Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update errors and Google redirects (in China)


  • This topic is locked This topic is locked
33 replies to this topic

#1 roxdav

roxdav

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 06 August 2011 - 03:04 AM

Windows 7 OS. Iget Google redirects to Asian websites. Windows Update stopped working at the same time -keep getting errorcodes 80072efe or 80072ee2. Researched and tried many solutions - everything MS recommended,Kapersky, cleaning up the "host" file, Malwarebytes, MS Fixit50202,deleting temp files, reset router, etc. Other programs (Adobe, Java, iTunes) auto update just fine. I have a Linksys wrtg5 router withadmin account password protection and MAC filtering and WEP protection. I use MSE and Avast professional for AVprotection. full scans by bothrevealed nothing.



I live in China. When I went on vacation 7 weeks ago, I had no problems. When I returned, all these problemsappeared. I had a house guest whomay have used my computer. Finallybecause I am a foreign diplomat working here, I assume Chinese authoritiesmonitor my computer and perhaps install malware. (I could not even connect toyour site without turning on my VPN service).



I also could not upload the “attach.txt " file to either your website or to my emailaccount. So, I put it all on a stickand moved it over to my Macbook tocommence this thread.




.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07

Run by Dave2 at 14:22:41 on 2011-08-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.2014 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\NLSSRV32.EXE

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\DVD or CD Sharing\ODSAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe

C:\Program Files\OpenVPN\bin\openvpn.exe

C:\Windows\system32\conhost.exe

C:\Users\Dave2\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dave2\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Dave2\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\13.0.782.107\npchrome_frame.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\users\dave2\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: google.com\www

Trusted Zone: intuit.com\ttlc

Trusted Zone: microsoft.com\update

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1311633440300

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 216.131.94.5 216.131.95.20

TCP: Interfaces\{082D78BB-8E86-4176-9A37-9266148D886E} : DhcpNameServer = 216.131.94.5 216.131.95.20

TCP: Interfaces\{120CBFCF-6E4C-4013-8B97-49B91D3E8BFD} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{120CBFCF-6E4C-4013-8B97-49B91D3E8BFD} : DhcpNameServer = 8.8.8.8 8.8.4.4 210.21.4.130

TCP: Interfaces\{777CC971-F15A-499F-A5DC-AA4BC7E65059} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DA4A778E-F93E-480B-9804-2056E0701160} : DhcpNameServer = 210.21.4.130 221.5.88.88

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\13.0.782.107\npchrome_frame.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-1 114768]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R1 MpKsl3390014a;MpKsl3390014a;c:\programdata\microsoft\microsoft antimalware\definition updates\{f6e7cfe9-0c91-4ddf-90be-fac81ad2fd71}\MpKsl3390014a.sys [2011-8-6 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-1 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-1 53328]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-1 138680]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-1 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-1 352920]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-29 315392]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ascservice.exe --> c:\program files\iobit\advanced systemcare 4\ASCService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c98283e9bdc6e8;Google Update Service (gupdate1c98283e9bdc6e8);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-3 52224]

S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2011-3-5 1515520]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-08-06 05:57:13 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f6e7cfe9-0c91-4ddf-90be-fac81ad2fd71}\MpKsl3390014a.sys

2011-08-05 10:32:25 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f6e7cfe9-0c91-4ddf-90be-fac81ad2fd71}\mpengine.dll

2011-08-05 10:32:11 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-07-31 12:43:37 -------- d-----w- c:\program files\Bonjour

2011-07-28 13:17:08 -------- d-----w- c:\users\dave2\DoctorWeb

2011-07-28 12:54:41 -------- d-----w- c:\windows\system32\catroot2

2011-07-28 11:56:50 -------- d-----w- c:\windows\CheckSur

2011-07-28 11:12:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-28 11:12:46 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-07-28 11:12:44 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-28 08:43:48 -------- d-----w- c:\users\dave2\appdata\roaming\Malwarebytes

2011-07-28 08:43:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 08:43:37 -------- d-----w- c:\programdata\Malwarebytes

2011-07-28 08:43:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 08:43:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-26 21:57:11 -------- d-----w- c:\windows\system32\catroot2.bak

2011-07-12 03:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 03:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

.

==================== Find3M ====================

.

2011-05-10 00:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 00:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 14:23:26.00 ===============




Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 AM

Posted 12 August 2011 - 10:24 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 12:50 AM

Elise, thanks for helping. My problems are still the same as originally noted - Windows Update errors and Google redirects. I would add sluggish performance to that as well. One other thing - when I log onto my VPN, it fails to connect several times and the "details" produce a message that says "No server certificate verification method has been enabled" and suggests I look at their support page. When I go to the page, it has a a lot of technical suggestions - way above my skill level -- about how to deal with "man in the middle" attacks. The VPN does eventually connect, however, on its own.

Here is my original post:


Windows 7 OS. I get Google redirects to Asian websites. Windows Update stopped working at the same time -keep getting error codes 80072efe or 80072ee2. Researched and tried many solutions - everything MS recommended,Kapersky, cleaning up the "host" file, Malwarebytes, MS Fixit50202,deleting temp files, reset router, etc. Other programs (Adobe, Java, iTunes) auto update just fine. I have a Linksys wrtg5 router with admin account password protection and MAC filtering and WEP protection. I use MSE and Avast professional for AV protection. Full scans by both revealed nothing.

I live in China. When I went on vacation 7 weeks ago, I had no problems. When I returned, all these problems appeared. I had a house guest who may have used my computer. Finally, because I am a foreign diplomat working here, I assume Chinese authorities monitor my computer and perhaps install malware.




Here is the new DDS log:
.

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07
Run by Dave2 at 13:27:15 on 2011-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.2144 [GMT 8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32%5

#4 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 01:02 AM

Elise, thanks for helping. Sorry about the double post. My problems are still the same as originally noted - Windows Update errors and Google redirects. I would add sluggish performance to that as well. One other thing - when I log onto my VPN, it fails to connect several times and the "details" produce a message that says "No server certificate verification method has been enabled" and suggests I look at their support page. When I go to the page, it has a a lot of technical suggestions - way above my skill level -- about how to deal with "man in the middle" attacks. The VPN does eventually connect, however, on its own.

Here is my original post:


Windows 7 OS. I get Google redirects to Asian websites. Windows Update stopped working at the same time -keep getting error codes 80072efe or 80072ee2. Researched and tried many solutions - everything MS recommended,Kapersky, cleaning up the "host" file, Malwarebytes, MS Fixit50202,deleting temp files, reset router, etc. Other programs (Adobe, Java, iTunes) auto update just fine. I have a Linksys wrtg5 router with admin account password protection and MAC filtering and WEP protection. I use MSE and Avast professional for AV protection. Full scans by both revealed nothing.

I live in China. When I went on vacation 7 weeks ago, I had no problems. When I returned, all these problems appeared. I had a house guest who may have used my computer. Finally, because I am a foreign diplomat working here, I assume Chinese authorities monitor my computer and perhaps install malware.




Here is the new DDS log:
.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07
Run by Dave2 at 13:27:15 on 2011-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.2144 [GMT 8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\NLSSRV32.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DVD or CD Sharing\ODSAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\13.0.782.107\npchrome_frame.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\dave2\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1311633440300
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.131.94.5 216.131.95.20
TCP: Interfaces\{082D78BB-8E86-4176-9A37-9266148D886E} : DhcpNameServer = 216.131.94.5 216.131.95.20
TCP: Interfaces\{120CBFCF-6E4C-4013-8B97-49B91D3E8BFD} : DhcpNameServer = 8.8.8.8 8.8.4.4 210.21.4.130
TCP: Interfaces\{DA4A778E-F93E-480B-9804-2056E0701160} : DhcpNameServer = 210.21.4.130 221.5.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\13.0.782.107\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-1 114768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKsldfa877c0;MpKsldfa877c0;c:\programdata\microsoft\microsoft antimalware\definition updates\{45a5797d-0e5c-4702-803c-5f7d27f4b325}\MpKsldfa877c0.sys [2011-8-13 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-1 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-1 138680]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-28 366640]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-1 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-28 22712]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-29 315392]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ascservice.exe --> c:\program files\iobit\advanced systemcare 4\ASCService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98283e9bdc6e8;Google Update Service (gupdate1c98283e9bdc6e8);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-30 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-3 52224]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2011-3-5 1515520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-13 05:11:53 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{45a5797d-0e5c-4702-803c-5f7d27f4b325}\MpKsldfa877c0.sys
2011-08-07 02:20:32 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{45a5797d-0e5c-4702-803c-5f7d27f4b325}\mpengine.dll
2011-08-05 10:32:11 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-31 12:43:37 -------- d-----w- c:\program files\Bonjour
2011-07-28 13:17:08 -------- d-----w- c:\users\dave2\DoctorWeb
2011-07-28 12:54:41 -------- d-----w- c:\windows\system32\catroot2
2011-07-28 11:56:50 -------- d-----w- c:\windows\CheckSur
2011-07-28 11:12:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-28 11:12:46 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-28 11:12:44 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-28 08:43:48 -------- d-----w- c:\users\dave2\appdata\roaming\Malwarebytes
2011-07-28 08:43:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 08:43:37 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 08:43:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 08:43:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 21:57:11 -------- d-----w- c:\windows\system32\catroot2.bak
.
==================== Find3M ====================
.
2011-07-12 03:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 13:27:55.72 ===============

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 AM

Posted 13 August 2011 - 03:29 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 08:41 AM

Elise:

Here is the Combofix log:


ComboFix 11-08-13.02 - Dave2 08/13/2011 21:14:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.1956 [GMT 8:00]
Running from: c:\users\Dave2\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave2\WINDOWS
c:\windows\system\CM108.cpl
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\hpfpp083.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 13:23 . 2011-08-13 13:24 -------- d-----w- c:\users\Dave2\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Rox - I-POD TOUCH\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Quinn\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\old iTouch 1\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Old iPad\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\New I Pad 2\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Dave iTouch 1\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-13 13:02 . 2011-08-13 13:02 28752

#7 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 08:45 AM

Elise, sorry, I keep getting disconnected:

here is the complete log (I hope)



ComboFix 11-08-13.02 - Dave2 08/13/2011 21:14:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.1956 [GMT 8:00]
Running from: c:\users\Dave2\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave2\WINDOWS
c:\windows\system\CM108.cpl
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\hpfpp083.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 13:23 . 2011-08-13 13:24 -------- d-----w- c:\users\Dave2\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Rox - I-POD TOUCH\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Quinn\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\old iTouch 1\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Old iPad\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\New I Pad 2\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Dave iTouch 1\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-08-13 13:23 . 2011-08-13 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-13 13:02 . 2011-08-13 13:02 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18F63513-3F42-4A67-B427-83F5BD48D434}\MpKsl29a4b919.sys
2011-08-13 05:29 . 2011-07-20 01:44 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18F63513-3F42-4A67-B427-83F5BD48D434}\mpengine.dll
2011-08-07 12:47 . 2011-08-07 12:47 -------- d-----w- c:\users\Dave iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 12:28 . 2011-08-07 12:28 -------- d-----w- c:\users\old iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 00:57 . 2011-08-07 00:57 -------- d-----w- c:\users\Rox - I-POD TOUCH\AppData\Roaming\Malwarebytes
2011-08-05 10:32 . 2011-07-20 01:44 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-01 10:36 . 2011-08-01 10:36 -------- d-----w- c:\users\Quinn\AppData\Roaming\Malwarebytes
2011-07-31 12:43 . 2011-07-31 12:43 -------- d-----w- c:\program files\Bonjour
2011-07-31 12:39 . 2011-07-31 12:39 -------- d-----w- c:\program files\Apple Software Update
2011-07-31 12:29 . 2011-07-31 12:29 -------- d-----w- c:\users\New I Pad 2\AppData\Local\Apple
2011-07-31 12:29 . 2011-07-31 12:29 -------- d-----w- c:\users\New I Pad 2\AppData\Roaming\Malwarebytes
2011-07-28 22:52 . 2011-07-28 22:52 -------- d-----w- c:\users\Old iPad\AppData\Roaming\Malwarebytes
2011-07-28 13:17 . 2011-07-28 13:17 -------- d-----w- c:\users\Dave2\DoctorWeb
2011-07-28 12:54 . 2011-08-06 04:57 -------- d-----w- c:\windows\system32\catroot2
2011-07-28 11:56 . 2011-07-28 11:56 -------- d-----w- c:\windows\CheckSur
2011-07-28 11:12 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-28 11:12 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-28 11:12 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-28 08:43 . 2011-07-28 08:43 -------- d-----w- c:\users\Dave2\AppData\Roaming\Malwarebytes
2011-07-28 08:43 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 08:43 . 2011-07-28 08:43 -------- d-----w- c:\programdata\Malwarebytes
2011-07-28 08:43 . 2011-07-28 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 08:43 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 01:44 . 2010-01-03 01:30 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 03:20 . 2011-07-12 03:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:20 . 2011-07-12 03:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2008-12-31 01:23 . 2008-12-31 01:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\System32\appmgmts.dll
.
[7] 2009-07-14 . 72DD56197DB4AF4DE203EFE0D9E5901E . 29696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasriplistener_31bf3856ad364e35_6.1.7600.16385_none_fb89c77bbe24cc74\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\System32\iprip.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 16:45 75304 -c--a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 16:43 455168 ----a-w- c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 16:43 455168 ----a-w- c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-18 06:22 843776 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 17:16 185896 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl4014d2fb;MpKsl4014d2fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CD8A6BE-0257-45AA-B861-0CD23079F378}\MpKsl4014d2fb.sys [x]
R1 MpKsl498e21cb;MpKsl498e21cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE5C89B1-2E31-4503-8EE3-15188B518A1F}\MpKsl498e21cb.sys [x]
R1 MpKsl82387b04;MpKsl82387b04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25704B3E-885D-44E5-AC05-40CB0FC0A361}\MpKsl82387b04.sys [x]
R1 MpKsl8f8f83e7;MpKsl8f8f83e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45A5797D-0E5C-4702-803C-5F7D27F4B325}\MpKsl8f8f83e7.sys [x]
R1 MpKslf5ba9734;MpKslf5ba9734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA14C37A-4A59-418C-8785-B35FFDF0350C}\MpKslf5ba9734.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98283e9bdc6e8;Google Update Service (gupdate1c98283e9bdc6e8);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-09-03 1515520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSP;avast! Self Protection; [x]
S1 MpKsl29a4b919;MpKsl29a4b919;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18F63513-3F42-4A67-B427-83F5BD48D434}\MpKsl29a4b919.sys [2011-08-13 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-29 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-02-02 65856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-06 375808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL29A4B919
.
Contents of the 'Scheduled Tasks' folder
.
2008-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001Core.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001UA.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007Core.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007UA.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009Core.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009UA.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 210.21.4.130
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cm108Sound - cm108.cpl
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-13 21:27:43
ComboFix-quarantined-files.txt 2011-08-13 13:27
.
Pre-Run: 18,251,366,400 bytes free
Post-Run: 20,136,849,408 bytes free
.
- - End Of File - - 8CFBA62388761A12B69A55948CB7411E

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 AM

Posted 13 August 2011 - 09:02 AM

Hi again, please let me know if you have a windows CD at hand.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 07:53 PM

Elise
TDSSKiller found nothing. I do have a Windows CD. Here's the log

Dave


2011/08/14 08:48:26.0927 4680 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 08:48:28.0940 4680 ================================================================================
2011/08/14 08:48:28.0940 4680 SystemInfo:
2011/08/14 08:48:28.0940 4680
2011/08/14 08:48:28.0940 4680 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/14 08:48:28.0940 4680 Product type: Workstation
2011/08/14 08:48:28.0940 4680 ComputerName: DAVE2-PC
2011/08/14 08:48:28.0940 4680 UserName: Dave2
2011/08/14 08:48:28.0940 4680 Windows directory: C:\Windows
2011/08/14 08:48:28.0940 4680 System windows directory: C:\Windows
2011/08/14 08:48:28.0940 4680 Processor architecture: Intel x86
2011/08/14 08:48:28.0940 4680 Number of processors: 2
2011/08/14 08:48:28.0940 4680 Page size: 0x1000
2011/08/14 08:48:28.0940 4680 Boot type: Normal boot
2011/08/14 08:48:28.0940 4680 ================================================================================
2011/08/14 08:48:29.0423 4680 Initialize success
2011/08/14 08:48:32.0808 5252 ================================================================================
2011/08/14 08:48:32.0808 5252 Scan started
2011/08/14 08:48:32.0808 5252 Mode: Manual;
2011/08/14 08:48:32.0808 5252

#10 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 08:12 PM

Again with the disconnect. here is the complete log:

<span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">
Elise

TDSSKiller found nothing. I do have a Windows CD. Here's the log

Dave


2011/08/14 08:48:26.0927 4680 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 08:48:28.0940 4680 ================================================================================
2011/08/14 08:48:28.0940 4680 SystemInfo:
2011/08/14 08:48:28.0940 4680
2011/08/14 08:48:28.0940 4680 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/14 08:48:28.0940 4680 Product type: Workstation
2011/08/14 08:48:28.0940 4680 ComputerName: DAVE2-PC
2011/08/14 08:48:28.0940 4680 UserName: Dave2
2011/08/14 08:48:28.0940 4680 Windows directory: C:\Windows
2011/08/14 08:48:28.0940 4680 System windows directory: C:\Windows
2011/08/14 08:48:28.0940 4680 Processor architecture: Intel x86
2011/08/14 08:48:28.0940 4680 Number of processors: 2
2011/08/14 08:48:28.0940 4680 Page size: 0x1000
2011/08/14 08:48:28.0940 4680 Boot type: Normal boot
2011/08/14 08:48:28.0940 4680 ================================================================================
2011/08/14 08:48:29.0423 4680 Initialize success
2011/08/14 08:48:32.0808 5252 ================================================================================
2011/08/14 08:48:32.0808 5252 Scan started
2011/08/14 08:48:32.0808 5252 Mode: Manual;
2011/08/14 08:48:32.0808 5252 ================================================================================
2011/08/14 08:48:33.0042 5252 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/14 08:48:33.0058 5252 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/14 08:48:33.0089 5252 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/14 08:48:33.0120 5252 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/14 08:48:33.0152 5252 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/14 08:48:33.0167 5252 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/14 08:48:33.0214 5252 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/08/14 08:48:33.0230 5252 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/14 08:48:33.0245 5252 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/14 08:48:33.0276 5252 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/14 08:48:33.0292 5252 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/14 08:48:33.0308 5252 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/14 08:48:33.0323 5252 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/14 08:48:33.0354 5252 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/14 08:48:33.0370 5252 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/14 08:48:33.0386 5252 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/14 08:48:33.0417 5252 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/14 08:48:33.0432 5252 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/14 08:48:33.0479 5252 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/14 08:48:33.0495 5252 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/14 08:48:33.0510 5252 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\Windows\system32\DRIVERS\aswFsBlk.sys
2011/08/14 08:48:33.0542 5252 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
2011/08/14 08:48:33.0557 5252 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\Windows\system32\drivers\aswRdr.sys
2011/08/14 08:48:33.0573 5252 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\Windows\system32\drivers\aswSP.sys
2011/08/14 08:48:33.0604 5252 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\Windows\system32\drivers\aswTdi.sys
2011/08/14 08:48:33.0635 5252 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/14 08:48:33.0651 5252 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/14 08:48:33.0713 5252 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/14 08:48:33.0729 5252 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/14 08:48:33.0760 5252 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/14 08:48:33.0791 5252 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/14 08:48:33.0822 5252 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/14 08:48:33.0838 5252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/14 08:48:33.0854 5252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/14 08:48:33.0885 5252 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/14 08:48:33.0900 5252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/14 08:48:33.0932 5252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/14 08:48:33.0947 5252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/14 08:48:33.0963 5252 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/14 08:48:34.0025 5252 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/14 08:48:34.0041 5252 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/14 08:48:34.0072 5252 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/14 08:48:34.0088 5252 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/14 08:48:34.0119 5252 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/14 08:48:34.0134 5252 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/14 08:48:34.0166 5252 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/14 08:48:34.0181 5252 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/14 08:48:34.0212 5252 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/14 08:48:34.0228 5252 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/14 08:48:34.0275 5252 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/14 08:48:34.0306 5252 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/14 08:48:34.0322 5252 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/14 08:48:34.0368 5252 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/14 08:48:34.0415 5252 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/14 08:48:34.0478 5252 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/14 08:48:34.0540 5252 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/14 08:48:34.0571 5252 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/14 08:48:34.0602 5252 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/14 08:48:34.0618 5252 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/14 08:48:34.0649 5252 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/14 08:48:34.0680 5252 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/14 08:48:34.0696 5252 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/14 08:48:34.0727 5252 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/14 08:48:34.0743 5252 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/14 08:48:34.0774 5252 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/14 08:48:34.0790 5252 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/14 08:48:34.0821 5252 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/14 08:48:34.0836 5252 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/14 08:48:34.0852 5252 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/14 08:48:34.0883 5252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/14 08:48:34.0914 5252 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/14 08:48:34.0946 5252 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/14 08:48:34.0961 5252 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/14 08:48:34.0977 5252 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/14 08:48:35.0008 5252 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/14 08:48:35.0024 5252 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/14 08:48:35.0055 5252 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/08/14 08:48:35.0086 5252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/14 08:48:35.0117 5252 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/14 08:48:35.0133 5252 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/14 08:48:35.0164 5252 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/14 08:48:35.0180 5252 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/14 08:48:35.0226 5252 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/14 08:48:35.0258 5252 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/14 08:48:35.0273 5252 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/14 08:48:35.0304 5252 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/14 08:48:35.0336 5252 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/14 08:48:35.0351 5252 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/14 08:48:35.0367 5252 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/14 08:48:35.0414 5252 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/14 08:48:35.0445 5252 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/14 08:48:35.0460 5252 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/14 08:48:35.0492 5252 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/14 08:48:35.0507 5252 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/14 08:48:35.0538 5252 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/14 08:48:35.0570 5252 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/14 08:48:35.0616 5252 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/14 08:48:35.0648 5252 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/14 08:48:35.0663 5252 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/14 08:48:35.0679 5252 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/14 08:48:35.0710 5252 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/14 08:48:35.0726 5252 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/14 08:48:35.0757 5252 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/14 08:48:35.0788 5252 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/14 08:48:35.0819 5252 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/14 08:48:35.0835 5252 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/14 08:48:35.0850 5252 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/08/14 08:48:35.0866 5252 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/14 08:48:35.0897 5252 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/14 08:48:35.0913 5252 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/14 08:48:35.0928 5252 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/14 08:48:36.0022 5252 MpKslf4934209 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA51C6E7-0470-4914-80ED-226F70CA583D}\MpKslf4934209.sys
2011/08/14 08:48:36.0084 5252 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/14 08:48:36.0100 5252 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/14 08:48:36.0131 5252 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/14 08:48:36.0147 5252 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/14 08:48:36.0162 5252 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/14 08:48:36.0194 5252 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/14 08:48:36.0209 5252 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/14 08:48:36.0225 5252 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/14 08:48:36.0272 5252 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/14 08:48:36.0287 5252 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/14 08:48:36.0303 5252 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/14 08:48:36.0334 5252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/14 08:48:36.0365 5252 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/14 08:48:36.0381 5252 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/14 08:48:36.0412 5252 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/14 08:48:36.0428 5252 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/14 08:48:36.0443 5252 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/14 08:48:36.0474 5252 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/14 08:48:36.0490 5252 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/14 08:48:36.0506 5252 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/14 08:48:36.0537 5252 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/14 08:48:36.0568 5252 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/14 08:48:36.0584 5252 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/14 08:48:36.0615 5252 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/14 08:48:36.0630 5252 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/14 08:48:36.0646 5252 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/14 08:48:36.0662 5252 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/14 08:48:36.0693 5252 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/14 08:48:36.0724 5252 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/14 08:48:36.0771 5252 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/14 08:48:36.0786 5252 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/14 08:48:36.0833 5252 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/14 08:48:36.0864 5252 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/14 08:48:36.0896 5252 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/14 08:48:36.0927 5252 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/14 08:48:37.0083 5252 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/14 08:48:37.0176 5252 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/14 08:48:37.0192 5252 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/14 08:48:37.0223 5252 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/14 08:48:37.0239 5252 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/14 08:48:37.0301 5252 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/14 08:48:37.0317 5252 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/14 08:48:37.0332 5252 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/14 08:48:37.0364 5252 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/14 08:48:37.0410 5252 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/14 08:48:37.0426 5252 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/14 08:48:37.0442 5252 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/14 08:48:37.0473 5252 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/14 08:48:37.0566 5252 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/14 08:48:37.0582 5252 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/14 08:48:37.0629 5252 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/14 08:48:37.0644 5252 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/14 08:48:37.0676 5252 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/14 08:48:37.0722 5252 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/14 08:48:37.0738 5252 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/14 08:48:37.0769 5252 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/14 08:48:37.0800 5252 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/14 08:48:37.0816 5252 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/14 08:48:37.0847 5252 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/14 08:48:37.0878 5252 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/14 08:48:37.0894 5252 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/14 08:48:37.0910 5252 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/14 08:48:37.0941 5252 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/14 08:48:37.0956 5252 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/14 08:48:37.0988 5252 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/14 08:48:38.0019 5252 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/14 08:48:38.0034 5252 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/14 08:48:38.0066 5252 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/08/14 08:48:38.0081 5252 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/08/14 08:48:38.0112 5252 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/14 08:48:38.0144 5252 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/14 08:48:38.0175 5252 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\RTL8187.sys
2011/08/14 08:48:38.0206 5252 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/14 08:48:38.0222 5252%3

#11 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 13 August 2011 - 08:18 PM

<span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">
and this


2011/08/14 08:48:38.0206 5252 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/14 08:48:38.0222 5252 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sy


and this


2011/08/14 08:48:38.0206 5252 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/14 08:48:38.0222 5252 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/14 08:48:38.0268 5252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/14 08:48:38.0315 5252 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/14 08:48:38.0331 5252 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/14 08:48:38.0346 5252 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/14 08:48:38.0393 5252 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/14 08:48:38.0424 5252 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/14 08:48:38.0440 5252 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/14 08:48:38.0456 5252 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/14 08:48:38.0487 5252 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/14 08:48:38.0518 5252 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/14 08:48:38.0534 5252 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/14 08:48:38.0549 5252 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/14 08:48:38.0596 5252 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/14 08:48:38.0627 5252 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/08/14 08:48:38.0658 5252 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/14 08:48:38.0674 5252 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/14 08:48:38.0705 5252 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/14 08:48:38.0736 5252 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/14 08:48:38.0768 5252 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
2011/08/14 08:48:38.0830 5252 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/08/14 08:48:38.0877 5252 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/14 08:48:38.0908 5252 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/14 08:48:38.0939 5252 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/14 08:48:38.0955 5252 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/14 08:48:38.0970 5252 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/14 08:48:39.0002 5252 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/14 08:48:39.0048 5252 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/14 08:48:39.0080 5252 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/14 08:48:39.0095 5252 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/14 08:48:39.0111 5252 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/14 08:48:39.0142 5252 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/14 08:48:39.0173 5252 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/14 08:48:39.0204 5252 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/14 08:48:39.0220 5252 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/14 08:48:39.0251 5252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/14 08:48:39.0267 5252 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/08/14 08:48:39.0282 5252 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/14 08:48:39.0314 5252 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/14 08:48:39.0329 5252 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/08/14 08:48:39.0345 5252 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/14 08:48:39.0392 5252 USBPNPA (3222eb224b6c6a2ff0bcd982f5dbdda4) C:\Windows\system32\drivers\CM108.sys
2011/08/14 08:48:39.0423 5252 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/14 08:48:39.0438 5252 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/14 08:48:39.0454 5252 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/14 08:48:39.0485 5252 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/14 08:48:39.0516 5252 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/14 08:48:39.0548 5252 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/14 08:48:39.0563 5252 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/14 08:48:39.0579 5252 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/14 08:48:39.0610 5252 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/14 08:48:39.0641 5252 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/14 08:48:39.0657 5252 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/14 08:48:39.0672 5252 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/14 08:48:39.0704 5252 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/14 08:48:39.0719 5252 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/14 08:48:39.0750 5252 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/14 08:48:39.0766 5252 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/14 08:48:39.0797 5252 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/14 08:48:39.0828 5252 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/14 08:48:39.0844 5252 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 08:48:39.0860 5252 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/14 08:48:39.0906 5252 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/14 08:48:39.0938 5252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/14 08:48:40.0000 5252 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/14 08:48:40.0016 5252 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/14 08:48:40.0078 5252 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/14 08:48:40.0125 5252 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/14 08:48:40.0172 5252 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/14 08:48:40.0218 5252 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/14 08:48:40.0234 5252 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/14 08:48:40.0281 5252 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/08/14 08:48:40.0312 5252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/14 08:48:40.0328 5252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/14 08:48:40.0343 5252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/08/14 08:48:40.0359 5252 Boot (0x1200) (fcec044c2b2f72354b1066aa220ac791) \Device\Harddisk0\DR0\Partition0
2011/08/14 08:48:40.0390 5252 Boot (0x1200) (3418ea4d096291e125c9ba600b3612ff) \Device\Harddisk1\DR1\Partition0
2011/08/14 08:48:40.0406 5252 Boot (0x1200) (c12ae0ca094ccc11830502903052ff94) \Device\Harddisk2\DR2\Partition0
2011/08/14 08:48:40.0406 5252 ================================================================================
2011/08/14 08:48:40.0406 5252 Scan finished
2011/08/14 08:48:40.0406 5252 ================================================================================
2011/08/14 08:48:40.0421 0916 Detected object count: 0
2011/08/14 08:48:40.0421 0916 Actual detected object count: 0


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 AM

Posted 14 August 2011 - 01:54 AM

Please click Start > All programs > Accessories, right click on Command Prompt and select "run as administrator".

At the command prompt type sfc /scannow and press enter.

Let the system file checker run unhindered. Make sure the Windows DVD is inserted (if windows setup pops up, just close it).

When done, rerun combofix and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 14 August 2011 - 03:48 AM

Elise - here is the combofix log. SFC scan did not reveal any problem...

ComboFix 11-08-13.02 - Dave2 08/14/2011 16:22:50.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.2110 [GMT 8:00]
Running from: c:\users\Dave2\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-07 12:47 . 2011-08-07 12:47--------d-----w-c:\users\Dave iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 12:28 . 2011-08-07 12:28--------d-----w-c:\users\old iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 00:57 . 2011-08-07 00:57--------d-----w-c:\users\Rox - I-POD TOUCH\AppData\Roaming\Malwarebytes
2011-08-05 10:32 . 2011-07-20 01:446881616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-01 10:36 . 2011-08-01 10:36--------d-----w-c:\users\Quinn\AppData\Roaming\Malwarebytes
2011-07-31 12:43 . 2011-07-31 12:43--------d-----w-c:\program files\Bonjour
2011-07-31 12:39 . 2011-07-31 12:39--------d-----w-c:\program files\Apple Software Update
2011-07-31 12:29 . 2011-07-31 12:29--------d-----w-c:\users\New I Pad 2\AppData\Local\Apple
2011-07-31 12:29 . 2011-07-31 12:29--------d-----w-c:\users\New I Pad 2\AppData\Roaming\Malwarebytes
2011-07-28 22:52 . 2011-07-28 22:52--------d-----w-c:\users\Old iPad\AppData\Roaming\Malwarebytes
2011-07-28 13:17 . 2011-07-28 13:17--------d-----w-c:\users\Dave2\DoctorWeb
2011-07-28 12:54 . 2011-08-06 04:57--------d-----w-c:\windows\system32\catroot2
2011-07-28 11:56 . 2011-07-28 11:56--------d-----w-c:\windows\CheckSur
2011-07-28 11:12 . 2011-04-25 15:29141104----a-w-c:\program files\Internet Explorer\sqmapi.dll
2011-07-28 11:12 . 2011-04-22 23:252382848----a-w-c:\windows\system32\mshtml.tlb
2011-07-28 11:12 . 2011-04-22 23:351797632----a-w-c:\windows\system32\jscript9.dll
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\users\Dave2\AppData\Roaming\Malwarebytes
2011-07-28 08:43 . 2011-07-06 11:5241272----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\programdata\Malwarebytes
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2011-07-28 08:43 . 2011-07-06 11:5222712----a-w-c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 01:44 . 2010-01-03 01:306881616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 03:20 . 2011-07-12 03:2083816----a-w-c:\windows\system32\dns-sd.exe
2011-07-12 03:20 . 2011-07-12 03:2073064----a-w-c:\windows\system32\dnssd.dll
2008-12-31 01:23 . 2008-12-31 01:23122880----a-w-c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\System32\appmgmts.dll
.
[7] 2009-07-14 . 72DD56197DB4AF4DE203EFE0D9E5901E . 29696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasriplistener_31bf3856ad364e35_6.1.7600.16385_none_fb89c77bbe24cc74\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\System32\iprip.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 16:4575304-c--a-w-c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 16:43455168----a-w-c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 16:43455168----a-w-c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-18 06:22843776----a-r-c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 17:16185896-c--a-w-c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl4014d2fb;MpKsl4014d2fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CD8A6BE-0257-45AA-B861-0CD23079F378}\MpKsl4014d2fb.sys [x]
R1 MpKsl498e21cb;MpKsl498e21cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE5C89B1-2E31-4503-8EE3-15188B518A1F}\MpKsl498e21cb.sys [x]
R1 MpKsl82387b04;MpKsl82387b04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25704B3E-885D-44E5-AC05-40CB0FC0A361}\MpKsl82387b04.sys [x]
R1 MpKsl8f8f83e7;MpKsl8f8f83e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45A5797D-0E5C-4702-803C-5F7D27F4B325}\MpKsl8f8f83e7.sys [x]
R1 MpKslf5ba9734;MpKslf5ba9734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA14C37A-4A59-418C-8785-B35FFDF0350C}\MpKslf5ba9734.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98283e9bdc6e8;Google Update Service (gupdate1c98283e9bdc6e8);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-09-03 1515520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSP;avast! Self Protection; [x]
S1 MpKsl8460b6f3;MpKsl8460b6f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B67D5F9E-16D6-44CA-95C2-531978607A05}\MpKsl8460b6f3.sys [2011-08-14 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-29 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-02-02 65856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-06 375808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8460B6F3
.
Contents of the 'Scheduled Tasks' folder
.
2008-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001Core.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001UA.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007Core.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007UA.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009Core.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009UA.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 210.21.4.130
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3696)
c:\program files\Axon Data\AxCrypt\1.6.3\AxCrypt.dll
.
Completion time: 2011-08-14 16:34:46
ComboFix-quarantined-files.txt 2011-08-14 08:34
ComboFix2.txt 2011-08-13 13:27
.
Pre-Run: 20,055,818,240 bytes free
Post-Run: 19,734,511,616 bytes free
.
- - End Of File - - 5A17A079D7ACE7922AF02BEECDBF8325



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 AM

Posted 14 August 2011 - 03:55 AM

Hi again, are you sure SFC ran normally? I see no sign that it ran at all. See also here, Option 2.

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or MS Security Essentials.

Please let me know how things are running now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 roxdav

roxdav
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guangzhou, China
  • Local time:04:35 PM

Posted 14 August 2011 - 08:07 AM

Elise, okay I uninstalled MSE and I've run SFC four more times and same results. I followed the suggestions in the windows 7 forums you linked to. I also ran the command line to create a txt file of the relevant log entries. Also ran combofix again. here are the logs from both combofix and sfsdetails. Not sure what is going on - still cannot use windows updater and uploading anything takes foreever. Not having these problems on my Mac laptop despite having the same IP service, router etc...

ComboFix 11-08-13.02 - Dave2 08/14/2011 20:10:03.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3007.2173 [GMT 8:00]
Running from: c:\users\Dave2\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Rox - I-POD TOUCH\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Quinn\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\old iTouch 1\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Old iPad\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\New I Pad 2\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Default\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Dave iTouch 1\AppData\Local\temp
2011-08-14 12:19 . 2011-08-14 12:19--------d-----w-c:\users\Administrator\AppData\Local\temp
2011-08-13 13:27 . 2011-08-14 12:19--------d-----w-c:\users\Dave2\AppData\Local\temp
2011-08-07 12:47 . 2011-08-07 12:47--------d-----w-c:\users\Dave iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 12:28 . 2011-08-07 12:28--------d-----w-c:\users\old iTouch 1\AppData\Roaming\Malwarebytes
2011-08-07 00:57 . 2011-08-07 00:57--------d-----w-c:\users\Rox - I-POD TOUCH\AppData\Roaming\Malwarebytes
2011-08-01 10:36 . 2011-08-01 10:36--------d-----w-c:\users\Quinn\AppData\Roaming\Malwarebytes
2011-07-31 12:43 . 2011-07-31 12:43--------d-----w-c:\program files\Bonjour
2011-07-31 12:39 . 2011-07-31 12:39--------d-----w-c:\program files\Apple Software Update
2011-07-31 12:29 . 2011-07-31 12:29--------d-----w-c:\users\New I Pad 2\AppData\Local\Apple
2011-07-31 12:29 . 2011-07-31 12:29--------d-----w-c:\users\New I Pad 2\AppData\Roaming\Malwarebytes
2011-07-28 22:52 . 2011-07-28 22:52--------d-----w-c:\users\Old iPad\AppData\Roaming\Malwarebytes
2011-07-28 13:17 . 2011-07-28 13:17--------d-----w-c:\users\Dave2\DoctorWeb
2011-07-28 12:54 . 2011-08-06 04:57--------d-----w-c:\windows\system32\catroot2
2011-07-28 11:56 . 2011-07-28 11:56--------d-----w-c:\windows\CheckSur
2011-07-28 11:12 . 2011-04-25 15:29141104----a-w-c:\program files\Internet Explorer\sqmapi.dll
2011-07-28 11:12 . 2011-04-22 23:252382848----a-w-c:\windows\system32\mshtml.tlb
2011-07-28 11:12 . 2011-04-22 23:351797632----a-w-c:\windows\system32\jscript9.dll
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\users\Dave2\AppData\Roaming\Malwarebytes
2011-07-28 08:43 . 2011-07-06 11:5241272----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\programdata\Malwarebytes
2011-07-28 08:43 . 2011-07-28 08:43--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2011-07-28 08:43 . 2011-07-06 11:5222712----a-w-c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 03:20 . 2011-07-12 03:2083816----a-w-c:\windows\system32\dns-sd.exe
2011-07-12 03:20 . 2011-07-12 03:2073064----a-w-c:\windows\system32\dnssd.dll
2008-12-31 01:23 . 2008-12-31 01:23122880----a-w-c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\System32\appmgmts.dll
.
[7] 2009-07-14 . 72DD56197DB4AF4DE203EFE0D9E5901E . 29696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasriplistener_31bf3856ad364e35_6.1.7600.16385_none_fb89c77bbe24cc74\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\System32\iprip.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 16:4575304-c--a-w-c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 16:43455168----a-w-c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 16:43455168----a-w-c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-18 06:22843776----a-r-c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 17:16185896-c--a-w-c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl4014d2fb;MpKsl4014d2fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CD8A6BE-0257-45AA-B861-0CD23079F378}\MpKsl4014d2fb.sys [x]
R1 MpKsl498e21cb;MpKsl498e21cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE5C89B1-2E31-4503-8EE3-15188B518A1F}\MpKsl498e21cb.sys [x]
R1 MpKsl82387b04;MpKsl82387b04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25704B3E-885D-44E5-AC05-40CB0FC0A361}\MpKsl82387b04.sys [x]
R1 MpKsl8f8f83e7;MpKsl8f8f83e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45A5797D-0E5C-4702-803C-5F7D27F4B325}\MpKsl8f8f83e7.sys [x]
R1 MpKslf5ba9734;MpKslf5ba9734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA14C37A-4A59-418C-8785-B35FFDF0350C}\MpKslf5ba9734.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98283e9bdc6e8;Google Update Service (gupdate1c98283e9bdc6e8);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-09-03 1515520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-29 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-02-02 65856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-06 375808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2008-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 02:39]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001Core.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1001UA.job
- c:\users\Dave2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-30 13:24]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007Core.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1007UA.job
- c:\users\Rox - I-POD TOUCH\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 19:07]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009Core.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3820272611-3222091546-2931051051-1009UA.job
- c:\users\Quinn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 06:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 210.21.4.130
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-14 20:22:32
ComboFix-quarantined-files.txt 2011-08-14 12:22
ComboFix2.txt 2011-08-14 08:34
ComboFix3.txt 2011-08-13 13:27
.
Pre-Run: 20,100,108,288 bytes free
Post-Run: 19,800,117,248 bytes free
.
- - End Of File - - 914F04D03C3EB52A601E44566E253428




2011-08-14 16:14:58, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:14:58, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:00, Info CSI 0000000c [SR] Verify complete
2011-08-14 16:15:00, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:00, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:01, Info CSI 00000010 [SR] Verify complete
2011-08-14 16:15:01, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:01, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:03, Info CSI 00000014 [SR] Verify complete
2011-08-14 16:15:04, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:04, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:05, Info CSI 00000018 [SR] Verify complete
2011-08-14 16:15:05, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:05, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:06, Info CSI 0000001c [SR] Verify complete
2011-08-14 16:15:06, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:06, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:07, Info CSI 00000020 [SR] Verify complete
2011-08-14 16:15:08, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:08, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:09, Info CSI 00000024 [SR] Verify complete
2011-08-14 16:15:09, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:09, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:10, Info CSI 00000028 [SR] Verify complete
2011-08-14 16:15:10, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:10, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:11, Info CSI 0000002c [SR] Verify complete
2011-08-14 16:15:12, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:12, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:13, Info CSI 00000030 [SR] Verify complete
2011-08-14 16:15:14, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:14, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:16, Info CSI 00000034 [SR] Verify complete
2011-08-14 16:15:17, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:17, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:18, Info CSI 0000003b [SR] Verify complete
2011-08-14 16:15:19, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:19, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:21, Info CSI 00000040 [SR] Verify complete
2011-08-14 16:15:21, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:21, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:23, Info CSI 00000046 [SR] Verify complete
2011-08-14 16:15:24, Info CSI 00000047 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:24, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:29, Info CSI 00000052 [SR] Verify complete
2011-08-14 16:15:29, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:29, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:31, Info CSI 00000056 [SR] Verify complete
2011-08-14 16:15:32, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:32, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:34, Info CSI 0000005a [SR] Verify complete
2011-08-14 16:15:34, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:34, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:37, Info CSI 0000005e [SR] Verify complete
2011-08-14 16:15:37, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:37, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:38, Info CSI 00000062 [SR] Verify complete
2011-08-14 16:15:39, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:39, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:43, Info CSI 00000066 [SR] Verify complete
2011-08-14 16:15:43, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:43, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:48, Info CSI 0000006c [SR] Verify complete
2011-08-14 16:15:48, Info CSI 0000006d [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:48, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-08-14 16:15:52, Info CSI 00000070 [SR] Verify complete
2011-08-14 16:15:52, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:15:52, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:02, Info CSI 00000074 [SR] Verify complete
2011-08-14 16:16:02, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:02, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:04, Info CSI 00000078 [SR] Verify complete
2011-08-14 16:16:04, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:04, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:06, Info CSI 0000007c [SR] Verify complete
2011-08-14 16:16:06, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:06, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:07, Info CSI 00000080 [SR] Verify complete
2011-08-14 16:16:07, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:07, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:13, Info CSI 00000097 [SR] Verify complete
2011-08-14 16:16:13, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:13, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:16, Info CSI 000000a4 [SR] Verify complete
2011-08-14 16:16:16, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:16, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:17, Info CSI 000000a8 [SR] Verify complete
2011-08-14 16:16:17, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:17, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:19, Info CSI 000000ac [SR] Verify complete
2011-08-14 16:16:19, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:19, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:21, Info CSI 000000b0 [SR] Verify complete
2011-08-14 16:16:22, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:22, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:26, Info CSI 000000b5 [SR] Verify complete
2011-08-14 16:16:26, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:26, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:29, Info CSI 000000b9 [SR] Verify complete
2011-08-14 16:16:29, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:29, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:30, Info CSI 000000bd [SR] Verify complete
2011-08-14 16:16:30, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:30, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:32, Info CSI 000000c1 [SR] Verify complete
2011-08-14 16:16:32, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:32, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:34, Info CSI 000000c5 [SR] Verify complete
2011-08-14 16:16:34, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:34, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:37, Info CSI 000000c9 [SR] Verify complete
2011-08-14 16:16:37, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:37, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:42, Info CSI 000000ce [SR] Verify complete
2011-08-14 16:16:42, Info CSI 000000cf [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:42, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:49, Info CSI 000000f5 [SR] Verify complete
2011-08-14 16:16:49, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:49, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-08-14 16:16:54, Info CSI 000000f9 [SR] Verify complete
2011-08-14 16:16:54, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2011-08-14 16:16:54, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:07, Info CSI 000000fd [SR] Verify complete
2011-08-14 16:17:07, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:07, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:13, Info CSI 00000102 [SR] Verify complete
2011-08-14 16:17:13, Info CSI 00000103 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:13, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:16, Info CSI 00000106 [SR] Verify complete
2011-08-14 16:17:17, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:17, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:18, Info CSI 0000010a [SR] Verify complete
2011-08-14 16:17:19, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:19, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:21, Info CSI 0000010e [SR] Verify complete
2011-08-14 16:17:21, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:21, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:23, Info CSI 00000113 [SR] Verify complete
2011-08-14 16:17:23, Info CSI 00000114 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:23, Info CSI 00000115 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:25, Info CSI 00000117 [SR] Verify complete
2011-08-14 16:17:25, Info CSI 00000118 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:25, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:37, Info CSI 0000011b [SR] Verify complete
2011-08-14 16:17:38, Info CSI 0000011c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:38, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:43, Info CSI 00000120 [SR] Verify complete
2011-08-14 16:17:43, Info CSI 00000121 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:43, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:45, Info CSI 00000124 [SR] Verify complete
2011-08-14 16:17:45, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:45, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:48, Info CSI 00000128 [SR] Verify complete
2011-08-14 16:17:48, Info CSI 00000129 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:48, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:53, Info CSI 0000012d [SR] Verify complete
2011-08-14 16:17:53, Info CSI 0000012e [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:53, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:56, Info CSI 00000131 [SR] Verify complete
2011-08-14 16:17:56, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:56, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2011-08-14 16:17:59, Info CSI 00000135 [SR] Verify complete
2011-08-14 16:17:59, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:17:59, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:01, Info CSI 0000013a [SR] Verify complete
2011-08-14 16:18:02, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:02, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:04, Info CSI 0000013e [SR] Verify complete
2011-08-14 16:18:05, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:05, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:06, Info CSI 00000142 [SR] Verify complete
2011-08-14 16:18:06, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:06, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:09, Info CSI 00000146 [SR] Verify complete
2011-08-14 16:18:09, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:09, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:13, Info CSI 0000014b [SR] Verify complete
2011-08-14 16:18:13, Info CSI 0000014c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:13, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:17, Info CSI 0000014f [SR] Verify complete
2011-08-14 16:18:17, Info CSI 00000150 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:17, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:20, Info CSI 00000153 [SR] Verify complete
2011-08-14 16:18:21, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:21, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:24, Info CSI 00000157 [SR] Verify complete
2011-08-14 16:18:24, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:24, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:25, Info CSI 0000015b [SR] Verify complete
2011-08-14 16:18:25, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:25, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:27, Info CSI 0000015f [SR] Verify complete
2011-08-14 16:18:27, Info CSI 00000160 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:27, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:29, Info CSI 00000163 [SR] Verify complete
2011-08-14 16:18:29, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:29, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:31, Info CSI 00000167 [SR] Verify complete
2011-08-14 16:18:31, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:31, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:33, Info CSI 0000016b [SR] Verify complete
2011-08-14 16:18:33, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:33, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:34, Info CSI 0000016f [SR] Verify complete
2011-08-14 16:18:35, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:35, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:39, Info CSI 00000173 [SR] Verify complete
2011-08-14 16:18:39, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:39, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:48, Info CSI 00000177 [SR] Verify complete
2011-08-14 16:18:48, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:48, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:50, Info CSI 0000017b [SR] Verify complete
2011-08-14 16:18:50, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:50, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:52, Info CSI 0000017f [SR] Verify complete
2011-08-14 16:18:53, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:53, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:54, Info CSI 00000183 [SR] Verify complete
2011-08-14 16:18:54, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:54, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:55, Info CSI 00000187 [SR] Verify complete
2011-08-14 16:18:56, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:56, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-08-14 16:18:57, Info CSI 0000018b [SR] Verify complete
2011-08-14 16:18:57, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2011-08-14 16:18:57, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-08-14 16:19:01, Info CSI 0000018f [SR] Verify complete
2011-08-14 16:19:01, Info CSI 00000190 [SR] Verifying 26 (0x0000001a) components
2011-08-14 16:19:01, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-08-14 16:19:01, Info CSI 00000193 [SR] Verify complete
2011-08-14 16:19:01, Info CSI 00000194 [SR] Repairing 0 components
2011-08-14 16:19:01, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-08-14 16:19:01, Info CSI 00000197 [SR] Repair complete
2011-08-14 18:59:56, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2011-08-14 18:59:56, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-08-14 18:59:58, Info CSI 0000000c [SR] Verify complete
2011-08-14 18:59:58, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2011-08-14 18:59:58, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-08-14 18:59:59, Info CSI 00000010 [SR] Verify complete
2011-08-14 18:59:59, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2011-08-14 18:59:59, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:01, Info CSI 00000014 [SR] Verify complete
2011-08-14 19:00:01, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:01, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:02, Info CSI 00000018 [SR] Verify complete
2011-08-14 19:00:02, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:02, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:03, Info CSI 0000001c [SR] Verify complete
2011-08-14 19:00:03, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:03, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:04, Info CSI 00000020 [SR] Verify complete
2011-08-14 19:00:04, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:04, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:05, Info CSI 00000024 [SR] Verify complete
2011-08-14 19:00:06, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:06, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:06, Info CSI 00000028 [SR] Verify complete
2011-08-14 19:00:07, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:07, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:07, Info CSI 0000002c [SR] Verify complete
2011-08-14 19:00:07, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:07, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:09, Info CSI 00000030 [SR] Verify complete
2011-08-14 19:00:09, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:09, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:12, Info CSI 00000034 [SR] Verify complete
2011-08-14 19:00:12, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:12, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:13, Info CSI 0000003b [SR] Verify complete
2011-08-14 19:00:14, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:14, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:16, Info CSI 00000040 [SR] Verify complete
2011-08-14 19:00:16, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:16, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:18, Info CSI 00000046 [SR] Verify complete
2011-08-14 19:00:18, Info CSI 00000047 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:18, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:23, Info CSI 00000052 [SR] Verify complete
2011-08-14 19:00:23, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:23, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:25, Info CSI 00000056 [SR] Verify complete
2011-08-14 19:00:26, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:26, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:28, Info CSI 0000005a [SR] Verify complete
2011-08-14 19:00:28, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:28, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:30, Info CSI 0000005e [SR] Verify complete
2011-08-14 19:00:30, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:30, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:32, Info CSI 00000062 [SR] Verify complete
2011-08-14 19:00:32, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:32, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:35, Info CSI 00000066 [SR] Verify complete
2011-08-14 19:00:36, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:36, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:40, Info CSI 0000006c [SR] Verify complete
2011-08-14 19:00:41, Info CSI 0000006d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:41, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:44, Info CSI 00000070 [SR] Verify complete
2011-08-14 19:00:44, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:44, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:53, Info CSI 00000074 [SR] Verify complete
2011-08-14 19:00:53, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:53, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:55, Info CSI 00000078 [SR] Verify complete
2011-08-14 19:00:56, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:56, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:57, Info CSI 0000007c [SR] Verify complete
2011-08-14 19:00:57, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:57, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-08-14 19:00:58, Info CSI 00000080 [SR] Verify complete
2011-08-14 19:00:58, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:00:58, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:04, Info CSI 00000097 [SR] Verify complete
2011-08-14 19:01:04, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:04, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:06, Info CSI 000000a4 [SR] Verify complete
2011-08-14 19:01:07, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:07, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:07, Info CSI 000000a8 [SR] Verify complete
2011-08-14 19:01:07, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:07, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:09, Info CSI 000000ac [SR] Verify complete
2011-08-14 19:01:09, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:09, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:11, Info CSI 000000b0 [SR] Verify complete
2011-08-14 19:01:11, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:11, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:15, Info CSI 000000b5 [SR] Verify complete
2011-08-14 19:01:16, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:16, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:18, Info CSI 000000b9 [SR] Verify complete
2011-08-14 19:01:19, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:19, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:19, Info CSI 000000bd [SR] Verify complete
2011-08-14 19:01:19, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:19, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:21, Info CSI 000000c1 [SR] Verify complete
2011-08-14 19:01:21, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:21, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:23, Info CSI 000000c5 [SR] Verify complete
2011-08-14 19:01:23, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:23, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:25, Info CSI 000000c9 [SR] Verify complete
2011-08-14 19:01:25, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:25, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:29, Info CSI 000000ce [SR] Verify complete
2011-08-14 19:01:30, Info CSI 000000cf [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:30, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:36, Info CSI 000000f5 [SR] Verify complete
2011-08-14 19:01:36, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:36, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:40, Info CSI 000000f9 [SR] Verify complete
2011-08-14 19:01:40, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:40, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:53, Info CSI 000000fd [SR] Verify complete
2011-08-14 19:01:53, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:53, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2011-08-14 19:01:58, Info CSI 00000102 [SR] Verify complete
2011-08-14 19:01:58, Info CSI 00000103 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:01:58, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:02, Info CSI 00000106 [SR] Verify complete
2011-08-14 19:02:02, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:02, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:04, Info CSI 0000010a [SR] Verify complete
2011-08-14 19:02:04, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:04, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:06, Info CSI 0000010e [SR] Verify complete
2011-08-14 19:02:06, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:06, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:08, Info CSI 00000113 [SR] Verify complete
2011-08-14 19:02:08, Info CSI 00000114 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:08, Info CSI 00000115 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:09, Info CSI 00000117 [SR] Verify complete
2011-08-14 19:02:09, Info CSI 00000118 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:09, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:21, Info CSI 0000011b [SR] Verify complete
2011-08-14 19:02:21, Info CSI 0000011c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:21, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:26, Info CSI 00000120 [SR] Verify complete
2011-08-14 19:02:26, Info CSI 00000121 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:26, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:28, Info CSI 00000124 [SR] Verify complete
2011-08-14 19:02:28, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:28, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:30, Info CSI 00000128 [SR] Verify complete
2011-08-14 19:02:31, Info CSI 00000129 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:31, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:35, Info CSI 0000012d [SR] Verify complete
2011-08-14 19:02:35, Info CSI 0000012e [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:35, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:37, Info CSI 00000131 [SR] Verify complete
2011-08-14 19:02:38, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:38, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:40, Info CSI 00000135 [SR] Verify complete
2011-08-14 19:02:40, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:40, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:42, Info CSI 0000013a [SR] Verify complete
2011-08-14 19:02:42, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:42, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:45, Info CSI 0000013e [SR] Verify complete
2011-08-14 19:02:45, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:45, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:46, Info CSI 00000142 [SR] Verify complete
2011-08-14 19:02:47, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:47, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:49, Info CSI 00000146 [SR] Verify complete
2011-08-14 19:02:49, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:49, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:53, Info CSI 0000014b [SR] Verify complete
2011-08-14 19:02:53, Info CSI 0000014c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:53, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2011-08-14 19:02:57, Info CSI 0000014f [SR] Verify complete
2011-08-14 19:02:57, Info CSI 00000150 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:02:57, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:00, Info CSI 00000153 [SR] Verify complete
2011-08-14 19:03:02, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:02, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:05, Info CSI 00000157 [SR] Verify complete
2011-08-14 19:03:05, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:05, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:06, Info CSI 0000015b [SR] Verify complete
2011-08-14 19:03:06, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:06, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:08, Info CSI 0000015f [SR] Verify complete
2011-08-14 19:03:08, Info CSI 00000160 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:08, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:09, Info CSI 00000163 [SR] Verify complete
2011-08-14 19:03:09, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:09, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:11, Info CSI 00000167 [SR] Verify complete
2011-08-14 19:03:11, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:11, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:12, Info CSI 0000016b [SR] Verify complete
2011-08-14 19:03:13, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:13, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:14, Info CSI 0000016f [SR] Verify complete
2011-08-14 19:03:14, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:14, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:18, Info CSI 00000173 [SR] Verify complete
2011-08-14 19:03:18, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:18, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:26, Info CSI 00000177 [SR] Verify complete
2011-08-14 19:03:26, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:26, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:28, Info CSI 0000017b [SR] Verify complete
2011-08-14 19:03:28, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:28, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:30, Info CSI 0000017f [SR] Verify complete
2011-08-14 19:03:30, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:30, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:30, Info CSI 00000183 [SR] Verify complete
2011-08-14 19:03:31, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:31, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:32, Info CSI 00000187 [SR] Verify complete
2011-08-14 19:03:32, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:32, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:34, Info CSI 0000018b [SR] Verify complete
2011-08-14 19:03:34, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:03:34, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:37, Info CSI 0000018f [SR] Verify complete
2011-08-14 19:03:37, Info CSI 00000190 [SR] Verifying 26 (0x0000001a) components
2011-08-14 19:03:37, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:37, Info CSI 00000193 [SR] Verify complete
2011-08-14 19:03:37, Info CSI 00000194 [SR] Repairing 0 components
2011-08-14 19:03:37, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-08-14 19:03:37, Info CSI 00000197 [SR] Repair complete
2011-08-14 19:14:20, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:20, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:21, Info CSI 0000000c [SR] Verify complete
2011-08-14 19:14:21, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:21, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:22, Info CSI 00000010 [SR] Verify complete
2011-08-14 19:14:22, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:22, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:24, Info CSI 00000014 [SR] Verify complete
2011-08-14 19:14:24, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:24, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:25, Info CSI 00000018 [SR] Verify complete
2011-08-14 19:14:25, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:25, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:26, Info CSI 0000001c [SR] Verify complete
2011-08-14 19:14:26, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:26, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:27, Info CSI 00000020 [SR] Verify complete
2011-08-14 19:14:28, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:28, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:29, Info CSI 00000024 [SR] Verify complete
2011-08-14 19:14:29, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:29, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:29, Info CSI 00000028 [SR] Verify complete
2011-08-14 19:14:30, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:30, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:30, Info CSI 0000002c [SR] Verify complete
2011-08-14 19:14:30, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:30, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:32, Info CSI 00000030 [SR] Verify complete
2011-08-14 19:14:32, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:32, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:35, Info CSI 00000034 [SR] Verify complete
2011-08-14 19:14:35, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:35, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:36, Info CSI 0000003b [SR] Verify complete
2011-08-14 19:14:37, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:37, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:38, Info CSI 00000040 [SR] Verify complete
2011-08-14 19:14:39, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:39, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:41, Info CSI 00000046 [SR] Verify complete
2011-08-14 19:14:41, Info CSI 00000047 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:41, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:46, Info CSI 00000052 [SR] Verify complete
2011-08-14 19:14:46, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:46, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:49, Info CSI 00000056 [SR] Verify complete
2011-08-14 19:14:49, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:49, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:51, Info CSI 0000005a [SR] Verify complete
2011-08-14 19:14:52, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:52, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:54, Info CSI 0000005e [SR] Verify complete
2011-08-14 19:14:54, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:54, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:55, Info CSI 00000062 [SR] Verify complete
2011-08-14 19:14:55, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:14:55, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2011-08-14 19:14:59, Info CSI 00000066 [SR] Verify complete
2011-08-14 19:15:00, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:00, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:05, Info CSI 0000006c [SR] Verify complete
2011-08-14 19:15:05, Info CSI 0000006d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:05, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:09, Info CSI 00000070 [SR] Verify complete
2011-08-14 19:15:09, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:09, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:17, Info CSI 00000074 [SR] Verify complete
2011-08-14 19:15:18, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:18, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:19, Info CSI 00000078 [SR] Verify complete
2011-08-14 19:15:20, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:20, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:21, Info CSI 0000007c [SR] Verify complete
2011-08-14 19:15:21, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:21, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:22, Info CSI 00000080 [SR] Verify complete
2011-08-14 19:15:22, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:22, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:28, Info CSI 00000097 [SR] Verify complete
2011-08-14 19:15:28, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:28, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:30, Info CSI 000000a4 [SR] Verify complete
2011-08-14 19:15:31, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:31, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:31, Info CSI 000000a8 [SR] Verify complete
2011-08-14 19:15:31, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:31, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:33, Info CSI 000000ac [SR] Verify complete
2011-08-14 19:15:33, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:33, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:35, Info CSI 000000b0 [SR] Verify complete
2011-08-14 19:15:35, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:35, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:39, Info CSI 000000b5 [SR] Verify complete
2011-08-14 19:15:39, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:39, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:42, Info CSI 000000b9 [SR] Verify complete
2011-08-14 19:15:43, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:43, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:43, Info CSI 000000bd [SR] Verify complete
2011-08-14 19:15:43, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:43, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:45, Info CSI 000000c1 [SR] Verify complete
2011-08-14 19:15:45, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:45, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:47, Info CSI 000000c5 [SR] Verify complete
2011-08-14 19:15:47, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:47, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:49, Info CSI 000000c9 [SR] Verify complete
2011-08-14 19:15:49, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:49, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2011-08-14 19:15:53, Info CSI 000000ce [SR] Verify complete
2011-08-14 19:15:53, Info CSI 000000cf [SR] Verifying 100 (0x00000064) components
2011-08-14 19:15:53, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:00, Info CSI 000000f5 [SR] Verify complete
2011-08-14 19:16:00, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:00, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:04, Info CSI 000000f9 [SR] Verify complete
2011-08-14 19:16:04, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:04, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:16, Info CSI 000000fd [SR] Verify complete
2011-08-14 19:16:16, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:16, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:21, Info CSI 00000102 [SR] Verify complete
2011-08-14 19:16:22, Info CSI 00000103 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:22, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:25, Info CSI 00000106 [SR] Verify complete
2011-08-14 19:16:25, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:25, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:26, Info CSI 0000010a [SR] Verify complete
2011-08-14 19:16:27, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:27, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:29, Info CSI 0000010e [SR] Verify complete
2011-08-14 19:16:29, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:29, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:31, Info CSI 00000113 [SR] Verify complete
2011-08-14 19:16:31, Info CSI 00000114 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:31, Info CSI 00000115 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:32, Info CSI 00000117 [SR] Verify complete
2011-08-14 19:16:32, Info CSI 00000118 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:32, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:44, Info CSI 0000011b [SR] Verify complete
2011-08-14 19:16:44, Info CSI 0000011c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:44, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:49, Info CSI 00000120 [SR] Verify complete
2011-08-14 19:16:49, Info CSI 00000121 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:49, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:50, Info CSI 00000124 [SR] Verify complete
2011-08-14 19:16:51, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:51, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:53, Info CSI 00000128 [SR] Verify complete
2011-08-14 19:16:53, Info CSI 00000129 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:53, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2011-08-14 19:16:57, Info CSI 0000012d [SR] Verify complete
2011-08-14 19:16:58, Info CSI 0000012e [SR] Verifying 100 (0x00000064) components
2011-08-14 19:16:58, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:00, Info CSI 00000131 [SR] Verify complete
2011-08-14 19:17:00, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:00, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:03, Info CSI 00000135 [SR] Verify complete
2011-08-14 19:17:03, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:03, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:05, Info CSI 0000013a [SR] Verify complete
2011-08-14 19:17:05, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:05, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:07, Info CSI 0000013e [SR] Verify complete
2011-08-14 19:17:07, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:07, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:09, Info CSI 00000142 [SR] Verify complete
2011-08-14 19:17:09, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:09, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:12, Info CSI 00000146 [SR] Verify complete
2011-08-14 19:17:12, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:12, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:15, Info CSI 0000014b [SR] Verify complete
2011-08-14 19:17:15, Info CSI 0000014c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:15, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:19, Info CSI 0000014f [SR] Verify complete
2011-08-14 19:17:19, Info CSI 00000150 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:19, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:22, Info CSI 00000153 [SR] Verify complete
2011-08-14 19:17:22, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:22, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:25, Info CSI 00000157 [SR] Verify complete
2011-08-14 19:17:25, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:25, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:26, Info CSI 0000015b [SR] Verify complete
2011-08-14 19:17:26, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:26, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:28, Info CSI 0000015f [SR] Verify complete
2011-08-14 19:17:28, Info CSI 00000160 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:28, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:29, Info CSI 00000163 [SR] Verify complete
2011-08-14 19:17:29, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:29, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:31, Info CSI 00000167 [SR] Verify complete
2011-08-14 19:17:31, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:31, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:32, Info CSI 0000016b [SR] Verify complete
2011-08-14 19:17:32, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:32, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:34, Info CSI 0000016f [SR] Verify complete
2011-08-14 19:17:34, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:34, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:37, Info CSI 00000173 [SR] Verify complete
2011-08-14 19:17:38, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:38, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:46, Info CSI 00000177 [SR] Verify complete
2011-08-14 19:17:46, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:46, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:47, Info CSI 0000017b [SR] Verify complete
2011-08-14 19:17:47, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:47, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:49, Info CSI 0000017f [SR] Verify complete
2011-08-14 19:17:49, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:49, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:50, Info CSI 00000183 [SR] Verify complete
2011-08-14 19:17:50, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:50, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:52, Info CSI 00000187 [SR] Verify complete
2011-08-14 19:17:52, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:52, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:53, Info CSI 0000018b [SR] Verify complete
2011-08-14 19:17:53, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2011-08-14 19:17:53, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:56, Info CSI 0000018f [SR] Verify complete
2011-08-14 19:17:56, Info CSI 00000190 [SR] Verifying 26 (0x0000001a) components
2011-08-14 19:17:56, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:57, Info CSI 00000193 [SR] Verify complete
2011-08-14 19:17:57, Info CSI 00000194 [SR] Repairing 0 components
2011-08-14 19:17:57, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-08-14 19:17:57, Info CSI 00000197 [SR] Repair complete
2011-08-14 20:00:59, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:00:59, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:00, Info CSI 0000000c [SR] Verify complete
2011-08-14 20:01:00, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:00, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:01, Info CSI 00000010 [SR] Verify complete
2011-08-14 20:01:02, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:02, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:04, Info CSI 00000014 [SR] Verify complete
2011-08-14 20:01:04, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:04, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:05, Info CSI 00000018 [SR] Verify complete
2011-08-14 20:01:05, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:05, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:06, Info CSI 0000001c [SR] Verify complete
2011-08-14 20:01:06, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:06, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:07, Info CSI 00000020 [SR] Verify complete
2011-08-14 20:01:07, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:07, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:09, Info CSI 00000024 [SR] Verify complete
2011-08-14 20:01:09, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:09, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:10, Info CSI 00000028 [SR] Verify complete
2011-08-14 20:01:10, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:10, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:10, Info CSI 0000002c [SR] Verify complete
2011-08-14 20:01:11, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:11, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:12, Info CSI 00000030 [SR] Verify complete
2011-08-14 20:01:13, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:13, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:15, Info CSI 00000034 [SR] Verify complete
2011-08-14 20:01:15, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:15, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:17, Info CSI 0000003b [SR] Verify complete
2011-08-14 20:01:17, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:17, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:19, Info CSI 00000040 [SR] Verify complete
2011-08-14 20:01:19, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:19, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:22, Info CSI 00000046 [SR] Verify complete
2011-08-14 20:01:22, Info CSI 00000047 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:22, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:27, Info CSI 00000052 [SR] Verify complete
2011-08-14 20:01:27, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:27, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:29, Info CSI 00000056 [SR] Verify complete
2011-08-14 20:01:30, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:30, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:32, Info CSI 0000005a [SR] Verify complete
2011-08-14 20:01:32, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:32, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:34, Info CSI 0000005e [SR] Verify complete
2011-08-14 20:01:35, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:35, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:36, Info CSI 00000062 [SR] Verify complete
2011-08-14 20:01:36, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:36, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:40, Info CSI 00000066 [SR] Verify complete
2011-08-14 20:01:40, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:40, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:45, Info CSI 0000006c [SR] Verify complete
2011-08-14 20:01:46, Info CSI 0000006d [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:46, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:49, Info CSI 00000070 [SR] Verify complete
2011-08-14 20:01:50, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:50, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-08-14 20:01:58, Info CSI 00000074 [SR] Verify complete
2011-08-14 20:01:59, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:01:59, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:01, Info CSI 00000078 [SR] Verify complete
2011-08-14 20:02:01, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:01, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:02, Info CSI 0000007c [SR] Verify complete
2011-08-14 20:02:02, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:02, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:03, Info CSI 00000080 [SR] Verify complete
2011-08-14 20:02:03, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:03, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:09, Info CSI 00000097 [SR] Verify complete
2011-08-14 20:02:10, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:10, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:12, Info CSI 000000a4 [SR] Verify complete
2011-08-14 20:02:13, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:13, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:13, Info CSI 000000a8 [SR] Verify complete
2011-08-14 20:02:13, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:13, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:15, Info CSI 000000ac [SR] Verify complete
2011-08-14 20:02:15, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:15, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:17, Info CSI 000000b0 [SR] Verify complete
2011-08-14 20:02:18, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:18, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:22, Info CSI 000000b5 [SR] Verify complete
2011-08-14 20:02:22, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:22, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:25, Info CSI 000000b9 [SR] Verify complete
2011-08-14 20:02:25, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:25, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:26, Info CSI 000000bd [SR] Verify complete
2011-08-14 20:02:26, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:26, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:28, Info CSI 000000c1 [SR] Verify complete
2011-08-14 20:02:28, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:28, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:30, Info CSI 000000c5 [SR] Verify complete
2011-08-14 20:02:30, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:30, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:33, Info CSI 000000c9 [SR] Verify complete
2011-08-14 20:02:33, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:33, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:37, Info CSI 000000ce [SR] Verify complete
2011-08-14 20:02:37, Info CSI 000000cf [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:37, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:44, Info CSI 000000f5 [SR] Verify complete
2011-08-14 20:02:44, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:44, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-08-14 20:02:48, Info CSI 000000f9 [SR] Verify complete
2011-08-14 20:02:49, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2011-08-14 20:02:49, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:01, Info CSI 000000fd [SR] Verify complete
2011-08-14 20:03:01, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:01, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:07, Info CSI 00000102 [SR] Verify complete
2011-08-14 20:03:07, Info CSI 00000103 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:07, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:10, Info CSI 00000106 [SR] Verify complete
2011-08-14 20:03:10, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:10, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:12, Info CSI 0000010a [SR] Verify complete
2011-08-14 20:03:12, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:12, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:15, Info CSI 0000010e [SR] Verify complete
2011-08-14 20:03:15, Info CSI 0000010f [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:15, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:17, Info CSI 00000113 [SR] Verify complete
2011-08-14 20:03:17, Info CSI 00000114 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:17, Info CSI 00000115 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:18, Info CSI 00000117 [SR] Verify complete
2011-08-14 20:03:18, Info CSI 00000118 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:18, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:30, Info CSI 0000011b [SR] Verify complete
2011-08-14 20:03:31, Info CSI 0000011c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:31, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:36, Info CSI 00000120 [SR] Verify complete
2011-08-14 20:03:36, Info CSI 00000121 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:36, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:38, Info CSI 00000124 [SR] Verify complete
2011-08-14 20:03:38, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:38, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:40, Info CSI 00000128 [SR] Verify complete
2011-08-14 20:03:41, Info CSI 00000129 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:41, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:45, Info CSI 0000012d [SR] Verify complete
2011-08-14 20:03:45, Info CSI 0000012e [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:45, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:48, Info CSI 00000131 [SR] Verify complete
2011-08-14 20:03:48, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:48, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:51, Info CSI 00000135 [SR] Verify complete
2011-08-14 20:03:51, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:51, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:53, Info CSI 0000013a [SR] Verify complete
2011-08-14 20:03:53, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:53, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:56, Info CSI 0000013e [SR] Verify complete
2011-08-14 20:03:56, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:56, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2011-08-14 20:03:58, Info CSI 00000142 [SR] Verify complete
2011-08-14 20:03:58, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:03:58, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:01, Info CSI 00000146 [SR] Verify complete
2011-08-14 20:04:01, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:01, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:04, Info CSI 0000014b [SR] Verify complete
2011-08-14 20:04:04, Info CSI 0000014c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:04, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:08, Info CSI 0000014f [SR] Verify complete
2011-08-14 20:04:09, Info CSI 00000150 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:09, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:11, Info CSI 00000153 [SR] Verify complete
2011-08-14 20:04:12, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:12, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:14, Info CSI 00000157 [SR] Verify complete
2011-08-14 20:04:15, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:15, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:15, Info CSI 0000015b [SR] Verify complete
2011-08-14 20:04:16, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:16, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:17, Info CSI 0000015f [SR] Verify complete
2011-08-14 20:04:18, Info CSI 00000160 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:18, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:19, Info CSI 00000163 [SR] Verify complete
2011-08-14 20:04:19, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:19, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:21, Info CSI 00000167 [SR] Verify complete
2011-08-14 20:04:21, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:21, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:23, Info CSI 0000016b [SR] Verify complete
2011-08-14 20:04:23, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:23, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:24, Info CSI 0000016f [SR] Verify complete
2011-08-14 20:04:24, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:24, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:28, Info CSI 00000173 [SR] Verify complete
2011-08-14 20:04:28, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:28, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:37, Info CSI 00000177 [SR] Verify complete
2011-08-14 20:04:37, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:37, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:39, Info CSI 0000017b [SR] Verify complete
2011-08-14 20:04:39, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:39, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:41, Info CSI 0000017f [SR] Verify complete
2011-08-14 20:04:41, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:41, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:42, Info CSI 00000183 [SR] Verify complete
2011-08-14 20:04:42, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:42, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:44, Info CSI 00000187 [SR] Verify complete
2011-08-14 20:04:44, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:44, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:46, Info CSI 0000018b [SR] Verify complete
2011-08-14 20:04:46, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2011-08-14 20:04:46, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:49, Info CSI 0000018f [SR] Verify complete
2011-08-14 20:04:49, Info CSI 00000190 [SR] Verifying 26 (0x0000001a) components
2011-08-14 20:04:49, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:49, Info CSI 00000193 [SR] Verify complete
2011-08-14 20:04:49, Info CSI 00000194 [SR] Repairing 0 components
2011-08-14 20:04:49, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-08-14 20:04:49, Info CSI 00000197 [SR] Repair complete






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users