Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KWM Diagnostics


  • This topic is locked This topic is locked
28 replies to this topic

#1 breitert

breitert

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 06 November 2010 - 01:36 PM

Attached File  Attach.txt   12.81KB   0 downloadsAttached File  ark.log   1.69KB   1 downloadsNot sure what the issue is -I have Malwarebyte and McAfee both running. McAfee keeps returning the error that real time scanning has been shut off and I have run Combofix many times before , but now it stops after doing a registry backup. Here is the dds.txt

DS (Ver_10-11-05.01) - NTFSx86
Run by breitert at 9:19:03.70 on Sat 11/06/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1196 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\breitert.BREITERTECHNOLO\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\vssvc.exe
C:\Users\breitert.BREITERTECHNOLO\Desktop\dds.scr
C:\Windows\system32\msfeedssync.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100919050904.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-17 386840]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-12-24 24064]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-3-17 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-3-17 164840]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-10 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-23 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-17 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-17 141792]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-17 55840]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-12-24 176640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-10 20952]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-17 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-17 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-17 312904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-17 84264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-06 12:00:17 -------- d-s---w- C:\ComboFix
2010-11-06 11:57:59 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-05 08:53:55 -------- d-----w- c:\program files\Bing Bar Installer
2010-11-05 08:35:36 98816 ----a-w- c:\windows\sed.exe
2010-11-05 08:35:36 256512 ----a-w- c:\windows\PEV.exe
2010-11-05 07:20:03 -------- d-----w- c:\users\breite~1.bre\appdata\local\Secunia PSI
2010-11-05 07:19:58 -------- d-----w- c:\program files\Secunia
2010-10-25 09:52:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-25 09:43:27 -------- d-----w- c:\windows\en
2010-10-25 09:43:00 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-25 09:36:28 15712 ----a-w- c:\program files\common files\windows live\.cache\1905a6c01cb74280b\MeshBetaRemover.exe
2010-10-25 09:36:27 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-25 09:36:27 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-25 09:36:27 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-25 09:36:17 94040 ----a-w- c:\program files\common files\windows live\.cache\120b827f1cb74280a\DSETUP.dll
2010-10-25 09:36:17 525656 ----a-w- c:\program files\common files\windows live\.cache\120b827f1cb74280a\DXSETUP.exe
2010-10-25 09:36:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\120b827f1cb74280a\dsetup32.dll
2010-10-25 09:36:15 94040 ----a-w- c:\program files\common files\windows live\.cache\107e4fda1cb742809\DSETUP.dll
2010-10-25 09:36:15 525656 ----a-w- c:\program files\common files\windows live\.cache\107e4fda1cb742809\DXSETUP.exe
2010-10-25 09:36:15 1691480 ----a-w- c:\program files\common files\windows live\.cache\107e4fda1cb742809\dsetup32.dll
2010-10-25 09:35:24 -------- d-----w- c:\users\breite~1.bre\appdata\local\Windows Live
2010-10-25 09:33:36 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-17 20:38:11 -------- d-----w- C:\HP_CLJ_3600_Installer_English
2010-10-17 18:15:26 -------- d-----w- c:\users\breite~1.bre\appdata\roaming\BACS.exe
2010-10-14 04:46:33 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 04:46:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 04:46:06 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 04:46:06 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 04:46:06 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 04:46:05 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 04:46:05 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 04:44:59 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-10 15:28:36 -------- d-----w- c:\users\breite~1.bre\appdata\roaming\Malwarebytes
2010-10-10 15:28:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 15:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-10 15:28:13 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-10 15:28:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-06 02:15:49 88576 ----a-w- c:\windows\MBR.exe
2010-09-23 05:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 9:21:03.42 ===============




BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 14 November 2010 - 07:03 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 14 November 2010 - 07:07 PM

OTL logfile created on: 11/14/2010 10:05:45 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\breitert.BREITERTECHNOLO\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 35.38 Gb Free Space | 47.51% Space Free | Partition Type: NTFS

Computer Name: BREITERJACKPOT | User Name: breitert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 10:04:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\OTL.exe
PRC - [2010/11/06 12:19:33 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/10/11 16:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/09/22 18:39:14 | 000,280,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/07/27 14:46:08 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/24 21:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/11/24 21:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 10:04:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/24 21:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/20 20:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BREITE~1.BRE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 21:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 21:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/24 21:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/18 07:26:54 | 000,339,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/18 22:11:36 | 006,021,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/15 22:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/03/28 05:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/01/20 20:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2001/08/17 20:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 20:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 19:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 19:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 19:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 19:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 19:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 19:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 19:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\asc3550.sys -- (asc3550)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E3 30 B8 8E 19 CB 01 [binary data]
IE - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/01 21:03:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/07 02:01:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/07 02:02:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106110544.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189780726-513912061-2231004125-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BreiterTechnology.local
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 10:04:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\OTL.exe
[2010/11/06 06:00:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/06 05:59:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/06 05:57:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/05 02:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/11/05 02:49:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/05 02:47:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/05 01:20:03 | 000,000,000 | ---D | C] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Local\Secunia PSI
[2010/11/05 01:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/11/05 01:19:37 | 001,141,424 | ---- | C] (Secunia) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\PSI2SetupBeta.exe
[2010/10/25 03:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/25 03:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/25 03:43:27 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/25 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Local\Windows Live
[2010/10/17 14:38:11 | 000,000,000 | ---D | C] -- C:\HP_CLJ_3600_Installer_English
[2010/10/17 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\breitert.BREITERTECHNOLO\Desktop\OtherStuff
[2010/10/17 12:15:26 | 000,000,000 | ---D | C] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\BACS.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 10:07:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47B956EE-A1DF-4FDD-AF7D-5FE9CB32F836}.job
[2010/11/14 10:04:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\OTL.exe
[2010/11/14 10:01:05 | 000,150,016 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\Copy3 of MARKB2006.xls
[2010/11/14 09:58:14 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{13969EA7-8901-4651-B121-F67E338E376E}.job
[2010/11/14 08:50:54 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 08:50:54 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 20:27:39 | 000,577,536 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\custmail2000.mdb
[2010/11/10 06:58:39 | 000,010,936 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Article Content Analysis.docx
[2010/11/09 02:56:18 | 000,642,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/09 02:56:18 | 000,119,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 02:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 02:50:46 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 07:51:34 | 000,018,027 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\requested-files[2010-11-06_08_51].cab
[2010/11/06 07:37:30 | 000,287,041 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\gmer.zip
[2010/11/06 07:33:43 | 000,629,248 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\dds.scr
[2010/11/05 20:15:49 | 000,088,576 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/05 02:49:13 | 245,301,131 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/05 02:39:42 | 000,108,596 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/05 01:19:39 | 001,141,424 | ---- | M] (Secunia) -- C:\Users\breitert.BREITERTECHNOLO\Desktop\PSI2SetupBeta.exe
[2010/11/04 20:28:28 | 000,364,032 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\rkill.com
[2010/11/04 20:14:49 | 000,015,545 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\IOP Outline.docx
[2010/10/27 23:53:08 | 000,016,628 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Modern Leaders.docx
[2010/10/25 18:07:36 | 000,000,162 | -H-- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\~$ra Sera.docx
[2010/10/25 18:07:35 | 000,010,469 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Sera Sera.docx
[2010/10/25 04:04:24 | 000,375,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/25 03:02:26 | 000,001,356 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\AppData\Local\d3d9caps.dat
[2010/10/23 16:56:13 | 000,016,744 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Daniel Markbreiter's Commentary.docx
[2010/10/21 19:55:56 | 000,014,695 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Tank layout.docx
[2010/10/18 21:23:51 | 000,166,448 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Gettysburg Battle Detail.docx
[2010/10/17 23:56:33 | 000,016,793 | ---- | M] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Daniel Markbreiter.docx
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 06:58:38 | 000,010,936 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Article Content Analysis.docx
[2010/11/06 08:14:15 | 2145,353,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 07:51:34 | 000,018,027 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\requested-files[2010-11-06_08_51].cab
[2010/11/06 07:37:24 | 000,287,041 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\gmer.zip
[2010/11/06 07:30:29 | 000,629,248 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\dds.scr
[2010/11/05 02:49:13 | 245,301,131 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/05 02:35:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/05 02:35:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/05 02:35:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/05 02:35:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/04 20:28:26 | 000,364,032 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\rkill.com
[2010/11/03 17:31:06 | 000,015,545 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\IOP Outline.docx
[2010/10/27 21:33:10 | 000,016,628 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Modern Leaders.docx
[2010/10/25 18:07:36 | 000,000,162 | -H-- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\~$ra Sera.docx
[2010/10/25 18:07:35 | 000,010,469 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Sera Sera.docx
[2010/10/23 16:56:12 | 000,016,744 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Daniel Markbreiter's Commentary.docx
[2010/10/21 19:47:21 | 000,014,695 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Tank layout.docx
[2010/10/18 21:10:18 | 000,166,448 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Gettysburg Battle Detail.docx
[2010/10/17 21:33:58 | 000,016,793 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Documents\Daniel Markbreiter.docx
[2010/10/17 13:20:04 | 000,150,016 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\Desktop\Copy3 of MARKB2006.xls
[2010/08/14 22:14:07 | 000,001,356 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\AppData\Local\d3d9caps.dat
[2010/06/07 18:54:12 | 000,001,934 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/24 18:33:29 | 000,003,584 | ---- | C] () -- C:\Users\breitert.BREITERTECHNOLO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 07:37:23 | 000,108,596 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/17 15:14:21 | 000,000,167 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2010/01/17 13:53:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/24 16:57:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4957.dll
[2009/11/27 16:40:05 | 000,001,154 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI
[2009/11/27 15:01:58 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\Windows\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\Windows\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\Windows\System32\gthrctr.ini
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/24 15:06:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Desktop Search
[2010/01/17 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\breitert\AppData\Roaming\BACS.exe
[2010/01/18 07:40:59 | 000,000,000 | ---D | M] -- C:\Users\breitert\AppData\Roaming\uniblue
[2009/12/24 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\breitert\AppData\Roaming\Windows Desktop Search
[2010/07/06 19:58:03 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Amazon
[2010/10/17 12:15:28 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\BACS.exe
[2010/02/07 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/07 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Image Zone Express
[2010/06/07 19:31:05 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Printer Info Cache
[2009/12/24 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\breitert.BREITERTECHNOLO\AppData\Roaming\Windows Desktop Search
[2009/12/24 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Windows Desktop Search
[2008/01/20 20:58:23 | 000,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/14 09:58:14 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{13969EA7-8901-4651-B121-F67E338E376E}.job
[2010/11/14 10:07:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47B956EE-A1DF-4FDD-AF7D-5FE9CB32F836}.job

========== Purity Check ==========



< End of report >




#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 15 November 2010 - 04:53 AM

Hi, lets hope that this one is in better shape than your other computer. :)

Can you please post me the RKU log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 15 November 2010 - 09:20 PM

I sent it as an attachment - I seemed to be exceeding the size limit. Thx for your help.

Attached Files



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 16 November 2010 - 06:01 AM

Please try to run Combofix from safe mode.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 17 November 2010 - 05:59 AM

ComboFix won't run - it does a backup of teh registry then just sits there....

Here is the screenshot from the Administrator dos window.
Please wait.
ComboFix is preparing to run.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 17 November 2010 - 08:12 AM

Can you please try to run it from safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 18 November 2010 - 07:06 AM

I had tried running ComboFix in Safe mode as you had requested. I then tried to delete and redownload and reinstall; (I deleted the Quoobox folder and from prefetch as well). I turned off all of the virus checkers - same result. I tried renaming it to iCombofix, same result. .:mellow: When looking at the ComboFix folder via the Vista folder browser, I noticed that the icon links to the view of the computer, i.e. C: drive and E: dirive, rather than to the actual folder contents, something of a circular reference. And the ComboFix folder Icon is the Icon of The Computer. I s that expected?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 18 November 2010 - 07:56 AM

Yes, that is quite normal.

Please try this instead:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 18 November 2010 - 09:18 PM

It did not find a rootkit. (nothing found):wacko: But the other logs said there may be something... What do you think?

2010/11/18 20:07:23.0262 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/18 20:07:23.0262 ================================================================================
2010/11/18 20:07:23.0262 SystemInfo:
2010/11/18 20:07:23.0262
2010/11/18 20:07:23.0262 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/18 20:07:23.0262 Product type: Workstation
2010/11/18 20:07:23.0262 ComputerName: BREITERJACKPOT
2010/11/18 20:07:23.0262 UserName: breitert
2010/11/18 20:07:23.0262 Windows directory: C:\Windows
2010/11/18 20:07:23.0262 System windows directory: C:\Windows
2010/11/18 20:07:23.0262 Processor architecture: Intel x86
2010/11/18 20:07:23.0262 Number of processors: 2
2010/11/18 20:07:23.0262 Page size: 0x1000
2010/11/18 20:07:23.0262 Boot type: Normal boot
2010/11/18 20:07:23.0262 ================================================================================
2010/11/18 20:07:23.0745 Initialize success
2010/11/18 20:07:26.0054 ================================================================================
2010/11/18 20:07:26.0054 Scan started
2010/11/18 20:07:26.0054 Mode: Manual;
2010/11/18 20:07:26.0054 ================================================================================
2010/11/18 20:07:27.0084 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\Windows\system32\DRIVERS\ABP480N5.SYS
2010/11/18 20:07:27.0193 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/18 20:07:27.0333 ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\Windows\system32\drivers\ADIHdAud.sys
2010/11/18 20:07:27.0458 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/18 20:07:27.0505 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/18 20:07:27.0536 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/18 20:07:27.0583 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/18 20:07:27.0661 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/18 20:07:27.0723 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/18 20:07:27.0754 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\Windows\system32\DRIVERS\aha154x.sys
2010/11/18 20:07:27.0817 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\Windows\system32\DRIVERS\aic78u2.sys
2010/11/18 20:07:27.0879 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/18 20:07:27.0926 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/18 20:07:27.0973 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/18 20:07:28.0004 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/18 20:07:28.0035 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/18 20:07:28.0066 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/18 20:07:28.0144 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\Windows\system32\DRIVERS\amsint.sys
2010/11/18 20:07:28.0238 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/18 20:07:28.0300 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/18 20:07:28.0347 asc (62d318e9a0c8fc9b780008e724283707) C:\Windows\system32\DRIVERS\asc.sys
2010/11/18 20:07:28.0394 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\Windows\system32\DRIVERS\asc3350p.sys
2010/11/18 20:07:28.0456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\Windows\system32\DRIVERS\asc3550.sys
2010/11/18 20:07:28.0534 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/18 20:07:28.0566 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/18 20:07:28.0706 atikmdag (fcd4c95b1cb2a7dfbf8df5609c74734a) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/18 20:07:30.0188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/18 20:07:30.0250 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/18 20:07:30.0266 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/18 20:07:30.0313 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/18 20:07:30.0344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/18 20:07:30.0391 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/18 20:07:30.0438 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/18 20:07:30.0469 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/18 20:07:30.0500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/18 20:07:30.0531 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/18 20:07:30.0656 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\Windows\system32\DRIVERS\cd20xrnt.sys
2010/11/18 20:07:30.0718 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/18 20:07:30.0765 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/18 20:07:30.0812 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2010/11/18 20:07:30.0874 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/18 20:07:30.0921 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/18 20:07:30.0984 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/18 20:07:31.0015 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/11/18 20:07:31.0062 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\Windows\system32\DRIVERS\cpqarray.sys
2010/11/18 20:07:31.0108 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/18 20:07:31.0140 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/18 20:07:31.0186 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2010/11/18 20:07:31.0233 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\Windows\system32\DRIVERS\dac2w2k.sys
2010/11/18 20:07:31.0264 dac960nt (683789caa3864eb46125ae86ff677d34) C:\Windows\system32\DRIVERS\dac960nt.sys
2010/11/18 20:07:31.0358 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/18 20:07:31.0436 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/18 20:07:31.0498 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/11/18 20:07:31.0545 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/11/18 20:07:31.0576 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/11/18 20:07:31.0623 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\Windows\system32\DRIVERS\dpti2o.sys
2010/11/18 20:07:31.0670 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/18 20:07:31.0717 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/18 20:07:31.0779 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/18 20:07:31.0842 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/18 20:07:31.0904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/18 20:07:31.0951 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/18 20:07:32.0044 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/18 20:07:32.0091 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/18 20:07:32.0122 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/18 20:07:32.0169 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/18 20:07:32.0200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/18 20:07:32.0232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/18 20:07:32.0263 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/18 20:07:32.0356 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/18 20:07:32.0450 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/18 20:07:32.0481 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/18 20:07:32.0559 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/11/18 20:07:32.0606 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/18 20:07:32.0637 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/18 20:07:32.0668 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/18 20:07:32.0746 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/18 20:07:32.0778 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/18 20:07:32.0824 hpn (b028377dea0546a5fcfba928a8aefae0) C:\Windows\system32\DRIVERS\hpn.sys
2010/11/18 20:07:32.0918 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/18 20:07:32.0965 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/18 20:07:32.0996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/18 20:07:33.0168 ialm (b2768350bb50469aeb1afe694372b613) C:\Windows\system32\DRIVERS\igxpmp32.sys
2010/11/18 20:07:33.0433 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/18 20:07:33.0480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/18 20:07:33.0526 ini910u (4a40e045faee58631fd8d91afc620719) C:\Windows\system32\DRIVERS\ini910u.sys
2010/11/18 20:07:33.0604 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/18 20:07:33.0636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/18 20:07:33.0682 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/18 20:07:33.0745 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/18 20:07:33.0776 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/18 20:07:33.0807 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/18 20:07:33.0823 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/18 20:07:33.0870 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/18 20:07:33.0885 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/18 20:07:33.0916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/18 20:07:33.0963 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\Windows\system32\DRIVERS\k57xp32.sys
2010/11/18 20:07:34.0041 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/18 20:07:34.0088 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/18 20:07:34.0150 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/18 20:07:34.0197 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/18 20:07:34.0260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/18 20:07:34.0291 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/18 20:07:34.0353 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/18 20:07:34.0384 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/18 20:07:34.0447 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
2010/11/18 20:07:34.0525 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/18 20:07:34.0556 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/18 20:07:34.0618 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/18 20:07:34.0650 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/18 20:07:34.0743 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2010/11/18 20:07:34.0790 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2010/11/18 20:07:34.0884 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2010/11/18 20:07:34.0962 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/18 20:07:35.0040 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2010/11/18 20:07:35.0118 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/18 20:07:35.0196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/18 20:07:35.0227 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/18 20:07:35.0242 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/18 20:07:35.0274 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/18 20:07:35.0289 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/18 20:07:35.0336 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/18 20:07:35.0383 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/18 20:07:35.0414 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/18 20:07:35.0461 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/18 20:07:35.0492 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/18 20:07:35.0523 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/18 20:07:35.0554 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/18 20:07:35.0586 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/18 20:07:35.0632 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/18 20:07:35.0695 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/18 20:07:35.0726 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/18 20:07:35.0773 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/18 20:07:35.0804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/18 20:07:35.0835 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/18 20:07:35.0882 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/18 20:07:35.0913 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/18 20:07:35.0944 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/18 20:07:35.0976 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/18 20:07:36.0038 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/18 20:07:36.0100 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/18 20:07:36.0116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/18 20:07:36.0163 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/18 20:07:36.0210 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/18 20:07:36.0256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/18 20:07:36.0288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/18 20:07:36.0319 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/18 20:07:36.0366 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/18 20:07:36.0412 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/18 20:07:36.0428 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/18 20:07:36.0490 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/18 20:07:36.0553 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/18 20:07:36.0584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/18 20:07:36.0615 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/18 20:07:36.0662 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/18 20:07:36.0693 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/18 20:07:36.0787 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/18 20:07:36.0849 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/11/18 20:07:36.0896 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/18 20:07:36.0912 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/18 20:07:36.0974 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/18 20:07:37.0005 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/18 20:07:37.0052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/18 20:07:37.0114 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/18 20:07:37.0208 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/18 20:07:37.0255 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/18 20:07:37.0317 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/18 20:07:37.0348 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2010/11/18 20:07:37.0458 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\Windows\system32\DRIVERS\ql1080.sys
2010/11/18 20:07:37.0504 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\Windows\system32\DRIVERS\ql10wnt.sys
2010/11/18 20:07:37.0551 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\Windows\system32\DRIVERS\ql12160.sys
2010/11/18 20:07:37.0598 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\Windows\system32\DRIVERS\ql1240.sys
2010/11/18 20:07:37.0629 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\Windows\system32\DRIVERS\ql1280.sys
2010/11/18 20:07:37.0707 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/18 20:07:37.0770 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/18 20:07:37.0801 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/18 20:07:37.0816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/18 20:07:37.0863 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/18 20:07:37.0910 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/18 20:07:37.0941 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/18 20:07:37.0988 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/18 20:07:38.0019 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/18 20:07:38.0082 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/18 20:07:38.0097 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/18 20:07:38.0128 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/18 20:07:38.0191 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/18 20:07:38.0238 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/18 20:07:38.0300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/18 20:07:38.0347 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/18 20:07:38.0378 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/11/18 20:07:38.0409 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/18 20:07:38.0456 SFAUDIO (b6401608579b6431994425ba7653f774) C:\Windows\system32\drivers\sfaudio.sys
2010/11/18 20:07:38.0550 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/18 20:07:38.0596 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/18 20:07:38.0628 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/18 20:07:38.0659 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/18 20:07:38.0706 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/18 20:07:38.0737 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/18 20:07:38.0784 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/18 20:07:38.0846 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/18 20:07:38.0908 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\Windows\system32\DRIVERS\sparrow.sys
2010/11/18 20:07:38.0940 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/18 20:07:39.0002 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/18 20:07:39.0096 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/18 20:07:39.0189 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/18 20:07:39.0298 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/18 20:07:39.0361 symc810 (1ff3217614018630d0a6758630fc698c) C:\Windows\system32\DRIVERS\symc810.sys
2010/11/18 20:07:39.0423 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/18 20:07:39.0470 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/18 20:07:39.0517 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/18 20:07:39.0595 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/18 20:07:39.0673 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/18 20:07:39.0720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/18 20:07:39.0751 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/18 20:07:39.0798 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/18 20:07:39.0844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/18 20:07:39.0891 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/18 20:07:39.0969 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/18 20:07:40.0016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/18 20:07:40.0047 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/18 20:07:40.0125 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/18 20:07:40.0188 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/18 20:07:40.0219 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/18 20:07:40.0266 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/18 20:07:40.0312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/18 20:07:40.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\Windows\system32\DRIVERS\ultra.sys
2010/11/18 20:07:40.0422 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/18 20:07:40.0500 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/18 20:07:40.0546 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/18 20:07:40.0593 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/18 20:07:40.0640 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/18 20:07:40.0687 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/18 20:07:40.0718 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/18 20:07:40.0765 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/18 20:07:40.0812 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/18 20:07:40.0843 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/18 20:07:40.0874 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/18 20:07:40.0905 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/18 20:07:40.0968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/18 20:07:40.0983 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/18 20:07:41.0030 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/18 20:07:41.0061 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/18 20:07:41.0092 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/18 20:07:41.0124 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/18 20:07:41.0155 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/18 20:07:41.0217 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/18 20:07:41.0248 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/18 20:07:41.0295 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/18 20:07:41.0326 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 20:07:41.0358 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 20:07:41.0404 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/18 20:07:41.0436 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/18 20:07:41.0560 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/18 20:07:41.0638 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/18 20:07:41.0685 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/18 20:07:41.0732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/18 20:07:41.0779 ================================================================================
2010/11/18 20:07:41.0779 Scan finished
2010/11/18 20:07:41.0779 ================================================================================
2010/11/18 20:07:56.0209 Deinitialize success

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 19 November 2010 - 05:42 AM

Please scroll back to the combofix instructions, right click on the download link and select "save link/target as". Name the file fun.com instead of combofix.exe and once downloaded, try to run it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 November 2010 - 09:06 AM

no luck - I also tried clearing all known "ComboFix" registry entries and the Temp Internet files - it still stops. Two other related issues - the comuter cannot take a Windows Vista secuirty fix - Security Update for Windows Vista (KB981852) - it has tried for a week. Also I cannot create a restore point for this computer - it errors out with code 0x8004230F...



#14 breitert

breitert
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 November 2010 - 10:21 AM

I got the above two issues fixed - restore point and Windows update but ComboFix still stops - I let it go for about 2 mins then close the command window.Posted Image

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:48 PM

Posted 20 November 2010 - 12:27 PM

Combofix not running is not an issue itself, there are any number of reasons for that. Please post me a new OTL log so I can see what else needs to be fixed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users