Happy New Year,

Krisjo

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:54 PM

Posted 01 January 2013 - 06:03 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Krisjo

Krisjo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 January 2013 - 10:53 PM

Okay, I'm on it, will report back.

Thanks for jumping in to help!

Why do I feel that by digging into to security program logs I'm entering a subterranean world we all know exists yet choose to ignore unless we need to visit?!

I'm up for it, just sayin'

Krisjo

#4 Krisjo

Krisjo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 02 January 2013 - 09:03 PM

Here we go...

--Log results, in order of programs run from instructions in post--

> Security Check <

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 12
Java version out of Date!
Adobe Flash Player 11.5.502.135
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

------------------------
---end Security Check---
------------------------

> Farbar <

Farbar Service Scanner Version: 23-12-2012
Ran by Kris (administrator) on 02-01-2013 at 17:01:15
Running from "C:\Documents and Settings\Kris\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

------------------------
---end Farbar---
------------------------

> MiniToolBox <

MiniToolBox by Farbar Version: 25-11-2012
Ran by Kris (administrator) on 02-01-2013 at 17:03:03
Running from "C:\Documents and Settings\Kris\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
3Com Gigabit LOM (3C940) = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kris-a84504de1f

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : vc.shawcable.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : vc.shawcable.net

Description . . . . . . . . . . . : 3Com Gigabit LOM (3C940)

Physical Address. . . . . . . . . : 00-0C-6E-67-65-7B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.59.144.90

64.59.150.136

Lease Obtained. . . . . . . . . . : Wednesday, January 02, 2013 4:59:24 PM

Lease Expires . . . . . . . . . . : Thursday, January 03, 2013 4:59:24 PM

Server: pd2nsc1.st.vc.shawcable.net
Address: 64.59.144.90

Name: google.com
Addresses: 173.194.33.46, 173.194.33.36, 173.194.33.33, 173.194.33.35
173.194.33.34, 173.194.33.38, 173.194.33.37, 173.194.33.39, 173.194.33.32
173.194.33.40, 173.194.33.41



Pinging google.com [173.194.33.46] with 32 bytes of data:



Reply from 173.194.33.46: bytes=32 time=13ms TTL=55

Reply from 173.194.33.46: bytes=32 time=13ms TTL=55



Ping statistics for 173.194.33.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 13ms, Average = 13ms

Server: pd2nsc1.st.vc.shawcable.net
Address: 64.59.144.90

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=159ms TTL=48

Reply from 98.139.183.24: bytes=32 time=136ms TTL=45



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 136ms, Maximum = 159ms, Average = 147ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 6e 67 65 7b ...... 3Com Gigabit LOM (3C940) - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/31/2012 02:20:16 PM) (Source: Application Hang) (User: )
Description: Fault bucket 736169863.

Error: (12/31/2012 02:20:08 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2012 02:19:33 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: This operation returned because the timeout period expired.

Error: (12/31/2012 10:35:05 AM) (Source: Application Error) (User: )
Description: Fault bucket -1991992307.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/31/2012 10:34:53 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [rundll32.exe!ws!]

Error: (12/30/2012 05:50:26 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved

Error: (12/19/2012 04:46:47 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/19/2012 04:46:46 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/19/2012 04:46:46 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/19/2012 04:46:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (01/02/2013 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/02/2013 05:53:11 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (01/02/2013 05:53:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/02/2013 05:34:06 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/01/2013 08:01:44 PM) (Source: DCOM) (User: KRIS-A84504DE1F)
Description: The server {132DB361-34A1-43A3-9ECC-5BE245730365} did not register with DCOM within the required timeout.

Error: (01/01/2013 08:01:13 PM) (Source: DCOM) (User: KRIS-A84504DE1F)
Description: The server {132DB361-34A1-43A3-9ECC-5BE245730365} did not register with DCOM within the required timeout.

Error: (01/01/2013 06:46:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/01/2013 02:07:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/01/2013 01:00:54 PM) (Source: DCOM) (User: KRIS-A84504DE1F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/01/2013 01:00:54 PM) (Source: DCOM) (User: KRIS-A84504DE1F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Franšais, Deutsch (Version: 9.5.2)
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR (Version: 3.4.0.2710)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.5.23)
Adobe Creative Suite 5 Design Premium (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
AdobeColorCommonSetRGB (Version: 2.0)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Software Update (Version: 2.1.3.127)
Camera Window DS (Version: 5.3.1)
Camera Window DVC (Version: 5.4.4)
Camera Window DVC (Version: 6.0)
Camera Window MC (Version: 6.0)
Canon Camera Access Library (Version: 8.0.0.21)
Canon Camera Support Core Library (Version: 7.3.0.4)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.4)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.0)
Canon Camera Window DSLR 5 for ZoomBrowser EX (Version: 5.3.1)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.0)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.1.0.20)
Canon PhotoRecord (Version: 02.02.03002)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.2)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.16)
Canon ZoomBrowser EX (E) (Version: 5.05.0000)
DAO (Version: 3.5)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Suite (Version: 5.0.1319)
File Renamer - Basic (Version: 5.6.2)
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 23.0.1271.97)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Java™ 6 Update 12 (Version: 6.0.120)
London Drugs Home Edition (Photobooks Cards Calendars and More) (Version: 7.8.4242)
McAfee AntiVirus Plus (Version: 12.1.253)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MovieEdit Task (Version: 2.1.0.20)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Nero 7 Essentials (Version: 7.03.0546)
neroxml (Version: 1.0.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
PDF Settings CS5 (Version: 10.0)
PhotoStitch (Version: 3.1.16)
PowerDVD (Version: 7.0.2414.0)
PowerProducer
Quicken 2011 (Version: 20.1.1.43)
RAW Image Task 2.2 (Version: 2.2)
Safari (Version: 5.34.57.2)
Seagate Manager Installer (Version: 2.01.0014)
Shared C Run-time for x86 (Version: 10.0.0)
SoundMAX
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.7523)
WildBit Viewer (Version: 5.3)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: RAID Controller
Description: RAID Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2046.73 MB
Available physical RAM: 1206.07 MB
Total Pagefile: 3432.74 MB
Available Pagefile: 2648.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.36 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:26.62 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:10.33 GB) NTFS
5 Drive f: (PATRIOT) (Removable) (Total:28.85 GB) (Free:27.05 GB) FAT32
6 Drive g: (CORSAIR) (Removable) (Total:7.45 GB) (Free:0.05 GB) FAT32
7 Drive h: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:34.47 GB) NTFS

========================= Users: ========================================

User accounts for \\KRIS-A84504DE1F

Administrator Guest HelpAssistant
Kris SUPPORT_388945a0 UpdatusUser


**** End of log ****


------------------------
---end MiniToolBox---
------------------------


> MBAM <

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kris :: KRIS-A84504DE1F [administrator]

Protection: Disabled

1/2/2013 5:11:10 PM
mbam-log-2013-01-02 (17-11-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221229
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


------------------------
---end MBAM---
------------------------


> aswMBR <

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-02 17:24:47
-----------------------------
17:24:47.140 OS Version: Windows 5.1.2600 Service Pack 3
17:24:47.140 Number of processors: 2 586 0x209
17:24:47.140 ComputerName: KRIS-A84504DE1F UserName: Kris
17:24:47.875 Initialize success
17:28:48.703 AVAST engine defs: 13010201
17:29:06.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
17:29:06.859 Disk 0 Vendor: WDC_WD3200AAKS-00VYA0 12.01B02 Size: 305245MB BusType: 3
17:29:06.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
17:29:06.859 Disk 1 Vendor: ST3120023AS 3.01 Size: 114473MB BusType: 3
17:29:06.875 Disk 0 MBR read successfully
17:29:06.875 Disk 0 MBR scan
17:29:06.906 Disk 0 Windows XP default MBR code
17:29:06.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
17:29:06.921 Disk 0 scanning sectors +625121280
17:29:06.968 Disk 0 scanning C:\WINDOWS\system32\drivers
17:29:17.593 Service scanning
17:29:39.421 Modules scanning
17:29:44.484 Disk 0 trace - called modules:
17:29:44.500 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
17:29:44.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a889ab8]
17:29:44.500 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a80fb00]
17:29:45.359 AVAST engine scan C:\WINDOWS
17:29:51.000 AVAST engine scan C:\WINDOWS\system32
17:32:41.375 AVAST engine scan C:\WINDOWS\system32\drivers
17:33:01.562 AVAST engine scan C:\Documents and Settings\Kris
17:34:09.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kris\Desktop\logs\MBR.dat"
17:34:09.953 The log file has been saved successfully to "C:\Documents and Settings\Kris\Desktop\logs\aswMBR.txt"

------------------------
---end aswMBR---
------------------------

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:54 PM

Posted 02 January 2013 - 09:45 PM

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 Krisjo

Krisjo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 04 January 2013 - 09:11 PM

Hi Broni, back on the program with the two logs you requested:


--------------------

system-log

--------------------

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_12

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.598000 GHz
Memory total: 2146152448, free: 1273659392

------------ Kernel report ------------
01/04/2013 17:07:27
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
mfehidk.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\EL2K_XP.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\drivers\dmboot.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8977dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xffffffff879d9628
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a60aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff8a607ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a9c8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-10\
Lower Device Object: 0xffffffff8a90e030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a9c9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8a94fb00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.01.04.10
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a9c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a9d2350, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a9c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a94fb00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe132cf70, 0xffffffff8a9c9ab8, 0xffffffff89789ab8
Lower DeviceData: 0xffffffffe1de6250, 0xffffffff8a94fb00, 0xffffffff8a30dca0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D71AD71A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a9c8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a934660, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a9c8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a90e030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe10fa9d0, 0xffffffff8a9c8ab8, 0xffffffff8a7c3ab8
Lower DeviceData: 0xffffffffe3634858, 0xffffffff8a90e030, 0xffffffff89dd27d8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AF9CD27B

Partition information:

Partition 0 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 234436482

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a60aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff893a7c50, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a60aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a607ea0, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe562fd08, 0xffffffff8a60aab8, 0xffffffff87867530
Lower DeviceData: 0xffffffffe3538f40, 0xffffffff8a607ea0, 0xffffffff898f9950
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 104 Numsec = 60532888

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 30992891904 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8977dab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89d54c58, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8977dab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff879d9628, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe5660270, 0xffffffff8977dab8, 0xffffffff87867ab8
Lower DeviceData: 0xffffffffe474d4f0, 0xffffffff879d9628, 0xffffffff8a74d0f0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 80 Numsec = 15663024
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8019509248 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================




--------------------

mbar-log

--------------------

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kris :: KRIS-A84504DE1F [administrator]

1/4/2013 5:48:48 PM
mbar-log-2013-01-04 (17-48-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26435
Time elapsed: 39 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks, Krisjo

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:54 PM

Posted 04 January 2013 - 10:40 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 Krisjo

Krisjo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 05 January 2013 - 08:34 PM

Hi Broni, here is the TDSSK log:


16:37:06.0078 3592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:37:06.0125 3592 ============================================================
16:37:06.0125 3592 Current date / time: 2013/01/05 16:37:06.0125
16:37:06.0125 3592 SystemInfo:
16:37:06.0125 3592
16:37:06.0125 3592 OS Version: 5.1.2600 ServicePack: 3.0
16:37:06.0125 3592 Product type: Workstation
16:37:06.0125 3592 ComputerName: KRIS-A84504DE1F
16:37:06.0125 3592 UserName: Kris
16:37:06.0125 3592 Windows directory: C:\WINDOWS
16:37:06.0125 3592 System windows directory: C:\WINDOWS
16:37:06.0125 3592 Processor architecture: Intel x86
16:37:06.0125 3592 Number of processors: 2
16:37:06.0125 3592 Page size: 0x1000
16:37:06.0140 3592 Boot type: Normal boot
16:37:06.0140 3592 ============================================================
16:37:07.0390 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:37:07.0406 3592 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:37:07.0406 3592 Drive \Device\Harddisk2\DR4 - Size: 0x737520000 (28.86 Gb), SectorSize: 0x200, Cylinders: 0xEB8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:37:07.0421 3592 Drive \Device\Harddisk3\DR6 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:37:07.0421 3592 ============================================================
16:37:07.0421 3592 \Device\Harddisk0\DR0:
16:37:07.0421 3592 MBR partitions:
16:37:07.0421 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:37:07.0421 3592 \Device\Harddisk1\DR1:
16:37:07.0421 3592 MBR partitions:
16:37:07.0421 3592 \Device\Harddisk2\DR4:
16:37:07.0421 3592 MBR partitions:
16:37:07.0421 3592 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x68, BlocksNum 0x39BA898
16:37:07.0421 3592 \Device\Harddisk3\DR6:
16:37:07.0421 3592 MBR partitions:
16:37:07.0421 3592 \Device\Harddisk3\DR6\Partition1: MBR, Type 0xC, StartLBA 0x50, BlocksNum 0xEEFFB0
16:37:07.0421 3592 ============================================================
16:37:07.0453 3592 C: <-> \Device\Harddisk0\DR0\Partition1
16:37:07.0453 3592 ============================================================
16:37:07.0453 3592 Initialize success
16:37:07.0453 3592 ============================================================
16:37:20.0593 2728 ============================================================
16:37:20.0593 2728 Scan started
16:37:20.0593 2728 Mode: Manual;
16:37:20.0593 2728 ============================================================
16:37:20.0843 2728 ================ Scan system memory ========================
16:37:20.0843 2728 System memory - ok
16:37:20.0859 2728 ================ Scan services =============================
16:37:22.0109 2728 Abiosdsk - ok
16:37:22.0125 2728 abp480n5 - ok
16:37:22.0171 2728 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:37:22.0171 2728 ACPI - ok
16:37:22.0203 2728 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:37:22.0203 2728 ACPIEC - ok
16:37:22.0250 2728 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:37:22.0250 2728 AdobeFlashPlayerUpdateSvc - ok
16:37:22.0265 2728 adpu160m - ok
16:37:22.0296 2728 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:37:22.0296 2728 aeaudio - ok
16:37:22.0328 2728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:37:22.0328 2728 aec - ok
16:37:22.0375 2728 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:37:22.0375 2728 AFD - ok
16:37:22.0406 2728 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:37:22.0421 2728 agp440 - ok
16:37:22.0421 2728 Aha154x - ok
16:37:22.0437 2728 aic78u2 - ok
16:37:22.0437 2728 aic78xx - ok
16:37:22.0484 2728 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:37:22.0484 2728 Alerter - ok
16:37:22.0500 2728 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:37:22.0500 2728 ALG - ok
16:37:22.0500 2728 AliIde - ok
16:37:22.0515 2728 amsint - ok
16:37:22.0546 2728 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:37:22.0562 2728 AppMgmt - ok
16:37:22.0609 2728 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:37:22.0609 2728 Arp1394 - ok
16:37:22.0625 2728 asc - ok
16:37:22.0625 2728 asc3350p - ok
16:37:22.0640 2728 asc3550 - ok
16:37:22.0906 2728 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:37:22.0984 2728 aspnet_state - ok
16:37:23.0015 2728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:37:23.0015 2728 AsyncMac - ok
16:37:23.0031 2728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:37:23.0046 2728 atapi - ok
16:37:23.0046 2728 Atdisk - ok
16:37:23.0093 2728 [ DE216801D656910D1880AF7274AC915E ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
16:37:23.0093 2728 ATIAVAIW - ok
16:37:23.0109 2728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:37:23.0109 2728 Atmarpc - ok
16:37:23.0140 2728 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:37:23.0156 2728 AudioSrv - ok
16:37:23.0171 2728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:37:23.0187 2728 audstub - ok
16:37:23.0203 2728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:37:23.0203 2728 Beep - ok
16:37:23.0250 2728 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:37:23.0281 2728 BITS - ok
16:37:23.0296 2728 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:37:23.0296 2728 Browser - ok
16:37:23.0328 2728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:37:23.0328 2728 cbidf2k - ok
16:37:23.0421 2728 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
16:37:23.0421 2728 CCALib8 - ok
16:37:23.0453 2728 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:37:23.0453 2728 CCDECODE - ok
16:37:23.0468 2728 cd20xrnt - ok
16:37:23.0484 2728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:37:23.0484 2728 Cdaudio - ok
16:37:23.0515 2728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:37:23.0515 2728 Cdfs - ok
16:37:23.0531 2728 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:37:23.0531 2728 Cdrom - ok
16:37:23.0562 2728 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
16:37:23.0562 2728 cfwids - ok
16:37:23.0578 2728 Changer - ok
16:37:23.0593 2728 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:37:23.0593 2728 CiSvc - ok
16:37:23.0609 2728 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:37:23.0609 2728 ClipSrv - ok
16:37:23.0671 2728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:23.0734 2728 clr_optimization_v2.0.50727_32 - ok
16:37:23.0750 2728 CmdIde - ok
16:37:23.0750 2728 COMSysApp - ok
16:37:23.0765 2728 Cpqarray - ok
16:37:23.0796 2728 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:37:23.0796 2728 CryptSvc - ok
16:37:23.0796 2728 dac2w2k - ok
16:37:23.0812 2728 dac960nt - ok
16:37:23.0843 2728 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:37:23.0859 2728 DcomLaunch - ok
16:37:23.0875 2728 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:37:23.0875 2728 Dhcp - ok
16:37:23.0890 2728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:37:23.0906 2728 Disk - ok
16:37:23.0906 2728 dmadmin - ok
16:37:23.0953 2728 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:37:23.0968 2728 dmboot - ok
16:37:24.0000 2728 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:37:24.0015 2728 dmio - ok
16:37:24.0046 2728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:37:24.0046 2728 dmload - ok
16:37:24.0062 2728 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:37:24.0062 2728 dmserver - ok
16:37:24.0078 2728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:37:24.0078 2728 DMusic - ok
16:37:24.0109 2728 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:37:24.0109 2728 Dnscache - ok
16:37:24.0156 2728 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:37:24.0156 2728 Dot3svc - ok
16:37:24.0203 2728 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:37:24.0203 2728 Dot4 - ok
16:37:24.0218 2728 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:37:24.0218 2728 Dot4Print - ok
16:37:24.0234 2728 dpti2o - ok
16:37:24.0250 2728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:37:24.0250 2728 drmkaud - ok
16:37:24.0281 2728 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:37:24.0281 2728 EapHost - ok
16:37:24.0296 2728 [ 25FE70646AFE37801AB540B5D3B12CF9 ] EL2000 C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
16:37:24.0312 2728 EL2000 - ok
16:37:24.0328 2728 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:37:24.0328 2728 ERSvc - ok
16:37:24.0359 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:37:24.0359 2728 Eventlog - ok
16:37:24.0390 2728 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:37:24.0390 2728 EventSystem - ok
16:37:24.0421 2728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:37:24.0421 2728 Fastfat - ok
16:37:24.0468 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:37:24.0468 2728 FastUserSwitchingCompatibility - ok
16:37:24.0484 2728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:37:24.0484 2728 Fdc - ok
16:37:24.0500 2728 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:37:24.0500 2728 Fips - ok
16:37:24.0546 2728 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:37:24.0562 2728 FLEXnet Licensing Service - ok
16:37:24.0593 2728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:37:24.0593 2728 Flpydisk - ok
16:37:24.0625 2728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:37:24.0625 2728 FltMgr - ok
16:37:24.0703 2728 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:37:24.0703 2728 FontCache3.0.0.0 - ok
16:37:24.0796 2728 [ E163CF5D8F95C1D766603085E1D01C38 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
16:37:24.0796 2728 FreeAgentGoNext Service - ok
16:37:24.0812 2728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:37:24.0812 2728 Fs_Rec - ok
16:37:24.0828 2728 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:37:24.0828 2728 Ftdisk - ok
16:37:24.0843 2728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:37:24.0843 2728 Gpc - ok
16:37:24.0890 2728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:37:24.0890 2728 gupdate - ok
16:37:24.0906 2728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:37:24.0906 2728 gupdatem - ok
16:37:24.0953 2728 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:37:24.0953 2728 helpsvc - ok
16:37:24.0953 2728 HidServ - ok
16:37:25.0000 2728 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:37:25.0000 2728 hidusb - ok
16:37:25.0031 2728 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:37:25.0031 2728 hkmsvc - ok
16:37:25.0093 2728 [ 31FB9D7453C424D14A6C3927483E5E60 ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
16:37:25.0093 2728 HomeNetSvc - ok
16:37:25.0109 2728 hpn - ok
16:37:25.0140 2728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:37:25.0156 2728 HTTP - ok
16:37:25.0187 2728 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:37:25.0187 2728 HTTPFilter - ok
16:37:25.0187 2728 i2omgmt - ok
16:37:25.0203 2728 i2omp - ok
16:37:25.0234 2728 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:37:25.0234 2728 i8042prt - ok
16:37:25.0343 2728 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:37:25.0375 2728 idsvc - ok
16:37:25.0406 2728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:37:25.0406 2728 Imapi - ok
16:37:25.0437 2728 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:37:25.0437 2728 ImapiService - ok
16:37:25.0453 2728 ini910u - ok
16:37:25.0484 2728 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:37:25.0484 2728 IntelIde - ok
16:37:25.0500 2728 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:37:25.0500 2728 intelppm - ok
16:37:25.0515 2728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:37:25.0531 2728 Ip6Fw - ok
16:37:25.0546 2728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:37:25.0546 2728 IpFilterDriver - ok
16:37:25.0562 2728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:37:25.0562 2728 IpInIp - ok
16:37:25.0578 2728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:37:25.0593 2728 IpNat - ok
16:37:25.0609 2728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:37:25.0609 2728 IPSec - ok
16:37:25.0625 2728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:37:25.0625 2728 IRENUM - ok
16:37:25.0656 2728 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:37:25.0656 2728 isapnp - ok
16:37:25.0750 2728 [ 511AB23A292497F2C527EEE5775B0BFE ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:37:25.0750 2728 JavaQuickStarterService - ok
16:37:25.0765 2728 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:37:25.0765 2728 Kbdclass - ok
16:37:25.0796 2728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:37:25.0796 2728 kmixer - ok
16:37:25.0828 2728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:37:25.0828 2728 KSecDD - ok
16:37:25.0859 2728 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:37:25.0859 2728 lanmanserver - ok
16:37:25.0890 2728 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:37:25.0906 2728 lanmanworkstation - ok
16:37:25.0906 2728 lbrtfdc - ok
16:37:25.0937 2728 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:37:25.0937 2728 LmHosts - ok
16:37:25.0968 2728 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:37:25.0968 2728 MBAMProtector - ok
16:37:26.0000 2728 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:37:26.0015 2728 MBAMScheduler - ok
16:37:26.0046 2728 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:37:26.0046 2728 MBAMService - ok
16:37:26.0078 2728 [ 31FB9D7453C424D14A6C3927483E5E60 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:37:26.0093 2728 McNaiAnn - ok
16:37:26.0203 2728 [ 2D5BA691B249789E70ED787B8C769A53 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
16:37:26.0203 2728 McODS - ok
16:37:26.0218 2728 [ 31FB9D7453C424D14A6C3927483E5E60 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:37:26.0218 2728 mcpltsvc - ok
16:37:26.0218 2728 [ 31FB9D7453C424D14A6C3927483E5E60 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:37:26.0234 2728 McProxy - ok
16:37:26.0250 2728 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:37:26.0250 2728 Messenger - ok
16:37:26.0281 2728 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
16:37:26.0281 2728 mfeapfk - ok
16:37:26.0328 2728 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
16:37:26.0328 2728 mfeavfk - ok
16:37:26.0343 2728 mfeavfk01 - ok
16:37:26.0359 2728 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
16:37:26.0359 2728 mfebopk - ok
16:37:26.0437 2728 [ A687B3EEED3E8B305AC247DEC61EE362 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
16:37:26.0453 2728 mfecore - ok
16:37:26.0500 2728 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:37:26.0500 2728 mfefire - ok
16:37:26.0531 2728 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
16:37:26.0546 2728 mfefirek - ok
16:37:26.0609 2728 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
16:37:26.0625 2728 mfehidk - ok
16:37:26.0656 2728 [ 7401E85D5D4B5B0F6A3098EBEE0639AA ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
16:37:26.0671 2728 mfencbdc - ok
16:37:26.0703 2728 [ 439B06E366643B32D549B939780742BE ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
16:37:26.0703 2728 mfencrk - ok
16:37:26.0718 2728 [ 3474B9391903C0AB2E9987CB4DE943D8 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:37:26.0718 2728 mfendisk - ok
16:37:26.0734 2728 [ 3474B9391903C0AB2E9987CB4DE943D8 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:37:26.0734 2728 mfendiskmp - ok
16:37:26.0750 2728 [ FCFAB391E3736769FE5865F3ACB3DCCB ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
16:37:26.0750 2728 mfetdi2k - ok
16:37:26.0781 2728 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
16:37:26.0796 2728 mfevtp - ok
16:37:27.0031 2728 Microsoft SharePoint Workspace Audit Service - ok
16:37:27.0062 2728 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
16:37:27.0062 2728 MidiSyn - ok
16:37:27.0078 2728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:37:27.0078 2728 mnmdd - ok
16:37:27.0093 2728 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:37:27.0109 2728 mnmsrvc - ok
16:37:27.0125 2728 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:37:27.0125 2728 Modem - ok
16:37:27.0140 2728 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:37:27.0140 2728 Mouclass - ok
16:37:27.0171 2728 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:37:27.0171 2728 mouhid - ok
16:37:27.0187 2728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:37:27.0187 2728 MountMgr - ok
16:37:27.0234 2728 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:37:27.0234 2728 MozillaMaintenance - ok
16:37:27.0296 2728 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
16:37:27.0296 2728 MPE - ok
16:37:27.0296 2728 mraid35x - ok
16:37:27.0328 2728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:37:27.0328 2728 MRxDAV - ok
16:37:27.0390 2728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:37:27.0390 2728 MRxSmb - ok
16:37:27.0437 2728 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:37:27.0437 2728 MSDTC - ok
16:37:27.0453 2728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:37:27.0453 2728 Msfs - ok
16:37:27.0453 2728 MSIServer - ok
16:37:27.0468 2728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:37:27.0468 2728 MSKSSRV - ok
16:37:27.0484 2728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:37:27.0484 2728 MSPCLOCK - ok
16:37:27.0500 2728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:37:27.0500 2728 MSPQM - ok
16:37:27.0515 2728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:37:27.0515 2728 mssmbios - ok
16:37:27.0531 2728 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:37:27.0546 2728 MSTEE - ok
16:37:27.0562 2728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:37:27.0578 2728 Mup - ok
16:37:27.0593 2728 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:37:27.0593 2728 NABTSFEC - ok
16:37:27.0640 2728 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:37:27.0656 2728 napagent - ok
16:37:27.0734 2728 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:37:27.0765 2728 NBService - ok
16:37:27.0781 2728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:37:27.0796 2728 NDIS - ok
16:37:27.0812 2728 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:37:27.0812 2728 NdisIP - ok
16:37:27.0843 2728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:37:27.0843 2728 NdisTapi - ok
16:37:27.0875 2728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:37:27.0875 2728 Ndisuio - ok
16:37:27.0890 2728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:37:27.0890 2728 NdisWan - ok
16:37:27.0906 2728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:37:27.0921 2728 NDProxy - ok
16:37:27.0937 2728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:37:27.0937 2728 NetBIOS - ok
16:37:27.0953 2728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:37:27.0953 2728 NetBT - ok
16:37:27.0984 2728 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:37:27.0984 2728 NetDDE - ok
16:37:28.0000 2728 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:37:28.0000 2728 NetDDEdsdm - ok
16:37:28.0031 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:37:28.0031 2728 Netlogon - ok
16:37:28.0078 2728 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:37:28.0078 2728 Netman - ok
16:37:28.0140 2728 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:37:28.0140 2728 NetTcpPortSharing - ok
16:37:28.0171 2728 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:37:28.0171 2728 NIC1394 - ok
16:37:28.0218 2728 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:37:28.0218 2728 Nla - ok
16:37:28.0312 2728 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:37:28.0312 2728 NMIndexingService - ok
16:37:28.0328 2728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:37:28.0328 2728 Npfs - ok
16:37:28.0375 2728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:37:28.0390 2728 Ntfs - ok
16:37:28.0390 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:37:28.0390 2728 NtLmSsp - ok
16:37:28.0437 2728 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:37:28.0453 2728 NtmsSvc - ok
16:37:28.0468 2728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:37:28.0468 2728 Null - ok
16:37:28.0937 2728 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:37:29.0046 2728 nv - ok
16:37:29.0078 2728 [ 32F7DEC3729B3BAE66EEBCAB7B03B18F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:37:29.0078 2728 NVSvc - ok
16:37:29.0203 2728 [ 2CC4E45B0EB4C48392CEC9C83B5B8E3B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:37:29.0250 2728 nvUpdatusService - ok
16:37:29.0281 2728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:37:29.0281 2728 NwlnkFlt - ok
16:37:29.0296 2728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:37:29.0296 2728 NwlnkFwd - ok
16:37:29.0437 2728 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:37:29.0453 2728 odserv - ok
16:37:29.0468 2728 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:37:29.0468 2728 ohci1394 - ok
16:37:29.0515 2728 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:37:29.0531 2728 ose - ok
16:37:29.0734 2728 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:37:29.0828 2728 osppsvc - ok
16:37:29.0875 2728 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:37:29.0875 2728 Parport - ok
16:37:29.0890 2728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:37:29.0890 2728 PartMgr - ok
16:37:29.0906 2728 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:37:29.0906 2728 ParVdm - ok
16:37:29.0937 2728 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:37:29.0937 2728 PCI - ok
16:37:29.0937 2728 PCIDump - ok
16:37:29.0968 2728 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:37:29.0968 2728 PCIIde - ok
16:37:30.0000 2728 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:37:30.0000 2728 Pcmcia - ok
16:37:30.0015 2728 PDCOMP - ok
16:37:30.0031 2728 PDFRAME - ok
16:37:30.0046 2728 PDRELI - ok
16:37:30.0062 2728 PDRFRAME - ok
16:37:30.0062 2728 perc2 - ok
16:37:30.0078 2728 perc2hib - ok
16:37:30.0125 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:37:30.0140 2728 PlugPlay - ok
16:37:30.0156 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:37:30.0156 2728 PolicyAgent - ok
16:37:30.0187 2728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:37:30.0187 2728 PptpMiniport - ok
16:37:30.0187 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:37:30.0187 2728 ProtectedStorage - ok
16:37:30.0218 2728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:37:30.0218 2728 PSched - ok
16:37:30.0234 2728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:37:30.0250 2728 Ptilink - ok
16:37:30.0250 2728 ql1080 - ok
16:37:30.0265 2728 Ql10wnt - ok
16:37:30.0265 2728 ql12160 - ok
16:37:30.0281 2728 ql1240 - ok
16:37:30.0296 2728 ql1280 - ok
16:37:30.0296 2728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:37:30.0296 2728 RasAcd - ok
16:37:30.0328 2728 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:37:30.0328 2728 RasAuto - ok
16:37:30.0343 2728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:37:30.0359 2728 Rasl2tp - ok
16:37:30.0390 2728 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:37:30.0390 2728 RasMan - ok
16:37:30.0421 2728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:37:30.0421 2728 RasPppoe - ok
16:37:30.0421 2728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:37:30.0421 2728 Raspti - ok
16:37:30.0453 2728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:37:30.0453 2728 Rdbss - ok
16:37:30.0468 2728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:37:30.0468 2728 RDPCDD - ok
16:37:30.0500 2728 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:37:30.0500 2728 rdpdr - ok
16:37:30.0546 2728 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:37:30.0546 2728 RDPWD - ok
16:37:30.0562 2728 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:37:30.0578 2728 RDSessMgr - ok
16:37:30.0593 2728 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:37:30.0593 2728 redbook - ok
16:37:30.0625 2728 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:37:30.0625 2728 RemoteAccess - ok
16:37:30.0640 2728 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:37:30.0656 2728 RemoteRegistry - ok
16:37:30.0718 2728 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:37:30.0718 2728 RichVideo - ok
16:37:30.0734 2728 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:37:30.0750 2728 RpcLocator - ok
16:37:30.0765 2728 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:37:30.0781 2728 RpcSs - ok
16:37:30.0812 2728 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:37:30.0812 2728 RSVP - ok
16:37:30.0828 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:37:30.0828 2728 SamSs - ok
16:37:30.0859 2728 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:37:30.0859 2728 SCardSvr - ok
16:37:30.0875 2728 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:37:30.0890 2728 Schedule - ok
16:37:30.0906 2728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:37:30.0921 2728 Secdrv - ok
16:37:30.0937 2728 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:37:30.0937 2728 seclogon - ok
16:37:30.0953 2728 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:37:30.0953 2728 SENS - ok
16:37:30.0984 2728 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:37:30.0984 2728 serenum - ok
16:37:31.0000 2728 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:37:31.0000 2728 Serial - ok
16:37:31.0046 2728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:37:31.0046 2728 Sfloppy - ok
16:37:31.0078 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:37:31.0093 2728 ShellHWDetection - ok
16:37:31.0093 2728 Simbad - ok
16:37:31.0125 2728 [ 3A4DB551BCBFB9779B67E1982A1A8400 ] SiSV C:\WINDOWS\system32\DRIVERS\SiSV.sys
16:37:31.0125 2728 SiSV - ok
16:37:31.0140 2728 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:37:31.0156 2728 SLIP - ok
16:37:31.0203 2728 [ 7D9B50329AF9FD94B0529282530D2CB7 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:37:31.0218 2728 smwdm - ok
16:37:31.0265 2728 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
16:37:31.0265 2728 SoundMAX Agent Service (default) - ok
16:37:31.0265 2728 Sparrow - ok
16:37:31.0296 2728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:37:31.0296 2728 splitter - ok
16:37:31.0312 2728 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:37:31.0312 2728 Spooler - ok
16:37:31.0343 2728 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:37:31.0343 2728 sr - ok
16:37:31.0375 2728 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:37:31.0390 2728 srservice - ok
16:37:31.0437 2728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:37:31.0437 2728 Srv - ok
16:37:31.0468 2728 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:37:31.0468 2728 SSDPSRV - ok
16:37:31.0515 2728 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:37:31.0515 2728 stisvc - ok
16:37:31.0531 2728 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:37:31.0531 2728 streamip - ok
16:37:31.0562 2728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:37:31.0562 2728 swenum - ok
16:37:31.0687 2728 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:37:31.0703 2728 SwitchBoard - ok
16:37:31.0718 2728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:37:31.0718 2728 swmidi - ok
16:37:31.0734 2728 symc810 - ok
16:37:31.0750 2728 symc8xx - ok
16:37:31.0750 2728 sym_hi - ok
16:37:31.0765 2728 sym_u3 - ok
16:37:31.0781 2728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:37:31.0781 2728 sysaudio - ok
16:37:31.0796 2728 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:37:31.0812 2728 SysmonLog - ok
16:37:31.0828 2728 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:37:31.0843 2728 TapiSrv - ok
16:37:31.0875 2728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:37:31.0890 2728 Tcpip - ok
16:37:31.0906 2728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:37:31.0906 2728 TDPIPE - ok
16:37:31.0921 2728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:37:31.0921 2728 TDTCP - ok
16:37:31.0937 2728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:37:31.0937 2728 TermDD - ok
16:37:31.0953 2728 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:37:31.0984 2728 TermService - ok
16:37:32.0000 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:37:32.0015 2728 Themes - ok
16:37:32.0046 2728 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:37:32.0046 2728 TlntSvr - ok
16:37:32.0046 2728 TosIde - ok
16:37:32.0078 2728 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:37:32.0078 2728 TrkWks - ok
16:37:32.0093 2728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:37:32.0109 2728 Udfs - ok
16:37:32.0109 2728 ultra - ok
16:37:32.0156 2728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:37:32.0171 2728 Update - ok
16:37:32.0187 2728 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:37:32.0187 2728 upnphost - ok
16:37:32.0218 2728 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:37:32.0218 2728 UPS - ok
16:37:32.0234 2728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:37:32.0234 2728 usbehci - ok
16:37:32.0250 2728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:37:32.0250 2728 usbhub - ok
16:37:32.0281 2728 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:37:32.0281 2728 usbscan - ok
16:37:32.0281 2728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:37:32.0296 2728 USBSTOR - ok
16:37:32.0296 2728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:37:32.0296 2728 usbuhci - ok
16:37:32.0312 2728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:37:32.0328 2728 VgaSave - ok
16:37:32.0328 2728 ViaIde - ok
16:37:32.0343 2728 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:37:32.0359 2728 VolSnap - ok
16:37:32.0375 2728 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:37:32.0375 2728 VSS - ok
16:37:32.0406 2728 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:37:32.0406 2728 W32Time - ok
16:37:32.0437 2728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:37:32.0437 2728 Wanarp - ok
16:37:32.0484 2728 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:37:32.0484 2728 WDC_SAM - ok
16:37:32.0500 2728 WDICA - ok
16:37:32.0515 2728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:37:32.0515 2728 wdmaud - ok
16:37:32.0531 2728 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:37:32.0546 2728 WebClient - ok
16:37:32.0609 2728 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:37:32.0625 2728 winmgmt - ok
16:37:32.0656 2728 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:37:32.0656 2728 WmdmPmSN - ok
16:37:32.0687 2728 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:37:32.0703 2728 Wmi - ok
16:37:32.0734 2728 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:37:32.0734 2728 WmiApSrv - ok
16:37:32.0796 2728 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:37:32.0828 2728 WMPNetworkSvc - ok
16:37:32.0859 2728 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:37:32.0859 2728 WSTCODEC - ok
16:37:32.0890 2728 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:37:32.0890 2728 wuauserv - ok
16:37:32.0921 2728 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:37:32.0921 2728 WudfPf - ok
16:37:32.0937 2728 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:37:32.0937 2728 WudfRd - ok
16:37:32.0968 2728 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:37:32.0984 2728 WudfSvc - ok
16:37:33.0031 2728 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:37:33.0031 2728 WZCSVC - ok
16:37:33.0062 2728 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:37:33.0078 2728 xmlprov - ok
16:37:33.0093 2728 ================ Scan global ===============================
16:37:33.0125 2728 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:37:33.0171 2728 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:37:33.0187 2728 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:37:33.0203 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:37:33.0218 2728 [Global] - ok
16:37:33.0218 2728 ================ Scan MBR ==================================
16:37:33.0234 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:37:33.0390 2728 \Device\Harddisk0\DR0 - ok
16:37:33.0406 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:37:33.0421 2728 \Device\Harddisk1\DR1 - ok
16:37:33.0421 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
16:37:33.0437 2728 \Device\Harddisk2\DR4 - ok
16:37:33.0437 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR6
16:37:37.0140 2728 \Device\Harddisk3\DR6 - ok
16:37:37.0140 2728 ================ Scan VBR ==================================
16:37:37.0140 2728 [ A460E5A6EBFBE23633EA9799FC888205 ] \Device\Harddisk0\DR0\Partition1
16:37:37.0140 2728 \Device\Harddisk0\DR0\Partition1 - ok
16:37:37.0156 2728 [ 9628A86B7E188A55385DF84738F3A1D4 ] \Device\Harddisk2\DR4\Partition1
16:37:37.0156 2728 \Device\Harddisk2\DR4\Partition1 - ok
16:37:37.0156 2728 [ 9BD8FA74D2161BC45BB5818A9D442B86 ] \Device\Harddisk3\DR6\Partition1
16:37:37.0156 2728 \Device\Harddisk3\DR6\Partition1 - ok
16:37:37.0156 2728 ============================================================
16:37:37.0156 2728 Scan finished
16:37:37.0156 2728 ============================================================
16:37:37.0187 3844 Detected object count: 0
16:37:37.0187 3844 Actual detected object count: 0


----------------------------
end TDSSK log
----------------------------

Thanks again for working through this with me, Krisjo.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:54 PM

Posted 05 January 2013 - 08:59 PM

I don't see anything malicious there.
You may want to try more advanced checks..

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Krisjo

Krisjo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 05 January 2013 - 10:18 PM

Thanks Broni, I will take the next step you recommend.

Something must be generating the iexplore.exe processes and shadow IE8 browser sessions that seem to want to connect a small and recognizable set of URLs. I'll keep digging. It may be harmless, but it galls me to know programs are running loose and could cause problems I don't understand.

There is also something creating network transfer traffic steadily as soon as I connect the cable, even when I'm not using the Internet. That may be routine, benign, and legitimate use by installed programs running in the background, but now I'm more wary than usual!

Krisjo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users