Jump to content

alankelly

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I think everything is ok at this point, and I thank you once again for helping me work through this. Having said that, I would recommend the programmers at Malwarebytes examine the Folder Lock program more closely, and get in touch with the makers of it, to better understand what's going on. This way, they can decide either to ignore the results for it, or remove it if they deem it unsafe. After running every scan known to man (with your help, of course), I am feeling pretty confident that its safe to use, and added it back. I'll just ignore that set of results in the future. Consider this ticket closed. Thanks!
  2. I'll do that now, but I wanted to show you this first: My suspicion led me to think Folder Lock was the culprit, so I removed the program, and ran MBAM again. Guess what? Nothing showed up in the scan this time. See below: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.16.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 slow :: SLOW-A4E03E217B [administrator] 2/16/2012 10:32:16 AM mbam-log-2012-02-16 (10-32-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203457 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Guess the culprit has been found. I'm logging off for a while now to run that scan you requested. I'll be back with the results in a few.
  3. Yes, I was able to save this file in that directory. I expected it to ask me if I wanted to overwrite the existing file named that, but it didn't.... further making me think it doesn't exist in the first place.
  4. That's just it: other than the MBAM detections, the PC seems to be running as normal as can be -- which is why I'm so puzzled over it. Still, with MBAM telling me that it keeps finding backdoor bots and trojans on each scan, and then not actually removing them seems odd. It's as if the don't actually exist. I can go to the folders where they supposedly reside, and there's nothing there. Not sure if it would help, but I thought about removing the files I have listed there (temporarily putting them somewhere else), and using something to scrub/overwrite the free space created and see what happens. Do any security programs that you know of use this (listing malware that isn't there) as a trick to hide legitimate stuff in plain sight? It would seem to be brilliant and effective way to deter snooping eyes, I would think. Just tossing ideas out there for you to mull over. I'm using Trucrypt (currently turned off), Malwarebytes, SpywareDoctor, Zone Alarm, and Folder Lock. I've searched the Internet and found nothing of the sort related to these programs so far, but I'm no expert.
  5. I ran the ESET Online Scanner as requested, and it said there were no threats to remove. At first, I didn't think it created a log, then I found it under program files for ESET itself. # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1c72764a454b454cb4687712709e8c85 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-15 10:02:22 # local_time=2012-02-15 05:02:22 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2560 16777191 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 4 7316923 7316923 0 0 # scanned=53234 # found=0 # cleaned=0 # scan_time=2588 I will say that Spyware Doctor found 22 items after running the other programs you requested. I'm guessing they are false positives caused by the programs, but figured I'd include it for you to look over just in case. 2/14/2012 6:02:33 PM:812 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance 2/14/2012 6:02:34 PM:0 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service 2/14/2012 6:02:34 PM:0 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy 2/14/2012 6:02:34 PM:15 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags 2/14/2012 6:02:34 PM:15 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class 2/14/2012 6:02:34 PM:15 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID 2/14/2012 6:02:34 PM:31 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc 2/14/2012 6:02:34 PM:31 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities 2/14/2012 6:02:34 PM:78 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService 2/14/2012 6:02:34 PM:312 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control 2/14/2012 6:02:34 PM:312 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000 2/14/2012 6:02:34 PM:312 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME 2/14/2012 6:02:34 PM:484 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type 2/14/2012 6:02:34 PM:500 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl 2/14/2012 6:02:34 PM:515 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start 2/14/2012 6:02:34 PM:515 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath 2/14/2012 6:02:34 PM:515 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group 2/14/2012 6:02:34 PM:546 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0 2/14/2012 6:02:34 PM:546 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count 2/14/2012 6:02:34 PM:546 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance 2/14/2012 6:02:34 PM:546 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum 2/14/2012 6:02:34 PM:546 Infection was detected on this computer Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme 2/14/2012 6:08:51 PM:0 Scan Finished Scan Type - Intelli-Scan Items Processed - 509188 Threats Detected - 1 Infections Detected - 22 2/14/2012 6:09:06 PM:531 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme 2/14/2012 6:09:06 PM:546 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum 2/14/2012 6:09:06 PM:546 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance 2/14/2012 6:09:06 PM:546 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count 2/14/2012 6:09:06 PM:546 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0 2/14/2012 6:09:06 PM:562 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group 2/14/2012 6:09:06 PM:562 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath 2/14/2012 6:09:06 PM:562 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start 2/14/2012 6:09:06 PM:562 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl 2/14/2012 6:09:06 PM:578 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type 2/14/2012 6:09:06 PM:578 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME 2/14/2012 6:09:06 PM:578 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000 2/14/2012 6:09:06 PM:593 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control 2/14/2012 6:09:06 PM:593 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService 2/14/2012 6:09:06 PM:593 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities 2/14/2012 6:09:06 PM:593 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc 2/14/2012 6:09:06 PM:593 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID 2/14/2012 6:09:06 PM:609 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class 2/14/2012 6:09:06 PM:609 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags 2/14/2012 6:09:06 PM:609 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy 2/14/2012 6:09:06 PM:609 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service 2/14/2012 6:09:06 PM:703 Infection quarantined Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance 2/14/2012 6:09:06 PM:859 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service 2/14/2012 6:09:06 PM:875 Infection cleaned Threat Name - Trojan-Downloader.Murlo Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance 2/14/2012 6:09:09 PM:93 Infections Quarantined/Removed Summary Quarantined - 22 Quarantine Failed - 0 Removed - 22 Remove Failed - 0
  6. Hello again, I updated and ran Malwarebytes twice last night before I went to bed, and each time it found the items, and told me to reboot to continue removing them. However, it doesn't seem like they were actually removed, since they show up again on the next immediate scan. I won't be able to get back to the infected PC until later this afternoon, but I'll be sure to return with updated logs as requested.
  7. Hello, and thanks for the warm welcome and your help. Yes, I have run Malwarebytes several times over the past few days, each time letting it clean up the items following a reboot, as it requests. I have also previously scanned my PC using Spyware Doctor, Kapersky's Online Scanner, Trend Micro's House Call, and Hitman Pro. Each has found nothing out of the ordinary. It's only Malwarebytes that's showing anything. However, if I run my PC is safe-mode, nothing shows up for Malwarebytes either. Below is the info you requested: 11:53:50.0484 6044 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52 11:53:50.0968 6044 ============================================================ 11:53:50.0968 6044 Current date / time: 2012/02/14 11:53:50.0968 11:53:50.0968 6044 SystemInfo: 11:53:50.0968 6044 11:53:50.0968 6044 OS Version: 5.1.2600 ServicePack: 3.0 11:53:50.0968 6044 Product type: Workstation 11:53:50.0968 6044 ComputerName: SLOW-A4E03E217B 11:53:50.0968 6044 UserName: slow 11:53:50.0968 6044 Windows directory: C:\WINDOWS 11:53:50.0968 6044 System windows directory: C:\WINDOWS 11:53:50.0968 6044 Processor architecture: Intel x86 11:53:50.0968 6044 Number of processors: 2 11:53:50.0968 6044 Page size: 0x1000 11:53:50.0968 6044 Boot type: Normal boot 11:53:50.0968 6044 ============================================================ 11:53:51.0328 6044 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:53:51.0453 6044 \Device\Harddisk0\DR0: 11:53:51.0453 6044 MBR used 11:53:51.0453 6044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC 11:53:51.0484 6044 Initialize success 11:53:51.0484 6044 ============================================================ 11:54:02.0468 6120 ============================================================ 11:54:02.0468 6120 Scan started 11:54:02.0468 6120 Mode: Manual; 11:54:02.0468 6120 ============================================================ 11:54:02.0906 6120 Abiosdsk - ok 11:54:02.0906 6120 abp480n5 - ok 11:54:02.0984 6120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:54:02.0984 6120 ACPI - ok 11:54:03.0031 6120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:54:03.0031 6120 ACPIEC - ok 11:54:03.0046 6120 adpu160m - ok 11:54:03.0078 6120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:54:03.0093 6120 aec - ok 11:54:03.0156 6120 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 11:54:03.0156 6120 AFD - ok 11:54:03.0171 6120 Aha154x - ok 11:54:03.0187 6120 aic78u2 - ok 11:54:03.0203 6120 aic78xx - ok 11:54:03.0281 6120 AliIde - ok 11:54:03.0296 6120 amsint - ok 11:54:03.0406 6120 ArcSoftKsUFilter (35a6a419d7526f5cf824afb23afa08d6) C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys 11:54:03.0406 6120 ArcSoftKsUFilter - ok 11:54:03.0406 6120 asc - ok 11:54:03.0421 6120 asc3350p - ok 11:54:03.0437 6120 asc3550 - ok 11:54:03.0500 6120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:54:03.0500 6120 AsyncMac - ok 11:54:03.0593 6120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 11:54:03.0593 6120 atapi - ok 11:54:03.0609 6120 Atdisk - ok 11:54:03.0656 6120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:54:03.0656 6120 Atmarpc - ok 11:54:03.0750 6120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:54:03.0750 6120 audstub - ok 11:54:03.0828 6120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:54:03.0828 6120 Beep - ok 11:54:03.0906 6120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:54:03.0906 6120 cbidf2k - ok 11:54:03.0984 6120 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 11:54:03.0984 6120 CCDECODE - ok 11:54:04.0031 6120 cd20xrnt - ok 11:54:04.0078 6120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:54:04.0093 6120 Cdaudio - ok 11:54:04.0156 6120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:54:04.0156 6120 Cdfs - ok 11:54:04.0250 6120 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:54:04.0250 6120 Cdrom - ok 11:54:04.0281 6120 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 11:54:04.0296 6120 cercsr6 - ok 11:54:04.0296 6120 Changer - ok 11:54:04.0312 6120 CmdIde - ok 11:54:04.0328 6120 Cpqarray - ok 11:54:04.0343 6120 dac2w2k - ok 11:54:04.0359 6120 dac960nt - ok 11:54:04.0453 6120 DCamUSBNovatek (ec6a07269d3762931f21f048f0a7875d) C:\WINDOWS\system32\Drivers\nvtcam.sys 11:54:04.0484 6120 DCamUSBNovatek - ok 11:54:04.0546 6120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:54:04.0546 6120 Disk - ok 11:54:04.0593 6120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:54:04.0593 6120 dmboot - ok 11:54:04.0656 6120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:54:04.0656 6120 dmio - ok 11:54:04.0718 6120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:54:04.0718 6120 dmload - ok 11:54:04.0812 6120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:54:04.0828 6120 DMusic - ok 11:54:04.0859 6120 dpti2o - ok 11:54:04.0921 6120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:54:04.0921 6120 drmkaud - ok 11:54:05.0031 6120 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 11:54:05.0046 6120 e1express - ok 11:54:05.0140 6120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:54:05.0140 6120 Fastfat - ok 11:54:05.0203 6120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 11:54:05.0203 6120 Fdc - ok 11:54:05.0234 6120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:54:05.0250 6120 Fips - ok 11:54:05.0281 6120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 11:54:05.0281 6120 Flpydisk - ok 11:54:05.0343 6120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:54:05.0359 6120 FltMgr - ok 11:54:05.0375 6120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:54:05.0390 6120 Fs_Rec - ok 11:54:05.0390 6120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:54:05.0390 6120 Ftdisk - ok 11:54:05.0453 6120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 11:54:05.0453 6120 GEARAspiWDM - ok 11:54:05.0484 6120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:54:05.0484 6120 Gpc - ok 11:54:05.0562 6120 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:54:05.0562 6120 HDAudBus - ok 11:54:05.0625 6120 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:54:05.0625 6120 hidusb - ok 11:54:05.0656 6120 hpn - ok 11:54:05.0687 6120 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 11:54:05.0687 6120 HSFHWBS2 - ok 11:54:05.0718 6120 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 11:54:05.0781 6120 HSF_DP - ok 11:54:05.0843 6120 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:54:05.0843 6120 HTTP - ok 11:54:05.0875 6120 i2omgmt - ok 11:54:05.0890 6120 i2omp - ok 11:54:05.0984 6120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 11:54:06.0000 6120 i8042prt - ok 11:54:06.0078 6120 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys 11:54:06.0078 6120 iastor - ok 11:54:06.0203 6120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:54:06.0203 6120 Imapi - ok 11:54:06.0250 6120 ini910u - ok 11:54:06.0281 6120 IntelIde - ok 11:54:06.0328 6120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 11:54:06.0328 6120 intelppm - ok 11:54:06.0421 6120 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:54:06.0421 6120 Ip6Fw - ok 11:54:06.0515 6120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:54:06.0515 6120 IpFilterDriver - ok 11:54:06.0578 6120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:54:06.0578 6120 IpInIp - ok 11:54:06.0656 6120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:54:06.0671 6120 IpNat - ok 11:54:06.0750 6120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:54:06.0750 6120 IPSec - ok 11:54:06.0781 6120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:54:06.0781 6120 IRENUM - ok 11:54:06.0796 6120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:54:06.0796 6120 isapnp - ok 11:54:06.0937 6120 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 11:54:06.0937 6120 ISWKL - ok 11:54:06.0968 6120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:54:06.0984 6120 Kbdclass - ok 11:54:07.0031 6120 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 11:54:07.0031 6120 kbdhid - ok 11:54:07.0109 6120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:54:07.0109 6120 kmixer - ok 11:54:07.0218 6120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:54:07.0218 6120 KSecDD - ok 11:54:07.0250 6120 lbrtfdc - ok 11:54:07.0359 6120 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 11:54:07.0359 6120 mdmxsdk - ok 11:54:07.0421 6120 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 11:54:07.0437 6120 MHNDRV - ok 11:54:07.0531 6120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:54:07.0531 6120 mnmdd - ok 11:54:07.0625 6120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:54:07.0625 6120 Modem - ok 11:54:07.0687 6120 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 11:54:07.0687 6120 MODEMCSA - ok 11:54:07.0750 6120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:54:07.0750 6120 Mouclass - ok 11:54:07.0781 6120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 11:54:07.0781 6120 mouhid - ok 11:54:07.0796 6120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:54:07.0796 6120 MountMgr - ok 11:54:07.0796 6120 mraid35x - ok 11:54:07.0859 6120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:54:07.0859 6120 MRxDAV - ok 11:54:07.0953 6120 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:54:07.0953 6120 MRxSmb - ok 11:54:08.0000 6120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:54:08.0000 6120 Msfs - ok 11:54:08.0109 6120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:54:08.0109 6120 MSKSSRV - ok 11:54:08.0187 6120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:54:08.0187 6120 MSPCLOCK - ok 11:54:08.0218 6120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:54:08.0218 6120 MSPQM - ok 11:54:08.0296 6120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:54:08.0296 6120 mssmbios - ok 11:54:08.0406 6120 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 11:54:08.0406 6120 MSTEE - ok 11:54:08.0484 6120 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 11:54:08.0484 6120 Mup - ok 11:54:08.0531 6120 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 11:54:08.0546 6120 NABTSFEC - ok 11:54:08.0640 6120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:54:08.0640 6120 NDIS - ok 11:54:08.0734 6120 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 11:54:08.0734 6120 NdisIP - ok 11:54:08.0812 6120 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:54:08.0812 6120 NdisTapi - ok 11:54:08.0890 6120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:54:08.0890 6120 Ndisuio - ok 11:54:08.0953 6120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:54:08.0953 6120 NdisWan - ok 11:54:09.0015 6120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 11:54:09.0015 6120 NDProxy - ok 11:54:09.0031 6120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:54:09.0031 6120 NetBIOS - ok 11:54:09.0093 6120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:54:09.0093 6120 NetBT - ok 11:54:09.0125 6120 NEWDRIVER (2bd447aa9488959a76508e5f78619fe4) C:\WINDOWS\system32\WinVDEdrv6.sys 11:54:09.0140 6120 NEWDRIVER - ok 11:54:09.0156 6120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:54:09.0156 6120 Npfs - ok 11:54:09.0187 6120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:54:09.0203 6120 Ntfs - ok 11:54:09.0250 6120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:54:09.0265 6120 Null - ok 11:54:09.0656 6120 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 11:54:09.0984 6120 nv - ok 11:54:10.0093 6120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:54:10.0109 6120 NwlnkFlt - ok 11:54:10.0156 6120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:54:10.0156 6120 NwlnkFwd - ok 11:54:10.0234 6120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 11:54:10.0234 6120 Parport - ok 11:54:10.0328 6120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:54:10.0328 6120 PartMgr - ok 11:54:10.0421 6120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:54:10.0437 6120 ParVdm - ok 11:54:10.0484 6120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:54:10.0484 6120 PCI - ok 11:54:10.0531 6120 PCIDump - ok 11:54:10.0562 6120 PCIIde - ok 11:54:10.0609 6120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:54:10.0609 6120 Pcmcia - ok 11:54:10.0703 6120 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys 11:54:10.0703 6120 PCTBD - ok 11:54:10.0796 6120 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys 11:54:10.0796 6120 PCTCore - ok 11:54:10.0843 6120 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys 11:54:10.0843 6120 pctDS - ok 11:54:10.0890 6120 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys 11:54:10.0906 6120 pctEFA - ok 11:54:10.0953 6120 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\WINDOWS\system32\drivers\pctgntdi.sys 11:54:10.0953 6120 pctgntdi - ok 11:54:11.0000 6120 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\WINDOWS\system32\drivers\pctplsg.sys 11:54:11.0000 6120 pctplsg - ok 11:54:11.0062 6120 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\WINDOWS\system32\Drivers\PCTSD.sys 11:54:11.0062 6120 PCTSD - ok 11:54:11.0093 6120 PDCOMP - ok 11:54:11.0171 6120 PDFRAME - ok 11:54:11.0203 6120 PDRELI - ok 11:54:11.0234 6120 PDRFRAME - ok 11:54:11.0265 6120 perc2 - ok 11:54:11.0296 6120 perc2hib - ok 11:54:11.0390 6120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:54:11.0390 6120 PptpMiniport - ok 11:54:11.0406 6120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:54:11.0421 6120 PSched - ok 11:54:11.0437 6120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:54:11.0453 6120 Ptilink - ok 11:54:11.0515 6120 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 11:54:11.0515 6120 PxHelp20 - ok 11:54:11.0531 6120 ql1080 - ok 11:54:11.0562 6120 Ql10wnt - ok 11:54:11.0593 6120 ql12160 - ok 11:54:11.0593 6120 ql1240 - ok 11:54:11.0640 6120 ql1280 - ok 11:54:11.0703 6120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:54:11.0703 6120 RasAcd - ok 11:54:11.0781 6120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:54:11.0796 6120 Rasl2tp - ok 11:54:11.0828 6120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:54:11.0828 6120 RasPppoe - ok 11:54:11.0859 6120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:54:11.0859 6120 Raspti - ok 11:54:11.0937 6120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:54:11.0953 6120 Rdbss - ok 11:54:11.0984 6120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:54:11.0984 6120 RDPCDD - ok 11:54:12.0062 6120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:54:12.0062 6120 rdpdr - ok 11:54:12.0156 6120 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 11:54:12.0156 6120 RDPWD - ok 11:54:12.0203 6120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:54:12.0218 6120 redbook - ok 11:54:12.0296 6120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:54:12.0296 6120 Secdrv - ok 11:54:12.0359 6120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 11:54:12.0359 6120 Serial - ok 11:54:12.0453 6120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:54:12.0453 6120 Sfloppy - ok 11:54:12.0484 6120 Simbad - ok 11:54:12.0578 6120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 11:54:12.0578 6120 SLIP - ok 11:54:12.0593 6120 Sparrow - ok 11:54:12.0656 6120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:54:12.0656 6120 splitter - ok 11:54:12.0765 6120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:54:12.0765 6120 sr - ok 11:54:12.0859 6120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 11:54:12.0859 6120 Srv - ok 11:54:12.0953 6120 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys 11:54:12.0953 6120 StarOpen - ok 11:54:13.0078 6120 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 11:54:13.0156 6120 STHDA - ok 11:54:13.0234 6120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 11:54:13.0234 6120 streamip - ok 11:54:13.0312 6120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:54:13.0312 6120 swenum - ok 11:54:13.0375 6120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:54:13.0390 6120 swmidi - ok 11:54:13.0390 6120 symc810 - ok 11:54:13.0406 6120 symc8xx - ok 11:54:13.0421 6120 sym_hi - ok 11:54:13.0421 6120 sym_u3 - ok 11:54:13.0453 6120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:54:13.0453 6120 sysaudio - ok 11:54:13.0531 6120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:54:13.0531 6120 Tcpip - ok 11:54:13.0578 6120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:54:13.0578 6120 TDPIPE - ok 11:54:13.0625 6120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:54:13.0625 6120 TDTCP - ok 11:54:13.0640 6120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:54:13.0656 6120 TermDD - ok 11:54:13.0718 6120 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys 11:54:13.0718 6120 tffsport - ok 11:54:13.0734 6120 TosIde - ok 11:54:13.0796 6120 truecrypt (746b8cf9cededdd865472544edf626da) C:\WINDOWS\system32\drivers\truecrypt.sys 11:54:13.0796 6120 truecrypt - ok 11:54:13.0843 6120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:54:13.0843 6120 Udfs - ok 11:54:13.0875 6120 ultra - ok 11:54:14.0015 6120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:54:14.0031 6120 Update - ok 11:54:14.0125 6120 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 11:54:14.0125 6120 usbaudio - ok 11:54:14.0203 6120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:54:14.0218 6120 usbccgp - ok 11:54:14.0265 6120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:54:14.0265 6120 usbehci - ok 11:54:14.0343 6120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:54:14.0359 6120 usbhub - ok 11:54:14.0359 6120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:54:14.0375 6120 usbprint - ok 11:54:14.0375 6120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:54:14.0375 6120 usbscan - ok 11:54:14.0421 6120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:54:14.0421 6120 USBSTOR - ok 11:54:14.0484 6120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:54:14.0484 6120 usbuhci - ok 11:54:14.0515 6120 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 11:54:14.0531 6120 usbvideo - ok 11:54:14.0562 6120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:54:14.0562 6120 VgaSave - ok 11:54:14.0578 6120 ViaIde - ok 11:54:14.0593 6120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:54:14.0593 6120 VolSnap - ok 11:54:14.0671 6120 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys 11:54:14.0687 6120 Vsdatant - ok 11:54:14.0796 6120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:54:14.0812 6120 Wanarp - ok 11:54:14.0890 6120 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 11:54:14.0890 6120 Wdf01000 - ok 11:54:14.0937 6120 WDICA - ok 11:54:15.0015 6120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:54:15.0031 6120 wdmaud - ok 11:54:15.0125 6120 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 11:54:15.0140 6120 winachsf - ok 11:54:15.0250 6120 WinFLAdrv (c356f8dd63fc2e95216a184e6ef16800) C:\WINDOWS\system32\WinFLAdrv.sys 11:54:15.0250 6120 WinFLAdrv - ok 11:54:15.0328 6120 WinVDEDrv (8a81839d1dddd19a5f450c754f00c0a6) C:\WINDOWS\system32\WinVDEdrv.sys 11:54:15.0343 6120 WinVDEDrv - ok 11:54:15.0468 6120 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 11:54:15.0468 6120 WS2IFSL - ok 11:54:15.0531 6120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 11:54:15.0531 6120 WSTCODEC - ok 11:54:15.0625 6120 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys 11:54:15.0625 6120 xusb21 - ok 11:54:15.0656 6120 MBR (0x1B8) (6b439cd231be7dac2bc4cb4031ea89b8) \Device\Harddisk0\DR0 11:54:15.0843 6120 \Device\Harddisk0\DR0 - ok 11:54:15.0843 6120 Boot (0x1200) (44832122e200528c36a99cf075b8e059) \Device\Harddisk0\DR0\Partition0 11:54:15.0843 6120 \Device\Harddisk0\DR0\Partition0 - ok 11:54:15.0843 6120 ============================================================ 11:54:15.0843 6120 Scan finished 11:54:15.0843 6120 ============================================================ 11:54:15.0859 6112 Detected object count: 0 11:54:15.0859 6112 Actual detected object count: 0 11:54:32.0296 6032 Deinitialize success In addition, I'm including the RogueKiller report I ran after seeing that it is sometimes requested here. RogueKiller V7.0.4 [02/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: slow [Admin rights] Mode: Scan -- Date : 02/14/2012 09:41:59 ¤¤¤ Bad processes: 1 ¤¤¤ [RANDOMNAME] WinFLTray.exe -- C:\WINDOWS\system32\WinFLTray.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [RANDOMNAME] HKCU\[...]\Run : WinFLTray (C:\WINDOWS\system32\WinFLTray.exe) -> FOUND [RANDOMNAME] HKUS\S-1-5-21-606747145-152049171-725345543-1003[...]\Run : WinFLTray (C:\WINDOWS\system32\WinFLTray.exe) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160812AS +++++ --- User --- [MBR] 96d58796bb338c1af035b092feb6d5bd [bSP] bff7eaa5450f5f9bbd73f8b9c38d08b1 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt On a side note: The FL program that Rogue is mentioning is called Folder Lock http://www.newsoftwares.net/folderlock/ and I use that on purpose.
  8. Hello, and thanks ahead of time for your help. I first noticed this after trying to find previous episodes of Merlin online (Great show, by the way!), that I had missed from season 4. Here's what Malwarebytes says is on my PC, but I can't seem to find the files when I look for them. Wondering if this is some sort of false-positive, or if I'm infected. Either way, I'd like to get rid of it if possible. Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254925 Time elapsed: 42 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 12 c:\documents and settings\slow\my documents\my videos\pulgfile.log (Malware.Trace) -> No action taken. c:\documents and settings\slow\my documents\my pictures\aweks.pikz (Backdoor.Bot) -> No action taken. c:\documents and settings\slow\my documents\my pictures\my pictures.exe (Worm.AutoRun) -> No action taken. c:\documents and settings\slow\my documents\my pictures\my pictures.url (Trojan.Zlob) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\water lilies.exe (Trojan.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\sample pictures\winter.exe (Trojan.Xanib) -> No action taken. c:\documents and settings\slow\my documents\my pictures\seram.pikz (Backdoor.Bot) -> No action taken. c:\documents and settings\slow\my documents\my videos\my video.url (Trojan.Zlob) -> No action taken. (end) Once again, I thank you for your help. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.