ziggywiggy
-
Posts
21 -
Joined
-
Last visited
-
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I downloaded and tried to install mbam multiple times with the same result - upgrade from version 000.00.0 corrupted, please reinstall. downloaded and ran mbam clean, tried again, same result. downloaded from IE, same result. loaded from flash drive, same result. ran mbam clean, shut the computer off for a week, tried again, same result. ran mbam clean after each failure. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
CheckResults.txt Downloaded this on 6/2/12. Here are the current results. mbam-check result log version: 1.10.0.1000 Date Log Created: 07/28/12 Time Log Created: 21:46:57 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Professional Proxy Status: No proxy is Set LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Disabled <--BALLOON TOOLTIPS ARE DISABLED! Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== Can not open SC_HANDLE, Service not running for MBAMProtector Can not open SC_HANDLE, Service not running for MBAMService MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAM DLL's and Runtime Files: ============================= MBAM Registry Settings and License Info: ======================================== Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe Context Menu Entries: ===================== MBAM Drivers: ============= Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 4 ImagePath REG_EXPAND_SZ system32\DRIVERS\fltMgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\mscomctl.ocx File Size: 1081616 BYTES FileVersion: 6.1.97.82 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= =============================================================== END OF FILE -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Same old same old. Everything seems fine except I can't download mbam. 13:03:19.0375 3532 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 13:03:19.0687 3532 ============================================================ 13:03:19.0687 3532 Current date / time: 2012/07/24 13:03:19.0687 13:03:19.0687 3532 SystemInfo: 13:03:19.0687 3532 13:03:19.0687 3532 OS Version: 5.1.2600 ServicePack: 3.0 13:03:19.0687 3532 Product type: Workstation 13:03:19.0687 3532 ComputerName: RKMEEE 13:03:19.0687 3532 UserName: User 13:03:19.0687 3532 Windows directory: C:\WINDOWS 13:03:19.0687 3532 System windows directory: C:\WINDOWS 13:03:19.0687 3532 Processor architecture: Intel x86 13:03:19.0687 3532 Number of processors: 1 13:03:19.0687 3532 Page size: 0x1000 13:03:19.0687 3532 Boot type: Normal boot 13:03:19.0687 3532 ============================================================ 13:03:25.0171 3532 Drive \Device\Harddisk0\DR0 - Size: 0xF07EC000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:03:25.0171 3532 Drive \Device\Harddisk1\DR1 - Size: 0x3C1FB0000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7AA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:03:25.0281 3532 ============================================================ 13:03:25.0281 3532 \Device\Harddisk0\DR0: 13:03:25.0281 3532 MBR partitions: 13:03:25.0281 3532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x77DE6A 13:03:25.0281 3532 \Device\Harddisk1\DR1: 13:03:25.0281 3532 MBR partitions: 13:03:25.0281 3532 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E0F2EB 13:03:25.0281 3532 ============================================================ 13:03:25.0312 3532 C: <-> \Device\Harddisk0\DR0\Partition0 13:03:25.0312 3532 D: <-> \Device\Harddisk1\DR1\Partition0 13:03:25.0312 3532 ============================================================ 13:03:25.0312 3532 Initialize success 13:03:25.0312 3532 ============================================================ 13:04:52.0734 2012 ============================================================ 13:04:52.0734 2012 Scan started 13:04:52.0734 2012 Mode: Manual; SigCheck; TDLFS; 13:04:52.0734 2012 ============================================================ 13:04:52.0984 2012 Abiosdsk - ok 13:04:53.0015 2012 abp480n5 - ok 13:04:53.0140 2012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:04:55.0296 2012 ACPI - ok 13:04:55.0312 2012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 13:04:55.0609 2012 ACPIEC - ok 13:04:55.0718 2012 ACS (34f47d90cba04fe11c9848c8c54274c1) C:\WINDOWS\system32\acs.exe 13:04:56.0078 2012 ACS ( UnsignedFile.Multi.Generic ) - warning 13:04:56.0078 2012 ACS - detected UnsignedFile.Multi.Generic (1) 13:04:56.0156 2012 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:04:56.0203 2012 AdobeFlashPlayerUpdateSvc - ok 13:04:56.0218 2012 adpu160m - ok 13:04:56.0265 2012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 13:04:56.0734 2012 aec - ok 13:04:56.0765 2012 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys 13:04:56.0953 2012 AFD - ok 13:04:56.0968 2012 Aha154x - ok 13:04:56.0984 2012 aic78u2 - ok 13:04:57.0000 2012 aic78xx - ok 13:04:57.0015 2012 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 13:04:57.0453 2012 Alerter - ok 13:04:57.0468 2012 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 13:04:57.0625 2012 ALG - ok 13:04:57.0640 2012 AliIde - ok 13:04:57.0656 2012 amsint - ok 13:04:57.0906 2012 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 13:04:58.0406 2012 AppMgmt - ok 13:04:58.0703 2012 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys 13:04:58.0968 2012 AR5211 ( UnsignedFile.Multi.Generic ) - warning 13:04:58.0968 2012 AR5211 - detected UnsignedFile.Multi.Generic (1) 13:04:59.0250 2012 AR5416 (6c21f270afec1e423c00e96d3bd234dc) C:\WINDOWS\system32\DRIVERS\athw.sys 13:04:59.0796 2012 AR5416 - ok 13:04:59.0812 2012 asc - ok 13:04:59.0828 2012 asc3350p - ok 13:04:59.0843 2012 asc3550 - ok 13:05:00.0109 2012 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 13:05:00.0140 2012 aspnet_state - ok 13:05:00.0171 2012 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 13:05:00.0390 2012 AsusACPI - ok 13:05:00.0406 2012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:05:00.0765 2012 AsyncMac - ok 13:05:00.0781 2012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:05:01.0156 2012 atapi - ok 13:05:01.0171 2012 AtcL002 (83ef26c44c53581bdb67866b922aed93) C:\WINDOWS\system32\DRIVERS\l251x86.sys 13:05:01.0203 2012 AtcL002 - ok 13:05:01.0218 2012 Atdisk - ok 13:05:01.0234 2012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:05:01.0859 2012 Atmarpc - ok 13:05:01.0875 2012 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 13:05:02.0265 2012 AudioSrv - ok 13:05:02.0265 2012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:05:02.0656 2012 audstub - ok 13:05:02.0671 2012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:05:03.0062 2012 Beep - ok 13:05:03.0156 2012 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 13:05:03.0718 2012 BITS - ok 13:05:03.0750 2012 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 13:05:04.0140 2012 Browser - ok 13:05:04.0156 2012 catchme - ok 13:05:04.0156 2012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:05:04.0531 2012 cbidf2k - ok 13:05:04.0546 2012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:05:04.0921 2012 CCDECODE - ok 13:05:04.0921 2012 cd20xrnt - ok 13:05:04.0937 2012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:05:05.0375 2012 Cdaudio - ok 13:05:05.0406 2012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 13:05:05.0765 2012 Cdfs - ok 13:05:05.0796 2012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:05:06.0156 2012 Cdrom - ok 13:05:06.0156 2012 Changer - ok 13:05:06.0171 2012 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 13:05:06.0546 2012 CiSvc - ok 13:05:06.0578 2012 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 13:05:06.0953 2012 ClipSrv - ok 13:05:06.0968 2012 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:05:07.0015 2012 clr_optimization_v2.0.50727_32 - ok 13:05:07.0015 2012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 13:05:07.0421 2012 CmBatt - ok 13:05:07.0437 2012 CmdIde - ok 13:05:07.0453 2012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 13:05:07.0812 2012 Compbatt - ok 13:05:07.0828 2012 COMSysApp - ok 13:05:07.0859 2012 Cpqarray - ok 13:05:07.0875 2012 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 13:05:08.0234 2012 CryptSvc - ok 13:05:08.0234 2012 dac2w2k - ok 13:05:08.0250 2012 dac960nt - ok 13:05:08.0375 2012 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 13:05:08.0843 2012 DcomLaunch - ok 13:05:08.0875 2012 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 13:05:09.0343 2012 Dhcp - ok 13:05:09.0390 2012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 13:05:10.0703 2012 Disk - ok 13:05:10.0875 2012 dmadmin - ok 13:05:11.0187 2012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 13:05:11.0843 2012 dmboot - ok 13:05:11.0890 2012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 13:05:12.0281 2012 dmio - ok 13:05:12.0312 2012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:05:12.0718 2012 dmload - ok 13:05:12.0734 2012 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 13:05:13.0140 2012 dmserver - ok 13:05:13.0156 2012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 13:05:13.0515 2012 DMusic - ok 13:05:13.0546 2012 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 13:05:13.0906 2012 Dnscache - ok 13:05:13.0953 2012 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 13:05:14.0343 2012 Dot3svc - ok 13:05:14.0359 2012 dpti2o - ok 13:05:14.0390 2012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 13:05:14.0765 2012 drmkaud - ok 13:05:14.0781 2012 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 13:05:15.0140 2012 EapHost - ok 13:05:15.0156 2012 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 13:05:15.0578 2012 ERSvc - ok 13:05:15.0609 2012 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 13:05:16.0000 2012 Eventlog - ok 13:05:16.0062 2012 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll 13:05:16.0453 2012 EventSystem - ok 13:05:16.0500 2012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 13:05:16.0843 2012 Fastfat - ok 13:05:16.0875 2012 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 13:05:17.0250 2012 FastUserSwitchingCompatibility - ok 13:05:17.0265 2012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 13:05:17.0609 2012 Fdc - ok 13:05:17.0640 2012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 13:05:18.0093 2012 Fips - ok 13:05:18.0109 2012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 13:05:18.0484 2012 Flpydisk - ok 13:05:18.0531 2012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 13:05:19.0031 2012 FltMgr - ok 13:05:19.0140 2012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:05:19.0687 2012 Fs_Rec - ok 13:05:19.0734 2012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:05:20.0250 2012 Ftdisk - ok 13:05:20.0250 2012 getPlusHelper - ok 13:05:20.0281 2012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:05:20.0875 2012 Gpc - ok 13:05:20.0921 2012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:05:21.0265 2012 HDAudBus - ok 13:05:21.0390 2012 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:05:21.0781 2012 helpsvc - ok 13:05:21.0796 2012 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 13:05:22.0109 2012 HidServ - ok 13:05:22.0140 2012 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:05:22.0468 2012 hidusb - ok 13:05:22.0500 2012 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 13:05:22.0828 2012 hkmsvc - ok 13:05:22.0843 2012 hpn - ok 13:05:22.0906 2012 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 13:05:23.0343 2012 HTTP - ok 13:05:23.0390 2012 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 13:05:23.0750 2012 HTTPFilter - ok 13:05:23.0765 2012 i2omgmt - ok 13:05:23.0781 2012 i2omp - ok 13:05:23.0859 2012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:05:24.0359 2012 i8042prt - ok 13:05:24.0656 2012 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 13:05:24.0984 2012 ialm - ok 13:05:25.0015 2012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:05:25.0359 2012 Imapi - ok 13:05:25.0421 2012 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 13:05:25.0734 2012 ImapiService - ok 13:05:25.0750 2012 ini910u - ok 13:05:26.0671 2012 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 13:05:27.0703 2012 IntcAzAudAddService - ok 13:05:27.0812 2012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 13:05:28.0125 2012 IntelIde - ok 13:05:28.0156 2012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:05:28.0468 2012 intelppm - ok 13:05:28.0484 2012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 13:05:28.0828 2012 Ip6Fw - ok 13:05:28.0843 2012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:05:29.0171 2012 IpFilterDriver - ok 13:05:29.0203 2012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:05:29.0515 2012 IpInIp - ok 13:05:29.0562 2012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:05:29.0875 2012 IpNat - ok 13:05:29.0906 2012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:05:30.0265 2012 IPSec - ok 13:05:30.0500 2012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:05:30.0656 2012 IRENUM - ok 13:05:30.0687 2012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:05:31.0000 2012 isapnp - ok 13:05:31.0031 2012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:05:31.0578 2012 Kbdclass - ok 13:05:31.0609 2012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:05:31.0921 2012 kbdhid - ok 13:05:31.0968 2012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 13:05:32.0281 2012 kmixer - ok 13:05:32.0546 2012 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 13:05:32.0812 2012 KSecDD - ok 13:05:32.0843 2012 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 13:05:33.0218 2012 LanmanServer - ok 13:05:33.0250 2012 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll 13:05:33.0781 2012 lanmanworkstation - ok 13:05:33.0796 2012 lbrtfdc - ok 13:05:33.0859 2012 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 13:05:34.0250 2012 LmHosts - ok 13:05:34.0265 2012 MCSTRM - ok 13:05:34.0328 2012 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 13:05:34.0687 2012 Messenger - ok 13:05:34.0703 2012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 13:05:35.0062 2012 Modem - ok 13:05:35.0078 2012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:05:35.0406 2012 Mouclass - ok 13:05:35.0437 2012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:05:35.0781 2012 mouhid - ok 13:05:35.0812 2012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 13:05:36.0375 2012 MountMgr - ok 13:05:36.0390 2012 MozillaMaintenance - ok 13:05:36.0406 2012 mraid35x - ok 13:05:36.0453 2012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:05:36.0750 2012 MRxDAV - ok 13:05:36.0843 2012 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:05:37.0546 2012 MRxSmb - ok 13:05:38.0500 2012 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 13:05:39.0250 2012 MSDTC - ok 13:05:39.0406 2012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 13:05:40.0250 2012 Msfs - ok 13:05:40.0343 2012 MSIServer - ok 13:05:40.0390 2012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:05:40.0734 2012 MSKSSRV - ok 13:05:40.0734 2012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:05:41.0046 2012 MSPCLOCK - ok 13:05:41.0062 2012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 13:05:41.0390 2012 MSPQM - ok 13:05:41.0406 2012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:05:41.0734 2012 mssmbios - ok 13:05:41.0765 2012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 13:05:42.0078 2012 MSTEE - ok 13:05:42.0125 2012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 13:05:42.0437 2012 Mup - ok 13:05:42.0609 2012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:05:43.0093 2012 NABTSFEC - ok 13:05:43.0218 2012 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 13:05:43.0562 2012 napagent - ok 13:05:43.0656 2012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 13:05:44.0062 2012 NDIS - ok 13:05:44.0078 2012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:05:44.0437 2012 NdisIP - ok 13:05:44.0453 2012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:05:45.0078 2012 NdisTapi - ok 13:05:45.0093 2012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:05:45.0453 2012 Ndisuio - ok 13:05:45.0484 2012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:05:45.0828 2012 NdisWan - ok 13:05:45.0859 2012 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 13:05:46.0187 2012 NDProxy - ok 13:05:46.0218 2012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:05:46.0562 2012 NetBIOS - ok 13:05:46.0593 2012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:05:46.0953 2012 NetBT - ok 13:05:46.0984 2012 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 13:05:47.0359 2012 NetDDE - ok 13:05:47.0359 2012 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 13:05:47.0718 2012 NetDDEdsdm - ok 13:05:47.0750 2012 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 13:05:48.0046 2012 Netlogon - ok 13:05:48.0109 2012 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 13:05:48.0484 2012 Netman - ok 13:05:48.0703 2012 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll 13:05:49.0125 2012 Nla - ok 13:05:49.0156 2012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 13:05:49.0484 2012 Npfs - ok 13:05:49.0609 2012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 13:05:50.0062 2012 Ntfs - ok 13:05:50.0078 2012 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 13:05:50.0390 2012 NtLmSsp - ok 13:05:50.0546 2012 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 13:05:50.0984 2012 NtmsSvc - ok 13:05:50.0984 2012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:05:51.0343 2012 Null - ok 13:05:51.0390 2012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:05:51.0687 2012 NwlnkFlt - ok 13:05:51.0718 2012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:05:52.0000 2012 NwlnkFwd - ok 13:05:52.0046 2012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 13:05:52.0359 2012 Parport - ok 13:05:52.0390 2012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 13:05:52.0687 2012 PartMgr - ok 13:05:52.0703 2012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:05:53.0015 2012 ParVdm - ok 13:05:53.0046 2012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 13:05:53.0531 2012 PCI - ok 13:05:53.0546 2012 PCIDump - ok 13:05:54.0078 2012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 13:05:54.0421 2012 PCIIde - ok 13:05:54.0484 2012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:05:54.0796 2012 Pcmcia - ok 13:05:54.0796 2012 PDCOMP - ok 13:05:54.0828 2012 PDFRAME - ok 13:05:54.0828 2012 PDRELI - ok 13:05:54.0843 2012 PDRFRAME - ok 13:05:54.0859 2012 perc2 - ok 13:05:54.0875 2012 perc2hib - ok 13:05:54.0937 2012 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 13:05:55.0234 2012 PlugPlay - ok 13:05:55.0250 2012 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 13:05:55.0562 2012 PolicyAgent - ok 13:05:55.0593 2012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:05:55.0890 2012 PptpMiniport - ok 13:05:55.0921 2012 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys 13:05:55.0921 2012 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning 13:05:55.0921 2012 PQNTDrv - detected UnsignedFile.Multi.Generic (1) 13:05:55.0937 2012 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 13:05:56.0250 2012 ProtectedStorage - ok 13:05:56.0281 2012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 13:05:56.0578 2012 PSched - ok 13:05:56.0609 2012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:05:56.0906 2012 Ptilink - ok 13:05:56.0921 2012 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:05:57.0015 2012 PxHelp20 - ok 13:05:57.0031 2012 ql1080 - ok 13:05:57.0046 2012 Ql10wnt - ok 13:05:57.0062 2012 ql12160 - ok 13:05:57.0078 2012 ql1240 - ok 13:05:57.0093 2012 ql1280 - ok 13:05:57.0109 2012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:05:57.0421 2012 RasAcd - ok 13:05:57.0453 2012 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 13:05:57.0765 2012 RasAuto - ok 13:05:57.0812 2012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:05:58.0140 2012 Rasl2tp - ok 13:05:58.0203 2012 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 13:05:58.0515 2012 RasMan - ok 13:05:58.0625 2012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:05:59.0156 2012 RasPppoe - ok 13:05:59.0171 2012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:05:59.0593 2012 Raspti - ok 13:05:59.0671 2012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:05:59.0984 2012 Rdbss - ok 13:06:00.0000 2012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:06:00.0359 2012 RDPCDD - ok 13:06:00.0453 2012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:06:00.0796 2012 rdpdr - ok 13:06:00.0843 2012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 13:06:01.0359 2012 RDPWD - ok 13:06:01.0421 2012 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 13:06:02.0375 2012 RDSessMgr - ok 13:06:02.0421 2012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:06:02.0718 2012 redbook - ok 13:06:02.0765 2012 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 13:06:03.0531 2012 RemoteAccess - ok 13:06:03.0562 2012 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 13:06:03.0859 2012 RemoteRegistry - ok 13:06:03.0890 2012 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 13:06:04.0203 2012 RpcLocator - ok 13:06:04.0281 2012 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll 13:06:04.0765 2012 RpcSs - ok 13:06:04.0796 2012 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 13:06:05.0093 2012 RSVP - ok 13:06:05.0093 2012 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 13:06:05.0406 2012 SamSs - ok 13:06:05.0437 2012 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 13:06:05.0765 2012 SCardSvr - ok 13:06:06.0000 2012 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 13:06:06.0781 2012 Schedule - ok 13:06:06.0796 2012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:06:07.0343 2012 Secdrv - ok 13:06:07.0468 2012 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 13:06:07.0812 2012 seclogon - ok 13:06:07.0828 2012 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 13:06:08.0156 2012 SENS - ok 13:06:08.0187 2012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 13:06:08.0640 2012 Serial - ok 13:06:08.0671 2012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:06:09.0140 2012 Sfloppy - ok 13:06:09.0218 2012 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 13:06:10.0187 2012 SharedAccess - ok 13:06:10.0218 2012 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 13:06:10.0531 2012 ShellHWDetection - ok 13:06:10.0546 2012 Simbad - ok 13:06:10.0562 2012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:06:11.0046 2012 SLIP - ok 13:06:11.0062 2012 Sparrow - ok 13:06:11.0078 2012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 13:06:11.0421 2012 splitter - ok 13:06:11.0453 2012 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 13:06:11.0781 2012 Spooler - ok 13:06:11.0812 2012 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 13:06:11.0968 2012 Sr - ok 13:06:12.0015 2012 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 13:06:12.0421 2012 srservice - ok 13:06:12.0515 2012 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 13:06:12.0906 2012 Srv - ok 13:06:12.0937 2012 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 13:06:13.0109 2012 SSDPSRV - ok 13:06:13.0171 2012 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 13:06:13.0578 2012 stisvc - ok 13:06:13.0593 2012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:06:13.0890 2012 streamip - ok 13:06:13.0890 2012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:06:14.0250 2012 swenum - ok 13:06:14.0281 2012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 13:06:14.0671 2012 swmidi - ok 13:06:14.0687 2012 SwPrv - ok 13:06:14.0703 2012 symc810 - ok 13:06:14.0703 2012 symc8xx - ok 13:06:14.0718 2012 sym_hi - ok 13:06:14.0734 2012 sym_u3 - ok 13:06:14.0765 2012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 13:06:15.0546 2012 sysaudio - ok 13:06:15.0734 2012 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 13:06:16.0031 2012 SysmonLog - ok 13:06:16.0093 2012 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 13:06:16.0875 2012 TapiSrv - ok 13:06:16.0984 2012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:06:17.0625 2012 Tcpip - ok 13:06:17.0640 2012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:06:18.0046 2012 TDPIPE - ok 13:06:18.0062 2012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 13:06:18.0375 2012 TDTCP - ok 13:06:18.0406 2012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:06:18.0890 2012 TermDD - ok 13:06:19.0015 2012 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 13:06:19.0484 2012 TermService - ok 13:06:19.0531 2012 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 13:06:19.0875 2012 Themes - ok 13:06:19.0906 2012 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 13:06:20.0062 2012 TlntSvr - ok 13:06:20.0078 2012 TosIde - ok 13:06:20.0109 2012 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 13:06:20.0390 2012 TrkWks - ok 13:06:20.0421 2012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 13:06:20.0718 2012 Udfs - ok 13:06:20.0734 2012 ultra - ok 13:06:20.0843 2012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 13:06:21.0265 2012 Update - ok 13:06:21.0515 2012 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 13:06:21.0687 2012 upnphost - ok 13:06:21.0703 2012 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 13:06:21.0968 2012 UPS - ok 13:06:22.0015 2012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:06:22.0265 2012 usbccgp - ok 13:06:22.0390 2012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:06:22.0718 2012 usbhub - ok 13:06:22.0750 2012 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:06:23.0015 2012 usbstor - ok 13:06:23.0031 2012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:06:23.0359 2012 usbuhci - ok 13:06:23.0515 2012 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 13:06:23.0984 2012 usbvideo - ok 13:06:24.0031 2012 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 13:06:24.0296 2012 usb_rndisx - ok 13:06:24.0390 2012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 13:06:24.0656 2012 VgaSave - ok 13:06:24.0671 2012 ViaIde - ok 13:06:24.0703 2012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 13:06:24.0968 2012 VolSnap - ok 13:06:25.0046 2012 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 13:06:25.0203 2012 VSS - ok 13:06:25.0250 2012 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 13:06:25.0546 2012 W32Time - ok 13:06:25.0593 2012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:06:25.0890 2012 Wanarp - ok 13:06:25.0906 2012 WDICA - ok 13:06:25.0937 2012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 13:06:26.0234 2012 wdmaud - ok 13:06:26.0281 2012 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 13:06:26.0656 2012 WebClient - ok 13:06:26.0718 2012 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 13:06:27.0015 2012 winmgmt - ok 13:06:27.0046 2012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 13:06:27.0093 2012 WmdmPmSN - ok 13:06:27.0218 2012 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll 13:06:27.0640 2012 Wmi - ok 13:06:27.0687 2012 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:06:28.0046 2012 WmiApSrv - ok 13:06:28.0046 2012 WMPNetworkSvc - ok 13:06:28.0218 2012 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 13:06:28.0250 2012 WpdUsb - ok 13:06:28.0265 2012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:06:28.0593 2012 WS2IFSL - ok 13:06:28.0640 2012 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 13:06:29.0046 2012 wscsvc - ok 13:06:29.0203 2012 WSIMD (8fede6cf2eb103ef1274ce2c9d8ee0e7) C:\WINDOWS\system32\DRIVERS\wsimd.sys 13:06:29.0218 2012 WSIMD - ok 13:06:29.0234 2012 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 13:06:29.0578 2012 wuauserv - ok 13:06:29.0609 2012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:06:29.0656 2012 WudfPf - ok 13:06:29.0703 2012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:06:29.0750 2012 WudfRd - ok 13:06:29.0781 2012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 13:06:29.0812 2012 WudfSvc - ok 13:06:29.0906 2012 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 13:06:30.0375 2012 WZCSVC - ok 13:06:30.0406 2012 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 13:06:30.0703 2012 xmlprov - ok 13:06:30.0734 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:06:32.0109 2012 \Device\Harddisk0\DR0 - ok 13:06:32.0109 2012 MBR (0x1B8) (f24b3ae7198b90414576e70e4c3af238) \Device\Harddisk1\DR1 13:06:32.0203 2012 \Device\Harddisk1\DR1 - ok 13:06:32.0203 2012 Boot (0x1200) (d7ea64ac27df0b7994fbbdd3ae4e6b2d) \Device\Harddisk0\DR0\Partition0 13:06:32.0203 2012 \Device\Harddisk0\DR0\Partition0 - ok 13:06:32.0218 2012 Boot (0x1200) (56ebb5112dded8224c2e104315e190e8) \Device\Harddisk1\DR1\Partition0 13:06:32.0218 2012 \Device\Harddisk1\DR1\Partition0 - ok 13:06:32.0218 2012 ============================================================ 13:06:32.0218 2012 Scan finished 13:06:32.0218 2012 ============================================================ 13:06:32.0343 0204 Detected object count: 3 13:06:32.0343 0204 Actual detected object count: 3 13:08:32.0109 0204 ACS ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:32.0109 0204 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:32.0109 0204 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:32.0109 0204 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:32.0109 0204 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:32.0109 0204 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:09:05.0390 3028 Deinitialize success -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Just FF, and also from a flash drive. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Just the Windows firewall - which I turned off before some of the install attempts, to no avail. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Tried and failed once more. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I really thought it was going to work this time, but after the upteenth fresh install but the first without updating, I opened the program and got that same error about the corrupt database. When I said no to the second download, I got an error box saying, "Product files are missing or corrupt. Please reinstall the product. PROGRAM_ERROR_LOAD_DATABASE (0, 2, SDKCreate)". I downloaded it on my other machine and it worked fine. I even copied the download from that box onto a flash drive and loaded it from there before joining the forum. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I didn't see the Cure option and I wasn't sure if I was supposed to delete these three files, so I skipped the step. I figured I could always run it again and delete them if you think they should go. 21:36:29.0406 2008 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31 21:36:30.0078 2008 ============================================================ 21:36:30.0078 2008 Current date / time: 2012/06/05 21:36:30.0078 21:36:30.0078 2008 SystemInfo: 21:36:30.0078 2008 21:36:30.0078 2008 OS Version: 5.1.2600 ServicePack: 3.0 21:36:30.0078 2008 Product type: Workstation 21:36:30.0093 2008 ComputerName: RKMEEE 21:36:30.0093 2008 UserName: User 21:36:30.0093 2008 Windows directory: C:\WINDOWS 21:36:30.0093 2008 System windows directory: C:\WINDOWS 21:36:30.0093 2008 Processor architecture: Intel x86 21:36:30.0093 2008 Number of processors: 1 21:36:30.0093 2008 Page size: 0x1000 21:36:30.0093 2008 Boot type: Normal boot 21:36:30.0093 2008 ============================================================ 21:36:36.0062 2008 Drive \Device\Harddisk0\DR0 - Size: 0xF07EC000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:36:36.0078 2008 Drive \Device\Harddisk1\DR1 - Size: 0x3C1FB0000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7AA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:36:36.0109 2008 ============================================================ 21:36:36.0109 2008 \Device\Harddisk0\DR0: 21:36:36.0109 2008 MBR partitions: 21:36:36.0109 2008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x77DE6A 21:36:36.0109 2008 \Device\Harddisk1\DR1: 21:36:36.0109 2008 MBR partitions: 21:36:36.0109 2008 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E0F2EB 21:36:36.0109 2008 ============================================================ 21:36:36.0109 2008 C: <-> \Device\Harddisk0\DR0\Partition0 21:36:36.0125 2008 D: <-> \Device\Harddisk1\DR1\Partition0 21:36:36.0125 2008 ============================================================ 21:36:36.0125 2008 Initialize success 21:36:36.0125 2008 ============================================================ 21:37:10.0593 3316 ============================================================ 21:37:10.0593 3316 Scan started 21:37:10.0609 3316 Mode: Manual; SigCheck; TDLFS; 21:37:10.0609 3316 ============================================================ 21:37:10.0937 3316 Abiosdsk - ok 21:37:10.0953 3316 abp480n5 - ok 21:37:11.0031 3316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:37:14.0062 3316 ACPI - ok 21:37:14.0078 3316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:37:14.0718 3316 ACPIEC - ok 21:37:14.0812 3316 ACS (34f47d90cba04fe11c9848c8c54274c1) C:\WINDOWS\system32\acs.exe 21:37:14.0953 3316 ACS ( UnsignedFile.Multi.Generic ) - warning 21:37:14.0953 3316 ACS - detected UnsignedFile.Multi.Generic (1) 21:37:15.0046 3316 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:37:15.0125 3316 AdobeFlashPlayerUpdateSvc - ok 21:37:15.0125 3316 adpu160m - ok 21:37:15.0187 3316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:37:15.0890 3316 aec - ok 21:37:15.0953 3316 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys 21:37:16.0453 3316 AFD - ok 21:37:16.0453 3316 Aha154x - ok 21:37:16.0484 3316 aic78u2 - ok 21:37:16.0515 3316 aic78xx - ok 21:37:16.0546 3316 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:37:17.0187 3316 Alerter - ok 21:37:17.0218 3316 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:37:17.0625 3316 ALG - ok 21:37:17.0640 3316 AliIde - ok 21:37:17.0671 3316 amsint - ok 21:37:17.0734 3316 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 21:37:18.0156 3316 AppMgmt - ok 21:37:18.0281 3316 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys 21:37:18.0437 3316 AR5211 ( UnsignedFile.Multi.Generic ) - warning 21:37:18.0437 3316 AR5211 - detected UnsignedFile.Multi.Generic (1) 21:37:18.0718 3316 AR5416 (6c21f270afec1e423c00e96d3bd234dc) C:\WINDOWS\system32\DRIVERS\athw.sys 21:37:19.0093 3316 AR5416 - ok 21:37:19.0109 3316 asc - ok 21:37:19.0140 3316 asc3350p - ok 21:37:19.0171 3316 asc3550 - ok 21:37:19.0234 3316 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:37:19.0281 3316 aspnet_state - ok 21:37:19.0296 3316 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 21:37:19.0359 3316 AsusACPI - ok 21:37:19.0390 3316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:37:20.0062 3316 AsyncMac - ok 21:37:20.0109 3316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:37:20.0781 3316 atapi - ok 21:37:20.0828 3316 AtcL002 (83ef26c44c53581bdb67866b922aed93) C:\WINDOWS\system32\DRIVERS\l251x86.sys 21:37:20.0875 3316 AtcL002 - ok 21:37:20.0890 3316 Atdisk - ok 21:37:20.0937 3316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:37:21.0640 3316 Atmarpc - ok 21:37:21.0671 3316 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:37:22.0375 3316 AudioSrv - ok 21:37:22.0406 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:37:23.0062 3316 audstub - ok 21:37:23.0093 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:37:23.0781 3316 Beep - ok 21:37:23.0906 3316 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:37:24.0781 3316 BITS - ok 21:37:24.0843 3316 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:37:25.0515 3316 Browser - ok 21:37:25.0531 3316 catchme - ok 21:37:25.0562 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:37:26.0265 3316 cbidf2k - ok 21:37:26.0281 3316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:37:26.0968 3316 CCDECODE - ok 21:37:26.0984 3316 cd20xrnt - ok 21:37:27.0031 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:37:27.0734 3316 Cdaudio - ok 21:37:27.0765 3316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:37:28.0468 3316 Cdfs - ok 21:37:28.0500 3316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:37:29.0250 3316 Cdrom - ok 21:37:29.0281 3316 Changer - ok 21:37:29.0296 3316 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:37:29.0984 3316 CiSvc - ok 21:37:30.0015 3316 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:37:30.0671 3316 ClipSrv - ok 21:37:30.0718 3316 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:37:30.0781 3316 clr_optimization_v2.0.50727_32 - ok 21:37:30.0812 3316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:37:31.0500 3316 CmBatt - ok 21:37:31.0515 3316 CmdIde - ok 21:37:31.0531 3316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:37:32.0250 3316 Compbatt - ok 21:37:32.0281 3316 COMSysApp - ok 21:37:32.0328 3316 Cpqarray - ok 21:37:32.0359 3316 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:37:33.0031 3316 CryptSvc - ok 21:37:33.0062 3316 dac2w2k - ok 21:37:33.0093 3316 dac960nt - ok 21:37:33.0234 3316 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll 21:37:34.0031 3316 DcomLaunch - ok 21:37:34.0171 3316 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:37:34.0984 3316 Dhcp - ok 21:37:35.0015 3316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:37:35.0828 3316 Disk - ok 21:37:35.0843 3316 dmadmin - ok 21:37:36.0046 3316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:37:36.0859 3316 dmboot - ok 21:37:36.0921 3316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:37:37.0578 3316 dmio - ok 21:37:37.0609 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:37:38.0281 3316 dmload - ok 21:37:38.0328 3316 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:37:38.0984 3316 dmserver - ok 21:37:39.0015 3316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:37:39.0671 3316 DMusic - ok 21:37:39.0718 3316 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 21:37:40.0421 3316 Dnscache - ok 21:37:40.0500 3316 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:37:41.0218 3316 Dot3svc - ok 21:37:41.0250 3316 dpti2o - ok 21:37:41.0265 3316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:37:41.0984 3316 drmkaud - ok 21:37:42.0015 3316 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:37:42.0890 3316 EapHost - ok 21:37:42.0906 3316 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:37:43.0578 3316 ERSvc - ok 21:37:43.0640 3316 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 21:37:44.0312 3316 Eventlog - ok 21:37:44.0406 3316 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll 21:37:45.0062 3316 EventSystem - ok 21:37:45.0125 3316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:37:45.0796 3316 Fastfat - ok 21:37:45.0843 3316 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 21:37:46.0515 3316 FastUserSwitchingCompatibility - ok 21:37:46.0546 3316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 21:37:47.0203 3316 Fdc - ok 21:37:47.0234 3316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:37:47.0968 3316 Fips - ok 21:37:48.0000 3316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:37:48.0796 3316 Flpydisk - ok 21:37:48.0859 3316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:37:50.0000 3316 FltMgr - ok 21:37:50.0046 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:37:50.0890 3316 Fs_Rec - ok 21:37:50.0968 3316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:37:51.0671 3316 Ftdisk - ok 21:37:51.0687 3316 getPlusHelper - ok 21:37:51.0718 3316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:37:52.0500 3316 Gpc - ok 21:37:52.0562 3316 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:37:53.0343 3316 HDAudBus - ok 21:37:53.0375 3316 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:37:54.0140 3316 helpsvc - ok 21:37:54.0187 3316 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 21:37:54.0859 3316 HidServ - ok 21:37:54.0890 3316 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:37:55.0593 3316 hidusb - ok 21:37:55.0625 3316 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:37:56.0343 3316 hkmsvc - ok 21:37:56.0343 3316 hpn - ok 21:37:56.0453 3316 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 21:37:58.0187 3316 HTTP - ok 21:37:58.0203 3316 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:37:59.0187 3316 HTTPFilter - ok 21:37:59.0203 3316 i2omgmt - ok 21:37:59.0218 3316 i2omp - ok 21:38:00.0218 3316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:38:01.0140 3316 i8042prt - ok 21:38:01.0734 3316 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:38:03.0359 3316 ialm - ok 21:38:03.0468 3316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:38:04.0562 3316 Imapi - ok 21:38:04.0656 3316 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:38:05.0296 3316 ImapiService - ok 21:38:05.0312 3316 ini910u - ok 21:38:07.0265 3316 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 21:38:08.0515 3316 IntcAzAudAddService - ok 21:38:08.0625 3316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:38:09.0578 3316 IntelIde - ok 21:38:09.0656 3316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:38:10.0453 3316 intelppm - ok 21:38:10.0500 3316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:38:11.0750 3316 Ip6Fw - ok 21:38:11.0781 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:38:12.0984 3316 IpFilterDriver - ok 21:38:13.0031 3316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:38:14.0046 3316 IpInIp - ok 21:38:14.0093 3316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:38:14.0765 3316 IpNat - ok 21:38:14.0796 3316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:38:15.0453 3316 IPSec - ok 21:38:15.0484 3316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:38:15.0843 3316 IRENUM - ok 21:38:15.0890 3316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:38:16.0562 3316 isapnp - ok 21:38:16.0593 3316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:38:17.0312 3316 Kbdclass - ok 21:38:17.0343 3316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:38:18.0578 3316 kbdhid - ok 21:38:18.0656 3316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:38:19.0312 3316 kmixer - ok 21:38:19.0343 3316 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 21:38:20.0015 3316 KSecDD - ok 21:38:20.0046 3316 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 21:38:21.0375 3316 LanmanServer - ok 21:38:21.0437 3316 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll 21:38:22.0187 3316 lanmanworkstation - ok 21:38:22.0203 3316 lbrtfdc - ok 21:38:22.0250 3316 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:38:23.0734 3316 LmHosts - ok 21:38:23.0765 3316 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 21:38:25.0812 3316 mbamchameleon - ok 21:38:25.0859 3316 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 21:38:25.0937 3316 MBAMSwissArmy - ok 21:38:25.0953 3316 MCSTRM - ok 21:38:26.0000 3316 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:38:26.0906 3316 Messenger - ok 21:38:26.0937 3316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:38:27.0640 3316 Modem - ok 21:38:27.0656 3316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:38:28.0296 3316 Mouclass - ok 21:38:28.0328 3316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:38:28.0984 3316 mouhid - ok 21:38:29.0015 3316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:38:29.0687 3316 MountMgr - ok 21:38:29.0703 3316 MozillaMaintenance - ok 21:38:29.0718 3316 mraid35x - ok 21:38:29.0812 3316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:38:31.0218 3316 MRxDAV - ok 21:38:31.0703 3316 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:38:32.0890 3316 MRxSmb - ok 21:38:32.0921 3316 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 21:38:33.0968 3316 MSDTC - ok 21:38:34.0000 3316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:38:34.0968 3316 Msfs - ok 21:38:34.0984 3316 MSIServer - ok 21:38:35.0015 3316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:38:35.0656 3316 MSKSSRV - ok 21:38:35.0671 3316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:38:36.0437 3316 MSPCLOCK - ok 21:38:36.0484 3316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:38:37.0296 3316 MSPQM - ok 21:38:37.0328 3316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:38:38.0968 3316 mssmbios - ok 21:38:38.0984 3316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:38:39.0875 3316 MSTEE - ok 21:38:39.0921 3316 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 21:38:40.0765 3316 Mup - ok 21:38:40.0796 3316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:38:41.0531 3316 NABTSFEC - ok 21:38:41.0609 3316 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:38:42.0312 3316 napagent - ok 21:38:42.0390 3316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:38:43.0156 3316 NDIS - ok 21:38:43.0171 3316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:38:44.0000 3316 NdisIP - ok 21:38:44.0015 3316 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:38:44.0906 3316 NdisTapi - ok 21:38:44.0937 3316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:38:45.0578 3316 Ndisuio - ok 21:38:45.0625 3316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:38:46.0234 3316 NdisWan - ok 21:38:46.0265 3316 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 21:38:46.0890 3316 NDProxy - ok 21:38:46.0921 3316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:38:47.0531 3316 NetBIOS - ok 21:38:47.0593 3316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:38:48.0218 3316 NetBT - ok 21:38:48.0265 3316 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:38:49.0046 3316 NetDDE - ok 21:38:49.0062 3316 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:38:49.0796 3316 NetDDEdsdm - ok 21:38:49.0828 3316 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:38:50.0609 3316 Netlogon - ok 21:38:50.0687 3316 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:38:51.0968 3316 Netman - ok 21:38:52.0093 3316 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll 21:38:52.0890 3316 Nla - ok 21:38:52.0906 3316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:38:54.0187 3316 Npfs - ok 21:38:54.0359 3316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:38:55.0093 3316 Ntfs - ok 21:38:55.0109 3316 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:38:55.0718 3316 NtLmSsp - ok 21:38:55.0828 3316 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:38:56.0687 3316 NtmsSvc - ok 21:38:56.0718 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:38:57.0437 3316 Null - ok 21:38:57.0484 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:38:58.0156 3316 NwlnkFlt - ok 21:38:58.0187 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:38:59.0031 3316 NwlnkFwd - ok 21:38:59.0093 3316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 21:38:59.0781 3316 Parport - ok 21:38:59.0812 3316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:39:00.0593 3316 PartMgr - ok 21:39:00.0625 3316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:39:01.0312 3316 ParVdm - ok 21:39:01.0343 3316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:39:02.0656 3316 PCI - ok 21:39:02.0671 3316 PCIDump - ok 21:39:02.0687 3316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 21:39:03.0265 3316 PCIIde - ok 21:39:03.0312 3316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:39:03.0921 3316 Pcmcia - ok 21:39:03.0968 3316 PDCOMP - ok 21:39:04.0046 3316 PDFRAME - ok 21:39:04.0093 3316 PDRELI - ok 21:39:04.0125 3316 PDRFRAME - ok 21:39:04.0156 3316 perc2 - ok 21:39:04.0187 3316 perc2hib - ok 21:39:04.0515 3316 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe 21:39:05.0281 3316 PlugPlay - ok 21:39:05.0296 3316 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:39:06.0000 3316 PolicyAgent - ok 21:39:06.0046 3316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:39:06.0984 3316 PptpMiniport - ok 21:39:07.0000 3316 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys 21:39:07.0031 3316 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning 21:39:07.0046 3316 PQNTDrv - detected UnsignedFile.Multi.Generic (1) 21:39:07.0046 3316 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:39:07.0734 3316 ProtectedStorage - ok 21:39:07.0765 3316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:39:08.0546 3316 PSched - ok 21:39:08.0578 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:39:09.0406 3316 Ptilink - ok 21:39:09.0453 3316 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:39:09.0500 3316 PxHelp20 - ok 21:39:09.0515 3316 ql1080 - ok 21:39:09.0546 3316 Ql10wnt - ok 21:39:09.0562 3316 ql12160 - ok 21:39:09.0593 3316 ql1240 - ok 21:39:09.0609 3316 ql1280 - ok 21:39:09.0640 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:39:10.0250 3316 RasAcd - ok 21:39:10.0421 3316 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:39:11.0734 3316 RasAuto - ok 21:39:11.0765 3316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:39:12.0421 3316 Rasl2tp - ok 21:39:12.0500 3316 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:39:13.0171 3316 RasMan - ok 21:39:13.0203 3316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:39:13.0796 3316 RasPppoe - ok 21:39:13.0828 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:39:14.0390 3316 Raspti - ok 21:39:14.0453 3316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:39:15.0046 3316 Rdbss - ok 21:39:15.0062 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:39:15.0640 3316 RDPCDD - ok 21:39:15.0703 3316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:39:16.0296 3316 rdpdr - ok 21:39:16.0421 3316 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 21:39:17.0171 3316 RDPWD - ok 21:39:17.0218 3316 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:39:17.0843 3316 RDSessMgr - ok 21:39:18.0031 3316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:39:18.0906 3316 redbook - ok 21:39:18.0937 3316 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:39:19.0718 3316 RemoteAccess - ok 21:39:19.0750 3316 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 21:39:20.0515 3316 RemoteRegistry - ok 21:39:20.0562 3316 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:39:21.0156 3316 RpcLocator - ok 21:39:22.0156 3316 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll 21:39:22.0859 3316 RpcSs - ok 21:39:22.0906 3316 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:39:23.0500 3316 RSVP - ok 21:39:23.0531 3316 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:39:24.0140 3316 SamSs - ok 21:39:24.0187 3316 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:39:24.0828 3316 SCardSvr - ok 21:39:24.0890 3316 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:39:25.0484 3316 Schedule - ok 21:39:25.0515 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:39:25.0875 3316 Secdrv - ok 21:39:25.0906 3316 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:39:26.0812 3316 seclogon - ok 21:39:26.0843 3316 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:39:27.0453 3316 SENS - ok 21:39:27.0500 3316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 21:39:28.0203 3316 Serial - ok 21:39:28.0218 3316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:39:28.0828 3316 Sfloppy - ok 21:39:28.0906 3316 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:39:29.0671 3316 SharedAccess - ok 21:39:29.0734 3316 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 21:39:30.0390 3316 ShellHWDetection - ok 21:39:30.0390 3316 Simbad - ok 21:39:30.0421 3316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:39:31.0281 3316 SLIP - ok 21:39:31.0296 3316 Sparrow - ok 21:39:31.0343 3316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:39:32.0140 3316 splitter - ok 21:39:32.0187 3316 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 21:39:32.0968 3316 Spooler - ok 21:39:33.0062 3316 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:39:33.0421 3316 Sr - ok 21:39:33.0484 3316 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:39:33.0875 3316 srservice - ok 21:39:33.0968 3316 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 21:39:35.0875 3316 Srv - ok 21:39:35.0921 3316 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:39:36.0328 3316 SSDPSRV - ok 21:39:36.0421 3316 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:39:37.0109 3316 stisvc - ok 21:39:37.0140 3316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:39:37.0781 3316 streamip - ok 21:39:37.0828 3316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:39:38.0375 3316 swenum - ok 21:39:38.0421 3316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:39:39.0000 3316 swmidi - ok 21:39:39.0031 3316 SwPrv - ok 21:39:39.0062 3316 symc810 - ok 21:39:39.0093 3316 symc8xx - ok 21:39:39.0109 3316 sym_hi - ok 21:39:39.0156 3316 sym_u3 - ok 21:39:39.0187 3316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:39:39.0781 3316 sysaudio - ok 21:39:39.0828 3316 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:39:40.0390 3316 SysmonLog - ok 21:39:40.0531 3316 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:39:41.0140 3316 TapiSrv - ok 21:39:41.0234 3316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:39:41.0812 3316 Tcpip - ok 21:39:41.0843 3316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:39:42.0390 3316 TDPIPE - ok 21:39:42.0421 3316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:39:42.0984 3316 TDTCP - ok 21:39:43.0046 3316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:39:43.0593 3316 TermDD - ok 21:39:43.0687 3316 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:39:44.0281 3316 TermService - ok 21:39:44.0343 3316 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 21:39:44.0921 3316 Themes - ok 21:39:44.0953 3316 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 21:39:45.0343 3316 TlntSvr - ok 21:39:45.0359 3316 TosIde - ok 21:39:45.0406 3316 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:39:46.0000 3316 TrkWks - ok 21:39:46.0062 3316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:39:46.0625 3316 Udfs - ok 21:39:46.0656 3316 ultra - ok 21:39:46.0765 3316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:39:47.0453 3316 Update - ok 21:39:47.0531 3316 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:39:47.0921 3316 upnphost - ok 21:39:47.0953 3316 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:39:48.0562 3316 UPS - ok 21:39:48.0609 3316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:39:49.0171 3316 usbccgp - ok 21:39:49.0218 3316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:39:49.0781 3316 usbhub - ok 21:39:49.0812 3316 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:39:50.0390 3316 usbstor - ok 21:39:50.0421 3316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:39:51.0000 3316 usbuhci - ok 21:39:51.0046 3316 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:39:51.0625 3316 usbvideo - ok 21:39:51.0656 3316 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 21:39:52.0250 3316 usb_rndisx - ok 21:39:52.0281 3316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:39:52.0843 3316 VgaSave - ok 21:39:52.0875 3316 ViaIde - ok 21:39:52.0906 3316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:39:53.0453 3316 VolSnap - ok 21:39:53.0546 3316 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:39:53.0937 3316 VSS - ok 21:39:54.0000 3316 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:39:54.0593 3316 W32Time - ok 21:39:54.0640 3316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:39:55.0218 3316 Wanarp - ok 21:39:55.0250 3316 WDICA - ok 21:39:55.0296 3316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:39:55.0875 3316 wdmaud - ok 21:39:55.0906 3316 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:39:56.0468 3316 WebClient - ok 21:39:56.0546 3316 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:39:57.0156 3316 winmgmt - ok 21:39:57.0218 3316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:39:57.0281 3316 WmdmPmSN - ok 21:39:57.0437 3316 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll 21:39:58.0203 3316 Wmi - ok 21:39:58.0265 3316 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:39:58.0859 3316 WmiApSrv - ok 21:39:58.0875 3316 WMPNetworkSvc - ok 21:39:58.0921 3316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 21:39:58.0984 3316 WpdUsb - ok 21:39:59.0015 3316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:39:59.0578 3316 WS2IFSL - ok 21:39:59.0640 3316 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:40:00.0187 3316 wscsvc - ok 21:40:00.0234 3316 WSIMD (8fede6cf2eb103ef1274ce2c9d8ee0e7) C:\WINDOWS\system32\DRIVERS\wsimd.sys 21:40:00.0281 3316 WSIMD - ok 21:40:00.0312 3316 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:40:00.0906 3316 wuauserv - ok 21:40:00.0953 3316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:40:01.0031 3316 WudfPf - ok 21:40:01.0062 3316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:40:01.0125 3316 WudfRd - ok 21:40:01.0156 3316 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:40:01.0234 3316 WudfSvc - ok 21:40:01.0359 3316 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:40:02.0046 3316 WZCSVC - ok 21:40:02.0109 3316 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:40:02.0703 3316 xmlprov - ok 21:40:02.0765 3316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 21:40:04.0093 3316 \Device\Harddisk0\DR0 - ok 21:40:04.0093 3316 MBR (0x1B8) (f24b3ae7198b90414576e70e4c3af238) \Device\Harddisk1\DR1 21:40:04.0203 3316 \Device\Harddisk1\DR1 - ok 21:40:04.0218 3316 Boot (0x1200) (d7ea64ac27df0b7994fbbdd3ae4e6b2d) \Device\Harddisk0\DR0\Partition0 21:40:04.0234 3316 \Device\Harddisk0\DR0\Partition0 - ok 21:40:04.0250 3316 Boot (0x1200) (56ebb5112dded8224c2e104315e190e8) \Device\Harddisk1\DR1\Partition0 21:40:04.0265 3316 \Device\Harddisk1\DR1\Partition0 - ok 21:40:04.0265 3316 ============================================================ 21:40:04.0281 3316 Scan finished 21:40:04.0281 3316 ============================================================ 21:40:04.0421 3704 Detected object count: 3 21:40:04.0421 3704 Actual detected object count: 3 21:41:31.0765 3704 ACS ( UnsignedFile.Multi.Generic ) - skipped by user 21:41:31.0765 3704 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:41:31.0765 3704 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user 21:41:31.0765 3704 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:41:31.0765 3704 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user 21:41:31.0765 3704 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Sorry - I did that right before I followed your prior instruction It installed and I got that same update messages: that it successfully updated from version 00.00.00.0 to today's version, and then that the database was corrupt and did I want to download a new copy. Download a new copy, same message. Then I followed your Chameleon suggestions and had the same update messages each and every time, plus a message that mbam had successfully run the scan and found no infection. Mbam immediately opened behind the message and showed that it had scanned 0 files. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Sigh. I wouldn't have minded all the tedium if it had yielded a positive result. Corrupt file, download another copy, access denied, scan found no infection after scanning zero (0) files. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I'm sorry - "clicking test"? Do you mean double-clicking every icon in the Chameleon folder to see if one works? -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I'm afraid not - I just got the same result that sent me here in the first place. Lather, rinse, repeat. -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
I have nothing plugged into my usb ports at the moment but my flash drive worked just fine yesterday. SystemLook 30.07.11 by jpshortstuff Log created at 14:44 on 05/06/2012 by User Administrator - Elevation successful ========== filefind ========== Searching for "usbehci.sys" No files found. -= EOF =- -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Thank you for coming to my rescue. Although I already knew how to do everything you explained how to do, I appreciate how good a teacher you are and how helpful that is when someone really has no idea at all what they are doing. I was very impressed. ComboFix 12-06-05.03 - User 06/05/2012 14:05:31.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.622 [GMT -4:00] Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe Command switches used :: d:\documents and settings\User\My Documents\Downloads\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\usbehci.sys . . . is missing!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ZNXRPR -------\Service_znxrpr . . ((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 ))))))))))))))))))))))))))))))) . . 2012-06-03 23:18 . 2012-06-03 23:18 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 22:46 . 2012-04-22 19:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-04 22:46 . 2011-05-16 18:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2003-04-24 19:49 . 2003-04-24 19:49 1119232 ----a-w- c:\program files\gpmonitor.exe 2003-04-24 19:48 . 2003-04-24 19:48 304128 ----a-w- c:\program files\tsscalling.exe 2003-04-24 19:48 . 2003-04-24 19:48 204288 ----a-w- c:\program files\fcsetup.exe 2003-04-18 22:08 . 2003-04-18 22:08 113664 ----a-w- c:\program files\lsview.exe 2003-04-18 22:08 . 2003-04-18 22:08 23552 ----a-w- c:\program files\tsctst.exe 2003-04-18 22:08 . 2003-04-18 22:08 12800 ----a-w- c:\program files\lsreport.exe 2003-04-18 22:08 . 2003-04-18 22:08 107008 ----a-w- c:\program files\mstlsapi.dll 2003-04-18 22:07 . 2003-04-18 22:07 29184 ----a-w- c:\program files\custreasonedit.exe 2003-04-18 22:07 . 2003-04-18 22:07 275436 ----a-w- c:\program files\samplereasons.reg 2003-04-18 22:07 . 2003-04-18 22:07 14336 ----a-w- c:\program files\pfmon.exe 2003-04-18 22:07 . 2003-04-18 22:07 68608 ----a-w- c:\program files\memtriage.exe 2003-04-18 22:07 . 2003-04-18 22:07 10752 ----a-w- c:\program files\pmon.exe 2003-04-18 22:07 . 2003-04-18 22:07 290816 ----a-w- c:\program files\msdis130.dll 2003-04-18 22:07 . 2003-04-18 22:07 487424 ----a-w- c:\program files\msvcp70.dll 2003-04-18 22:07 . 2003-04-18 22:07 344064 ----a-w- c:\program files\msvcr70.dll 2003-04-18 22:07 . 2003-04-18 22:07 9728 ----a-w- c:\program files\empty.exe 2003-04-18 22:07 . 2003-04-18 22:07 6656 ----a-w- c:\program files\tail.exe 2003-04-18 22:07 . 2003-04-18 22:07 15360 ----a-w- c:\program files\dvdburn.exe 2003-04-18 22:07 . 2003-04-18 22:07 13824 ----a-w- c:\program files\cdburn.exe 2003-04-18 22:07 . 2003-04-18 22:07 36864 ----a-w- c:\program files\regini.exe 2003-04-18 22:07 . 2003-04-18 22:07 13312 ----a-w- c:\program files\timeit.exe 2003-04-18 22:07 . 2003-04-18 22:07 33792 ----a-w- c:\program files\ntimer.exe 2003-04-18 22:07 . 2003-04-18 22:07 146432 ----a-w- c:\program files\oleview.exe 2003-04-18 22:07 . 2003-04-18 22:07 135680 ----a-w- c:\program files\iviewers.dll 2003-04-18 22:06 . 2003-04-18 22:06 38912 ----a-w- c:\program files\list.exe 2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\consume.exe 2003-04-18 22:06 . 2003-04-18 22:06 9728 ----a-w- c:\program files\clearmem.exe 2003-04-18 22:06 . 2003-04-18 22:06 102912 ----a-w- c:\program files\winpolicies.exe 2003-04-18 22:06 . 2003-04-18 22:06 58368 ----a-w- c:\program files\volrest.exe 2003-04-18 22:06 . 2003-04-18 22:06 37376 ----a-w- c:\program files\volperf.exe 2003-04-18 22:06 . 2003-04-18 22:06 12800 ----a-w- c:\program files\winexit.scr 2003-04-18 22:06 . 2003-04-18 22:06 9216 ----a-w- c:\program files\timezone.exe 2003-04-18 22:06 . 2003-04-18 22:06 83968 ----a-w- c:\program files\tccom.exe 2003-04-18 22:06 . 2003-04-18 22:06 7680 ----a-w- c:\program files\volperf.dll 2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\ssdformat.exe 2003-04-18 22:06 . 2003-04-18 22:06 248320 ----a-w- c:\program files\subinacl.exe 2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\srvany.exe 2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\srvcheck.exe 2003-04-18 22:06 . 2003-04-18 22:06 39936 ----a-w- c:\program files\srvinfo.exe 2003-04-18 22:06 . 2003-04-18 22:06 147456 ----a-w- c:\program files\sonar.exe 2003-04-18 22:06 . 2003-04-18 22:06 5120 ----a-w- c:\program files\sleep.exe 2003-04-18 22:06 . 2003-04-18 22:06 8192 ----a-w- c:\program files\rqc.exe 2003-04-18 22:06 . 2003-04-18 22:06 6144 ----a-w- c:\program files\rqsmsg.dll 2003-04-18 22:06 . 2003-04-18 22:06 33280 ----a-w- c:\program files\rpcping.exe 2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\rqs.exe 2003-04-18 22:06 . 2003-04-18 22:06 15872 ----a-w- c:\program files\showacls.exe 2003-04-18 22:06 . 2003-04-18 22:06 79872 ----a-w- c:\program files\robocopy.exe 2003-04-18 22:06 . 2003-04-18 22:06 44544 ----a-w- c:\program files\reportgen.exe 2003-04-18 22:06 . 2003-04-18 22:06 14336 ----a-w- c:\program files\rpcdump.exe 2003-04-18 22:06 . 2003-04-18 22:06 97280 ----a-w- c:\program files\prnadmin.dll 2003-04-18 22:06 . 2003-04-18 22:06 81408 ----a-w- c:\program files\rassrvmon.exe 2003-04-18 22:06 . 2003-04-18 22:06 19456 ----a-w- c:\program files\clusfileport.dll 2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\qgrep.exe 2003-04-18 22:06 . 2003-04-18 22:06 89088 ----a-w- c:\program files\printdriverinfo.exe 2003-04-18 22:06 . 2003-04-18 22:06 40960 ----a-w- c:\program files\setprinter.exe 2003-04-18 22:06 . 2003-04-18 22:06 16896 ----a-w- c:\program files\splinfo.exe 2003-04-18 22:06 . 2003-04-18 22:06 93696 ----a-w- c:\program files\cleanspl.exe 2003-04-18 22:06 . 2003-04-18 22:06 6656 ----a-w- c:\program files\pathman.exe 2003-04-18 22:06 . 2003-04-18 22:06 4608 ----a-w- c:\program files\permcopy.exe 2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\ntrights.exe 2003-04-18 22:06 . 2003-04-18 22:06 15360 ----a-w- c:\program files\perms.exe 2003-04-18 22:06 . 2003-04-18 22:06 32256 ----a-w- c:\program files\now.exe 2003-04-18 22:06 . 2003-04-18 22:06 304128 ----a-w- c:\program files\usrmgr.exe 2003-04-18 22:06 . 2003-04-18 22:06 20992 ----a-w- c:\program files\nlsinfo.exe 2003-04-18 22:06 . 2003-04-18 22:06 179200 ----a-w- c:\program files\srvmgr.exe 2003-04-18 22:05 . 2003-04-18 22:05 9728 ----a-w- c:\program files\mcast.exe 2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\memmonitor.exe 2003-04-18 22:05 . 2003-04-18 22:05 84992 ----a-w- c:\program files\krt.exe 2003-04-18 22:05 . 2003-04-18 22:05 52224 ----a-w- c:\program files\lockoutstatus.exe 2003-04-18 22:05 . 2003-04-18 22:05 4608 ----a-w- c:\program files\logtime.exe 2003-04-18 22:05 . 2003-04-18 22:05 35840 ----a-w- c:\program files\linkspeed.exe 2003-04-18 22:05 . 2003-04-18 22:05 11264 ----a-w- c:\program files\linkd.exe 2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\crutredir.dll 2003-04-18 22:05 . 2003-04-18 22:05 32256 ----a-w- c:\program files\instsrv.exe 2003-04-18 22:05 . 2003-04-18 22:05 29184 ----a-w- c:\program files\klist.exe 2003-04-18 22:05 . 2003-04-18 22:05 16384 ----a-w- c:\program files\iniman.exe 2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\ifmember.exe 2003-04-18 22:05 . 2003-04-18 22:05 22528 ----a-w- c:\program files\hlscan.exe 2003-04-18 22:05 . 2003-04-18 22:05 8704 ----a-w- c:\program files\instcm.exe 2003-04-18 22:05 . 2003-04-18 22:05 14336 ----a-w- c:\program files\getcm.exe 2003-04-18 22:05 . 2003-04-18 22:05 115712 ----a-w- c:\program files\eventcombmt.exe 2003-04-18 22:05 . 2003-04-18 22:05 16896 ----a-w- c:\program files\diskuse.exe 2003-04-18 22:05 . 2003-04-18 22:05 5632 ----a-w- c:\program files\creatfil.exe 2003-04-18 22:05 . 2003-04-18 22:05 34816 ----a-w- c:\program files\mqcatch.exe 2003-04-18 22:05 . 2003-04-18 22:05 31232 ----a-w- c:\program files\mqcast.exe 2003-04-18 22:05 . 2003-04-18 22:05 28672 ----a-w- c:\program files\chknic.exe 2003-04-18 22:05 . 2003-04-18 22:05 28160 ----a-w- c:\program files\cmgetcer.dll 2003-04-18 22:05 . 2003-04-18 22:05 364032 ----a-w- c:\program files\chklnks.exe 2003-04-18 22:05 . 2003-04-18 22:05 27648 ----a-w- c:\program files\instexnt.exe 2003-04-18 22:05 . 2003-04-18 22:05 7168 ----a-w- c:\program files\autoexnt.exe 2003-04-18 22:05 . 2003-04-18 22:05 39424 ----a-w- c:\program files\acctinfo.dll 2003-04-18 22:05 . 2003-04-18 22:05 28087 ----a-w- c:\program files\wlbs_rc.dll 2003-04-18 22:05 . 2003-04-18 22:05 27699 ----a-w- c:\program files\wlbs_hb.dll 2003-04-18 22:05 . 2003-04-18 22:05 528440 ----a-w- c:\program files\vfi.exe 2003-04-18 22:05 . 2003-04-18 22:05 168016 ----a-w- c:\program files\tcmon.exe 2003-04-18 22:03 . 2003-04-18 22:03 76288 ----a-w- c:\program files\rcontrolad.exe 2003-04-18 21:57 . 2003-04-18 21:57 180736 ----a-w- c:\program files\gpotool.exe 2003-04-18 21:55 . 2003-04-18 21:55 2560 ----a-w- c:\program files\servmess.dll 2012-04-26 04:04 . 2012-03-16 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-06-27 . 38D90B434AB4633500F11CD9B16D7D70 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-06-05_00.58.10 ))))))))))))))))))))))))))))))))))))))))) . - 2001-08-23 12:00 . 2012-06-01 03:11 59056 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2012-06-05 01:26 59056 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2012-06-05 01:26 393304 c:\windows\system32\perfh009.dat - 2001-08-23 12:00 . 2012-06-01 03:11 393304 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-08 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-08 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208] "AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2008-03-21 102400] "AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 544768] "RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112] "ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921] . c:\documents and settings\User\Start Menu\Programs\Startup\ EeeRotate.lnk - c:\program files\EeeRotate\EeeRotate.exe [2012-4-18 416223] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2011-1-6 118784] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 3:14 PM 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 12:04 AM 129976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 22:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.somerset.lib.nj.us/ TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8ocbmjjx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarter FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-05 14:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1454471165-448539723-515967899-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88271927-DFFA-6D60-28F8-D6FED12746D3}*] "malkcccdfgnflfibleafeaoehk"=hex:6b,61,67,66,62,6e,6c,61,61,65,6a,62,69,66,66, 64,63,6a,62,70,68,6d,00,00 "najmmbndpnbgecmapogohiidbgil"=hex:69,61,6a,66,6d,61,62,6c,6d,65,6b,6a,66,61, 64,6e,68,66,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3876) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxext.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-06-05 14:16:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-05 18:15 ComboFix2.txt 2012-06-05 01:01 . Pre-Run: 1,100,996,608 bytes free Post-Run: 1,019,731,968 bytes free . - - End Of File - - C3B661C792F5FB2D4F35E85EE5E8D9B4 -
Unable to download MBAM, probably infected
ziggywiggy replied to ziggywiggy's topic in Resolved Malware Removal Logs
Not surprisingly, I have no idea what the TCP file is. I can't locate that system32 file when I browse, and even did a file search on my entire hard drive which turned up nothing. The list goes straight from npptools.dll to nscompat.