Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk error trying to boot with USB w/Windows Defender Offline


  • Please log in to reply
14 replies to this topic

#1 Cindyknowsnocomputer

Cindyknowsnocomputer

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 31 July 2013 - 09:08 PM

Trying to clear my mom's computer of some viruses. She has Microsoft Security Essentials and it said I needed to download Windows Defender Offline.

 

I downloaded to my personal laptop and created the files on a brand new clean USB flash drive.

 

Went through the steps necessary through BIOS to move the USB drive to top of the Boot list.

When I put the USB in and restart the computer, it gives me a Disk Error message.

 

Any ideas what the issue could be?

Computer I'm trying to clean is a desktop Dell Dimension.


Edited by hamluis, 02 August 2013 - 09:05 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 AngryRaisin

AngryRaisin

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County, CA, US
  • Local time:01:18 PM

Posted 31 July 2013 - 10:25 PM

That means the usb disk was not properly made bootable or the computer is not able to boot from a usb disk.

Would you point me in the direction of the instructions you used so I have a better understanding of tools used?

I would point you toward the "Virus, Trojan, Spyware, and Malware Removal Logs" for better help at specific removal of viruses but I understand if you would like to proceed in your own direction.  If you do decide to go to that forum please use this post first.


Edited by AngryRaisin, 31 July 2013 - 10:40 PM.


#3 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 01 August 2013 - 06:17 AM

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

 

 

I followed these directions.

I checked the computer for 32 or 64 bit via the instructions linked there.

Saw no mention of 64 bit, so assummed 32 bit.

 

I downloaded the files, then ran the .exe file which created a bunch of new files on the USB stick drive.

 

 



#4 AngryRaisin

AngryRaisin

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County, CA, US
  • Local time:01:18 PM

Posted 01 August 2013 - 04:51 PM

Hmm since you are posting in the windows xp forum I going to assume that your mom's computer has windows xp, so 32-bit would be the most likely (very few people run xp 64-bit) many older computers have a difficult time booting from usb - I would recommend making the cd and booting from that.



#5 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 AM

Posted 02 August 2013 - 01:01 AM

Is the computer still able to boot to Windows despite the infection or not?


Tekken
 


#6 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 02 August 2013 - 01:23 PM

Is the computer still able to boot to Windows despite the infection or not?

Yes, the computer boots fine otherwise.

 

I've run a Kaspersky rootkit something or other on it..and it cleared a few things off.

I've run Malewarebytes yesterday and it cleared a few things off.

 

It is definitely better than it was before...but Microsoft Security Essentials still finds the Aleuron!B virus and says that I have to clean it with Windows Defender Offline.

Was going to try the CD suggestion from the poster above and see what happens.



#7 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 02 August 2013 - 02:20 PM

Try this also if you're able to boot successfully. 

 

 

:step1: Post MBAM log.

 

:step2: Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#8 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 August 2013 - 09:16 AM

Couldn't find a way to attach the file, so assume I'm just supposed to paste the text?

I will post the MBAM log separately.

 

Here's the TDSS log - I had run this a few times before and cured anything it found.

 

10:07:06.0343 3052  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:07:06.0703 3052  ============================================================
10:07:06.0703 3052  Current date / time: 2013/08/04 10:07:06.0703
10:07:06.0703 3052  SystemInfo:
10:07:06.0703 3052 
10:07:06.0703 3052  OS Version: 5.1.2600 ServicePack: 3.0
10:07:06.0703 3052  Product type: Workstation
10:07:06.0703 3052  ComputerName: MAIN
10:07:06.0703 3052  UserName: Kay
10:07:06.0703 3052  Windows directory: C:\WINDOWS
10:07:06.0703 3052  System windows directory: C:\WINDOWS
10:07:06.0703 3052  Processor architecture: Intel x86
10:07:06.0703 3052  Number of processors: 2
10:07:06.0703 3052  Page size: 0x1000
10:07:06.0703 3052  Boot type: Normal boot
10:07:06.0703 3052  ============================================================
10:07:09.0453 3052  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:07:09.0515 3052  ============================================================
10:07:09.0515 3052  \Device\Harddisk0\DR0:
10:07:09.0515 3052  MBR partitions:
10:07:09.0515 3052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8E9F01D
10:07:09.0515 3052  ============================================================
10:07:09.0593 3052  C: <-> \Device\Harddisk0\DR0\Partition1
10:07:09.0593 3052  ============================================================
10:07:09.0593 3052  Initialize success
10:07:09.0593 3052  ============================================================
10:07:49.0375 3124  ============================================================
10:07:49.0375 3124  Scan started
10:07:49.0375 3124  Mode: Manual; TDLFS;
10:07:49.0375 3124  ============================================================
10:07:51.0187 3124  ================ Scan system memory ========================
10:07:51.0203 3124  System memory - ok
10:07:51.0203 3124  ================ Scan services =============================
10:07:51.0406 3124  Abiosdsk - ok
10:07:51.0406 3124  abp480n5 - ok
10:07:51.0578 3124  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:07:51.0578 3124  ACDaemon - ok
10:07:51.0640 3124  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:07:51.0640 3124  ACPI - ok
10:07:51.0671 3124  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:07:51.0687 3124  ACPIEC - ok
10:07:51.0750 3124  [ 5AC144F03B31AFAB6717AD3622D1680D ] ACS             C:\WINDOWS\system32\acs.exe
10:07:51.0984 3124  ACS - ok
10:07:52.0078 3124  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:07:52.0093 3124  AdobeFlashPlayerUpdateSvc - ok
10:07:52.0093 3124  adpu160m - ok
10:07:52.0109 3124  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:07:52.0109 3124  aec - ok
10:07:52.0171 3124  [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:07:52.0265 3124  AegisP - ok
10:07:52.0312 3124  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:07:52.0312 3124  AFD - ok
10:07:52.0375 3124  [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
10:07:52.0375 3124  AFS2K - ok
10:07:52.0375 3124  Aha154x - ok
10:07:52.0390 3124  aic78u2 - ok
10:07:52.0390 3124  aic78xx - ok
10:07:52.0437 3124  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:07:52.0453 3124  Alerter - ok
10:07:52.0484 3124  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
10:07:52.0484 3124  ALG - ok
10:07:52.0484 3124  AliIde - ok
10:07:52.0484 3124  amsint - ok
10:07:52.0500 3124  AppMgmt - ok
10:07:52.0578 3124  [ 8E2257584B2C52D44B4CB1949947D885 ] AR9271          C:\WINDOWS\system32\DRIVERS\athuw.sys
10:07:52.0640 3124  AR9271 - ok
10:07:52.0640 3124  asc - ok
10:07:52.0656 3124  asc3350p - ok
10:07:52.0656 3124  asc3550 - ok
10:07:52.0859 3124  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:07:52.0890 3124  aspnet_state - ok
10:07:52.0921 3124  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:07:52.0921 3124  AsyncMac - ok
10:07:52.0968 3124  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:07:52.0968 3124  atapi - ok
10:07:52.0984 3124  Atdisk - ok
10:07:53.0015 3124  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:07:53.0031 3124  Atmarpc - ok
10:07:53.0062 3124  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:07:53.0062 3124  AudioSrv - ok
10:07:53.0125 3124  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:07:53.0125 3124  audstub - ok
10:07:53.0156 3124  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:07:53.0156 3124  Beep - ok
10:07:53.0218 3124  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:07:53.0250 3124  BITS - ok
10:07:53.0296 3124  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
10:07:53.0296 3124  Browser - ok
10:07:53.0328 3124  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:07:53.0328 3124  cbidf2k - ok
10:07:53.0390 3124  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:07:53.0390 3124  CCDECODE - ok
10:07:53.0390 3124  cd20xrnt - ok
10:07:53.0421 3124  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:07:53.0421 3124  Cdaudio - ok
10:07:53.0421 3124  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:07:53.0421 3124  Cdfs - ok
10:07:53.0468 3124  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:07:53.0484 3124  Cdrom - ok
10:07:53.0515 3124  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
10:07:53.0578 3124  cercsr6 - ok
10:07:53.0578 3124  Changer - ok
10:07:53.0593 3124  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:07:53.0593 3124  CiSvc - ok
10:07:53.0625 3124  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:07:53.0640 3124  ClipSrv - ok
10:07:53.0703 3124  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:53.0750 3124  clr_optimization_v2.0.50727_32 - ok
10:07:53.0781 3124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:07:53.0968 3124  clr_optimization_v4.0.30319_32 - ok
10:07:53.0968 3124  CmdIde - ok
10:07:53.0984 3124  COMSysApp - ok
10:07:53.0984 3124  Cpqarray - ok
10:07:54.0031 3124  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:07:54.0031 3124  CryptSvc - ok
10:07:54.0031 3124  dac2w2k - ok
10:07:54.0046 3124  dac960nt - ok
10:07:54.0125 3124  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:07:54.0140 3124  DcomLaunch - ok
10:07:54.0203 3124  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:07:54.0203 3124  Dhcp - ok
10:07:54.0265 3124  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:07:54.0265 3124  Disk - ok
10:07:54.0328 3124  [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:07:54.0359 3124  DLABOIOM - ok
10:07:54.0359 3124  [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:07:54.0421 3124  DLACDBHM - ok
10:07:54.0453 3124  [ 83545593E297F50A8E2524B4C071A153 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
10:07:54.0484 3124  DLADResN - ok
10:07:54.0515 3124  [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:07:54.0609 3124  DLAIFS_M - ok
10:07:54.0625 3124  [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:07:54.0671 3124  DLAOPIOM - ok
10:07:54.0703 3124  [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:07:54.0734 3124  DLAPoolM - ok
10:07:54.0734 3124  [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:07:54.0781 3124  DLARTL_N - ok
10:07:54.0828 3124  [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:07:54.0890 3124  DLAUDFAM - ok
10:07:54.0906 3124  [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:07:54.0953 3124  DLAUDF_M - ok
10:07:54.0968 3124  dmadmin - ok
10:07:55.0015 3124  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:07:55.0031 3124  dmboot - ok
10:07:55.0062 3124  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:07:55.0062 3124  dmio - ok
10:07:55.0093 3124  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:07:55.0093 3124  dmload - ok
10:07:55.0140 3124  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:07:55.0140 3124  dmserver - ok
10:07:55.0187 3124  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:07:55.0187 3124  DMusic - ok
10:07:55.0250 3124  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:07:55.0250 3124  Dnscache - ok
10:07:55.0312 3124  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:07:55.0328 3124  Dot3svc - ok
10:07:55.0375 3124  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
10:07:55.0390 3124  dot4 - ok
10:07:55.0390 3124  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
10:07:55.0390 3124  Dot4Print - ok
10:07:55.0390 3124  [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan        C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
10:07:55.0390 3124  Dot4Scan - ok
10:07:55.0406 3124  [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
10:07:55.0406 3124  dot4usb - ok
10:07:55.0406 3124  dpti2o - ok
10:07:55.0437 3124  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:07:55.0437 3124  drmkaud - ok
10:07:55.0437 3124  [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:07:55.0500 3124  DRVMCDB - ok
10:07:55.0500 3124  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:07:57.0343 3124  DRVNDDM - ok
10:07:57.0390 3124  [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:07:57.0390 3124  E100B - ok
10:07:57.0421 3124  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:07:57.0421 3124  EapHost - ok
10:07:57.0546 3124  [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
10:07:57.0562 3124  EpsonCustomerParticipation - ok
10:07:57.0625 3124  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:07:57.0625 3124  ERSvc - ok
10:07:57.0687 3124  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
10:07:57.0687 3124  Eventlog - ok
10:07:57.0750 3124  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
10:07:57.0750 3124  EventSystem - ok
10:07:57.0765 3124  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:07:57.0765 3124  Fastfat - ok
10:07:57.0828 3124  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:07:57.0828 3124  FastUserSwitchingCompatibility - ok
10:07:57.0859 3124  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
10:07:57.0859 3124  Fdc - ok
10:07:57.0859 3124  FilterService - ok
10:07:57.0906 3124  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:07:57.0906 3124  Fips - ok
10:07:57.0906 3124  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:07:57.0906 3124  Flpydisk - ok
10:07:57.0968 3124  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:07:57.0968 3124  FltMgr - ok
10:07:58.0078 3124  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:07:58.0078 3124  FontCache3.0.0.0 - ok
10:07:58.0109 3124  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:07:58.0109 3124  Fs_Rec - ok
10:07:58.0140 3124  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:07:58.0140 3124  Ftdisk - ok
10:07:58.0156 3124  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:07:58.0156 3124  GEARAspiWDM - ok
10:07:58.0203 3124  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:07:58.0203 3124  Gpc - ok
10:07:58.0218 3124  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:07:58.0218 3124  HDAudBus - ok
10:07:58.0281 3124  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:07:58.0281 3124  helpsvc - ok
10:07:58.0343 3124  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:07:58.0343 3124  HidServ - ok
10:07:58.0359 3124  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:07:58.0359 3124  hidusb - ok
10:07:58.0406 3124  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:07:58.0421 3124  hkmsvc - ok
10:07:58.0421 3124  hpn - ok
10:07:58.0578 3124  [ E82871D75565219A7E28C6B14572EF63 ] HsdService      C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
10:07:58.0609 3124  HsdService - ok
10:07:58.0625 3124  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:07:58.0625 3124  HSFHWBS2 - ok
10:07:58.0671 3124  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:07:58.0687 3124  HSF_DP - ok
10:07:58.0765 3124  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:07:58.0765 3124  HTTP - ok
10:07:58.0781 3124  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:07:58.0796 3124  HTTPFilter - ok
10:07:58.0796 3124  i2omgmt - ok
10:07:58.0796 3124  i2omp - ok
10:07:58.0859 3124  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
10:07:58.0859 3124  i8042prt - ok
10:07:58.0953 3124  [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:07:58.0984 3124  ialm - ok
10:07:59.0078 3124  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:07:59.0093 3124  idsvc - ok
10:07:59.0109 3124  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:07:59.0125 3124  Imapi - ok
10:07:59.0171 3124  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:07:59.0171 3124  ImapiService - ok
10:07:59.0187 3124  ini910u - ok
10:07:59.0203 3124  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:07:59.0203 3124  IntelIde - ok
10:07:59.0265 3124  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:07:59.0265 3124  intelppm - ok
10:07:59.0296 3124  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:07:59.0296 3124  Ip6Fw - ok
10:07:59.0343 3124  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:07:59.0343 3124  IpFilterDriver - ok
10:07:59.0359 3124  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:07:59.0359 3124  IpInIp - ok
10:07:59.0390 3124  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:07:59.0406 3124  IpNat - ok
10:07:59.0453 3124  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:07:59.0468 3124  IPSec - ok
10:07:59.0468 3124  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:07:59.0468 3124  IRENUM - ok
10:07:59.0484 3124  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:07:59.0484 3124  isapnp - ok
10:07:59.0593 3124  [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:07:59.0593 3124  JavaQuickStarterService - ok
10:07:59.0609 3124  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:07:59.0609 3124  Kbdclass - ok
10:07:59.0625 3124  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:07:59.0625 3124  kbdhid - ok
10:07:59.0640 3124  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:07:59.0640 3124  kmixer - ok
10:07:59.0750 3124  [ 9646A100ACF21516DB1052BC419332BA ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
10:07:59.0984 3124  KodakDigitalDisplayService - ok
10:08:00.0015 3124  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:08:00.0015 3124  KSecDD - ok
10:08:00.0093 3124  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:08:00.0109 3124  lanmanserver - ok
10:08:00.0156 3124  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:08:00.0171 3124  lanmanworkstation - ok
10:08:00.0171 3124  lbrtfdc - ok
10:08:00.0250 3124  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:08:00.0265 3124  LmHosts - ok
10:08:00.0265 3124  LVRS - ok
10:08:00.0281 3124  LVUVC - ok
10:08:00.0328 3124  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
10:08:00.0328 3124  MBAMProtector - ok
10:08:00.0390 3124  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:08:00.0390 3124  MBAMScheduler - ok
10:08:00.0421 3124  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:08:00.0437 3124  MBAMService - ok
10:08:00.0484 3124  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10:08:00.0484 3124  MBAMSwissArmy - ok
10:08:00.0593 3124  [ E6CB119EF2E148EAA1A247343550756E ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
10:08:00.0859 3124  McciCMService - ok
10:08:00.0890 3124  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:08:00.0890 3124  mdmxsdk - ok
10:08:00.0921 3124  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:08:00.0921 3124  Messenger - ok
10:08:00.0968 3124  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:08:00.0968 3124  mnmdd - ok
10:08:01.0031 3124  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:08:01.0031 3124  mnmsrvc - ok
10:08:01.0078 3124  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:08:01.0093 3124  Modem - ok
10:08:01.0109 3124  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:08:01.0109 3124  MODEMCSA - ok
10:08:01.0140 3124  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:08:01.0156 3124  Mouclass - ok
10:08:01.0156 3124  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:08:01.0156 3124  mouhid - ok
10:08:01.0171 3124  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:08:01.0187 3124  MountMgr - ok
10:08:01.0203 3124  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:08:01.0218 3124  MpFilter - ok
10:08:01.0218 3124  mraid35x - ok
10:08:01.0250 3124  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:08:01.0296 3124  MREMP50 - ok
10:08:01.0296 3124  MREMPR5 - ok
10:08:01.0312 3124  MRENDIS5 - ok
10:08:01.0328 3124  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:08:01.0375 3124  MRESP50 - ok
10:08:01.0406 3124  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:08:01.0406 3124  MRxDAV - ok
10:08:01.0468 3124  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:08:01.0484 3124  MRxSmb - ok
10:08:01.0531 3124  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:08:01.0531 3124  MSDTC - ok
10:08:01.0546 3124  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:08:01.0546 3124  Msfs - ok
10:08:01.0546 3124  MSIServer - ok
10:08:01.0593 3124  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:08:01.0593 3124  MSKSSRV - ok
10:08:01.0687 3124  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:08:01.0687 3124  MsMpSvc - ok
10:08:01.0687 3124  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:08:01.0703 3124  MSPCLOCK - ok
10:08:01.0718 3124  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:08:01.0718 3124  MSPQM - ok
10:08:01.0750 3124  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:08:01.0750 3124  mssmbios - ok
10:08:01.0796 3124  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:08:01.0796 3124  MSTEE - ok
10:08:01.0828 3124  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:08:01.0828 3124  Mup - ok
10:08:01.0859 3124  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:08:01.0859 3124  NABTSFEC - ok
10:08:01.0937 3124  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:08:01.0937 3124  napagent - ok
10:08:01.0953 3124  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:08:01.0953 3124  NDIS - ok
10:08:01.0968 3124  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:08:01.0984 3124  NdisIP - ok
10:08:02.0031 3124  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:08:02.0031 3124  NdisTapi - ok
10:08:02.0062 3124  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:08:02.0062 3124  Ndisuio - ok
10:08:02.0078 3124  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:08:02.0078 3124  NdisWan - ok
10:08:02.0109 3124  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:08:02.0109 3124  NDProxy - ok
10:08:02.0109 3124  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:08:02.0125 3124  NetBIOS - ok
10:08:02.0156 3124  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:08:02.0156 3124  NetBT - ok
10:08:02.0203 3124  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:08:02.0203 3124  NetDDE - ok
10:08:02.0203 3124  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:08:02.0218 3124  NetDDEdsdm - ok
10:08:02.0234 3124  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:08:02.0234 3124  Netlogon - ok
10:08:02.0281 3124  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
10:08:02.0281 3124  Netman - ok
10:08:02.0343 3124  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:02.0343 3124  NetTcpPortSharing - ok
10:08:02.0375 3124  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:08:02.0390 3124  Nla - ok
10:08:02.0390 3124  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:08:02.0390 3124  Npfs - ok
10:08:02.0421 3124  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:08:02.0421 3124  Ntfs - ok
10:08:02.0437 3124  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:08:02.0437 3124  NtLmSsp - ok
10:08:02.0484 3124  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:08:02.0484 3124  NtmsSvc - ok
10:08:02.0515 3124  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:08:02.0515 3124  Null - ok
10:08:02.0562 3124  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:08:02.0562 3124  NwlnkFlt - ok
10:08:02.0593 3124  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:08:02.0593 3124  NwlnkFwd - ok
10:08:02.0640 3124  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
10:08:02.0640 3124  Parport - ok
10:08:02.0640 3124  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:08:02.0640 3124  PartMgr - ok
10:08:02.0687 3124  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:08:02.0687 3124  ParVdm - ok
10:08:02.0703 3124  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:08:02.0703 3124  PCI - ok
10:08:02.0750 3124  PCIDump - ok
10:08:02.0781 3124  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:08:02.0781 3124  PCIIde - ok
10:08:02.0812 3124  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:08:02.0812 3124  Pcmcia - ok
10:08:02.0812 3124  PDCOMP - ok
10:08:02.0828 3124  PDFRAME - ok
10:08:02.0828 3124  PDRELI - ok
10:08:02.0828 3124  PDRFRAME - ok
10:08:02.0843 3124  perc2 - ok
10:08:02.0843 3124  perc2hib - ok
10:08:02.0890 3124  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:08:02.0890 3124  PlugPlay - ok
10:08:02.0937 3124  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:08:02.0953 3124  Pml Driver HPZ12 - ok
10:08:02.0953 3124  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:08:02.0953 3124  PolicyAgent - ok
10:08:02.0968 3124  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:08:02.0968 3124  PptpMiniport - ok
10:08:02.0984 3124  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:08:02.0984 3124  ProtectedStorage - ok
10:08:02.0984 3124  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:08:02.0984 3124  PSched - ok
10:08:03.0000 3124  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:08:03.0000 3124  Ptilink - ok
10:08:03.0031 3124  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:08:03.0031 3124  PxHelp20 - ok
10:08:03.0046 3124  ql1080 - ok
10:08:03.0046 3124  Ql10wnt - ok
10:08:03.0046 3124  ql12160 - ok
10:08:03.0062 3124  ql1240 - ok
10:08:03.0062 3124  ql1280 - ok
10:08:03.0093 3124  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:08:03.0093 3124  RasAcd - ok
10:08:03.0156 3124  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:08:03.0156 3124  RasAuto - ok
10:08:03.0203 3124  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:08:03.0203 3124  Rasl2tp - ok
10:08:03.0265 3124  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:08:03.0265 3124  RasMan - ok
10:08:03.0281 3124  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:08:03.0281 3124  RasPppoe - ok
10:08:03.0281 3124  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:08:03.0281 3124  Raspti - ok
10:08:03.0312 3124  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:08:03.0312 3124  Rdbss - ok
10:08:03.0312 3124  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:08:03.0312 3124  RDPCDD - ok
10:08:03.0375 3124  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:08:03.0375 3124  RDPWD - ok
10:08:03.0437 3124  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:08:03.0453 3124  RDSessMgr - ok
10:08:03.0484 3124  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:08:03.0484 3124  redbook - ok
10:08:03.0531 3124  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:08:03.0531 3124  RemoteAccess - ok
10:08:03.0593 3124  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:08:03.0593 3124  RpcLocator - ok
10:08:03.0625 3124  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:08:03.0640 3124  RpcSs - ok
10:08:03.0687 3124  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:08:03.0687 3124  RSVP - ok
10:08:03.0750 3124  [ 6B773C52AE5054FA1B1794AE650C1F78 ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
10:08:03.0828 3124  RTL8192su - ok
10:08:03.0843 3124  RTLWUSB - ok
10:08:03.0875 3124  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:08:03.0875 3124  SamSs - ok
10:08:03.0890 3124  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:08:03.0906 3124  SCardSvr - ok
10:08:03.0968 3124  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:08:03.0968 3124  Schedule - ok
10:08:04.0015 3124  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:08:04.0015 3124  Secdrv - ok
10:08:04.0046 3124  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:08:04.0046 3124  seclogon - ok
10:08:04.0062 3124  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
10:08:04.0078 3124  SENS - ok
10:08:04.0125 3124  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
10:08:04.0125 3124  Serial - ok
10:08:04.0609 3124  [ 9910F4097EECBF561B257D614ADEF09A ] ServicepointService C:\Program Files\Windstream\Service Agent\ServicepointService.exe
10:08:04.0953 3124  ServicepointService - ok
10:08:04.0984 3124  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:08:04.0984 3124  Sfloppy - ok
10:08:05.0062 3124  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:08:05.0062 3124  SharedAccess - ok
10:08:05.0125 3124  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:08:05.0140 3124  ShellHWDetection - ok
10:08:05.0140 3124  Simbad - ok
10:08:05.0203 3124  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:08:05.0203 3124  SLIP - ok
10:08:05.0250 3124  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:08:05.0250 3124  SONYPVU1 - ok
10:08:05.0265 3124  Sparrow - ok
10:08:05.0312 3124  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:08:05.0312 3124  splitter - ok
10:08:05.0359 3124  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:08:05.0359 3124  Spooler - ok
10:08:05.0390 3124  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:08:05.0390 3124  sr - ok
10:08:05.0437 3124  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:08:05.0453 3124  srservice - ok
10:08:05.0515 3124  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:08:05.0515 3124  Srv - ok
10:08:05.0546 3124  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:08:05.0546 3124  SSDPSRV - ok
10:08:05.0625 3124  [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
10:08:05.0656 3124  STHDA - ok
10:08:05.0703 3124  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
10:08:05.0703 3124  StillCam - ok
10:08:05.0765 3124  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:08:05.0781 3124  stisvc - ok
10:08:05.0812 3124  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:08:05.0812 3124  streamip - ok
10:08:05.0875 3124  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:08:05.0875 3124  swenum - ok
10:08:05.0890 3124  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:08:05.0890 3124  swmidi - ok
10:08:05.0890 3124  SwPrv - ok
10:08:05.0906 3124  symc810 - ok
10:08:05.0906 3124  symc8xx - ok
10:08:05.0906 3124  sym_hi - ok
10:08:05.0921 3124  sym_u3 - ok
10:08:05.0984 3124  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:08:05.0984 3124  sysaudio - ok
10:08:06.0031 3124  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:08:06.0031 3124  SysmonLog - ok
10:08:06.0093 3124  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:08:06.0093 3124  TapiSrv - ok
10:08:06.0125 3124  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:08:06.0140 3124  Tcpip - ok
10:08:06.0171 3124  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:08:06.0171 3124  TDPIPE - ok
10:08:06.0203 3124  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:08:06.0203 3124  TDTCP - ok
10:08:06.0218 3124  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:08:06.0234 3124  TermDD - ok
10:08:06.0265 3124  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
10:08:06.0265 3124  TermService - ok
10:08:06.0296 3124  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:08:06.0296 3124  Themes - ok
10:08:06.0296 3124  TosIde - ok
10:08:06.0328 3124  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:08:06.0328 3124  TrkWks - ok
10:08:06.0343 3124  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:08:06.0343 3124  Udfs - ok
10:08:06.0359 3124  ultra - ok
10:08:06.0375 3124  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:08:06.0390 3124  Update - ok
10:08:06.0453 3124  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:08:06.0453 3124  upnphost - ok
10:08:06.0484 3124  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
10:08:06.0484 3124  UPS - ok
10:08:06.0531 3124  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:08:06.0546 3124  usbaudio - ok
10:08:06.0593 3124  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:08:06.0593 3124  usbccgp - ok
10:08:06.0656 3124  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:08:06.0671 3124  usbehci - ok
10:08:06.0671 3124  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:08:06.0671 3124  usbhub - ok
10:08:06.0734 3124  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:08:06.0796 3124  usbprint - ok
10:08:06.0812 3124  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:08:06.0812 3124  usbscan - ok
10:08:06.0812 3124  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:08:06.0828 3124  usbstor - ok
10:08:06.0859 3124  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:08:06.0859 3124  usbuhci - ok
10:08:06.0890 3124  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:08:06.0890 3124  usbvideo - ok
10:08:06.0937 3124  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:08:06.0937 3124  VgaSave - ok
10:08:06.0953 3124  ViaIde - ok
10:08:07.0000 3124  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:08:07.0000 3124  VolSnap - ok
10:08:07.0062 3124  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
10:08:07.0062 3124  VSS - ok
10:08:07.0109 3124  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
10:08:07.0125 3124  W32Time - ok
10:08:07.0156 3124  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:08:07.0156 3124  Wanarp - ok
10:08:07.0156 3124  WDICA - ok
10:08:07.0203 3124  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:08:07.0203 3124  wdmaud - ok
10:08:07.0265 3124  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:08:07.0265 3124  WebClient - ok
10:08:07.0359 3124  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:08:07.0375 3124  winachsf - ok
10:08:07.0500 3124  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:08:07.0500 3124  winmgmt - ok
10:08:07.0562 3124  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:08:07.0562 3124  WmdmPmSN - ok
10:08:07.0640 3124  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:08:07.0656 3124  WmiApSrv - ok
10:08:07.0796 3124  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:08:07.0812 3124  WMPNetworkSvc - ok
10:08:08.0015 3124  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:08:08.0031 3124  WPFFontCache_v0400 - ok
10:08:08.0093 3124  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:08:08.0109 3124  wscsvc - ok
10:08:08.0171 3124  [ 0091D78C5F8FDE0CDF2B214823DE6E48 ] WSIMD           C:\WINDOWS\system32\DRIVERS\wsimd.sys
10:08:08.0218 3124  WSIMD - ok
10:08:08.0250 3124  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:08:08.0250 3124  WSTCODEC - ok
10:08:08.0281 3124  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:08:08.0281 3124  wuauserv - ok
10:08:08.0343 3124  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:08:08.0343 3124  WudfPf - ok
10:08:08.0359 3124  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:08:08.0359 3124  WudfRd - ok
10:08:08.0375 3124  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:08:08.0390 3124  WudfSvc - ok
10:08:08.0453 3124  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:08:08.0453 3124  WZCSVC - ok
10:08:08.0500 3124  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:08:08.0500 3124  xmlprov - ok
10:08:08.0515 3124  ================ Scan global ===============================
10:08:08.0578 3124  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:08:08.0671 3124  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:08:08.0718 3124  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:08:08.0734 3124  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:08:08.0734 3124  [Global] - ok
10:08:08.0734 3124  ================ Scan MBR ==================================
10:08:08.0765 3124  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:08:09.0109 3124  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:08:09.0109 3124  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:08:09.0109 3124  ================ Scan VBR ==================================
10:08:09.0109 3124  [ CAAB3DC4DCE8B9FEE81CF670927909DE ] \Device\Harddisk0\DR0\Partition1
10:08:09.0109 3124  \Device\Harddisk0\DR0\Partition1 - ok
10:08:09.0109 3124  ============================================================
10:08:09.0109 3124  Scan finished
10:08:09.0109 3124  ============================================================
10:08:09.0125 3112  Detected object count: 1
10:08:09.0125 3112  Actual detected object count: 1
10:08:29.0281 3112  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:08:29.0281 3112  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 

 



#9 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 August 2013 - 09:17 AM

Here's the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.01.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kay :: MAIN [administrator]

8/1/2013 7:32:12 PM
mbam-log-2013-08-01 (19-32-12).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322376
Time elapsed: 1 hour(s), 28 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 04 August 2013 - 10:40 AM

:step1: Backdoor/Rootkit warning: TDSS

 

This computer is/was infected with a rootkit called TDSS. You will need to change all passwords after this and pay attention to do not homebanking. Don't use the machine now for other goals then malware removal.

 

:step1: Rerun TDSSKiller, this time choice for the default setting (TDSS =  delete).

 

13:50:15.0306 3224  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:50:15.0306 3224  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#11 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 09 August 2013 - 09:32 PM

Sorry it's taken me so long to respond, I've been sick. I ran the TDSS Killer again and it found 1 item and I chose delete. Then I re-ran TDSS again and it found nothing.

I've also re-ran MalWareBytes and Microsoft Security Essentials and neither found anything.

 

Does that mean it's clean?

Is there something else I should be looking for?



#12 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 10 August 2013 - 04:07 AM

Two tests to go for sure:

 

:step1: Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

:step2: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


Edited by GodfatherKing, 10 August 2013 - 04:08 AM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#13 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 August 2013 - 01:39 PM

 

Below is the system log, but I don't find a file called mbar-log anything in the MBAR folder.

The ESET scan is still running.

 

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_25

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.059000 GHz
Memory total: 1063333888, free: 398475264

Downloaded database version: v2013.08.08.01
Downloaded database version: v2013.08.08.02
Downloaded database version: v2013.08.08.03
Downloaded database version: v2013.08.08.04
Downloaded database version: v2013.08.08.05
Downloaded database version: v2013.08.08.06
Downloaded database version: v2013.08.08.07
Downloaded database version: v2013.08.09.01
Downloaded database version: v2013.08.09.02
Downloaded database version: v2013.08.09.03
Downloaded database version: v2013.08.09.04
Downloaded database version: v2013.08.09.05
Downloaded database version: v2013.08.09.06
Downloaded database version: v2013.08.09.07
Downloaded database version: v2013.08.10.01
Initializing...
------------ Kernel report ------------
     08/10/2013 12:31:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff86755ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xffffffff8663e688
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff86825ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005f\
Lower Device Object: 0xffffffff86806878
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff86c78508
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xffffffff86683d08
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8647e3a8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff867f6138
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86d6dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
Lower Device Object: 0xffffffff86d70b00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d6dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86dcf930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86d6dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86d70b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 80325  Numsec = 149549085
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 149629410  Numsec = 6602715

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8647e3a8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8671e7a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8647e3a8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff866e3af8, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff867f6138, DeviceName: \Device\0000005d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86c78508, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86637420, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86c78508, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff866eced0, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff86683d08, DeviceName: \Device\0000005e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86825ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ac0e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86825ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86c783a8, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff86806878, DeviceName: \Device\0000005f\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86755ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8667e600, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86755ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86825958, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff8663e688, DeviceName: \Device\00000060\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished



#14 Cindyknowsnocomputer

Cindyknowsnocomputer
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 10 August 2013 - 04:23 PM

Below is a list of what the ESET Online Scanner found.

 

C:\TDSSKiller_Quarantine\01.08.2013_19.38.36\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\01.08.2013_19.38.36\mbr0000\tdlfs0000\tsk0013.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\09.08.2013_22.27.35\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\09.08.2013_22.27.35\tdlfs0000\tsk0013.dta a variant of Win32/Olmarik.AYZ trojan
C:\WINDOWS\system32\Process.exe Win32/PrcView application

 



#15 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 11 August 2013 - 02:02 AM

The infections found by ESET are in the quarantine from TDSSKiller.

 

Do you recognize this process: C:\WINDOWS\system32\Process.exe Win32/PrcView application

 

:thumbup2: It's almost looking good.

 

===

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users