Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop wont connect to internet after Malwarebytes cleaning


  • This topic is locked This topic is locked
64 replies to this topic

#1 taylor354565

taylor354565

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 20 February 2012 - 11:14 PM

After running Malwarebytes and removing some spyware, my laptop would no longer recognise the home wifi signal. Other computers in the house worked fine with the signal. I tried to run a system restore and was told I had errors on my C drive. I tried to scan my C drive for errors and eventually ended up with a black screen with only a recycle bin for a desktop. (everything is there in safemode)
An error pops up which says: Location is not available - C:\Windows\system32\config\systemprofile\Desktop is not accessible - Access is denied.
I also get a pop up in the bottom right corner which says: Failed to connect to a windows service - Windows could not connect to the Group Policy Client service. This problem prevents limited users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_24
Run by henrye at 20:00:21 on 2012-02-20
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2038.1329 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fantasyrundown.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [JumiController] c:\program files\jumi\jumi.exe
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\henrye\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\henrye\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E77E51E-1A11-4931-9F4E-A2F2354961B9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{796A437E-4454-483E-ADE3-5400F0569294} : NameServer = 205.188.146.145
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\henrye\appdata\roaming\mozilla\firefox\profiles\oa5mqplx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.affinityehealth.com/CMS/Login.aspx
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\henrye\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\henrye\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\henrye\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\henrye\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\henrye\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\henrye\program files\dna\plugins\npbtdna.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~2\mcshield.exe [2010-2-11 144704]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-6-11 385536]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-11 34248]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 565248]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-11 359952]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-6-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-11 35272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-6-11 104000]
S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2006-11-2 22016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-5-29 179712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-13 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-11 40552]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-11-2 22016]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~2\mcsysmon.exe [2010-2-11 606736]
.
=============== Created Last 30 ================
.
2012-02-13 07:14:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-06 03:52:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 12:29:34 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43707c0d-6bce-41e9-9e68-c466958973b7}\mpengine.dll
2012-01-23 21:24:17 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-02-13 06:31:41 319488 ----a-w- c:\windows\system32\drivers\csc.sys
2012-02-06 03:52:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:10:01.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 23 February 2012 - 07:24 PM

Hi taylor354565 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!

It would help to have more current information so I am going to request you complete the following, running DDS and GMER a second time.

We apologize for the delay but are quite busy these days with more requests than we can immediately handle.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take anys steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.scr
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Create GMER log

I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 24 February 2012 - 08:25 PM

Greetings taylor354565,


I have had an opportunity to review the information you first posted. Based on that information, please perform the following.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

If you are unable to boot into Normal Mode, please run TDSSKiller in Safe Mode.

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • How is your machine running (boot in Normal Mode?)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 February 2012 - 11:18 AM

after running TDSS my desktop has been restored, but my laptop will not connect to the internet. It recognizes the network but will not connect fully. Here is my TDSS log:

00:11:16.0184 0312 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
00:11:16.0215 0312 ============================================================
00:11:16.0215 0312 Current date / time: 2012/02/28 00:11:16.0215
00:11:16.0215 0312 SystemInfo:
00:11:16.0215 0312
00:11:16.0215 0312 OS Version: 6.0.6000 ServicePack: 0.0
00:11:16.0215 0312 Product type: Workstation
00:11:16.0215 0312 ComputerName: HENRYE
00:11:16.0215 0312 UserName: henrye
00:11:16.0215 0312 Windows directory: C:\Windows
00:11:16.0215 0312 System windows directory: C:\Windows
00:11:16.0215 0312 Processor architecture: Intel x86
00:11:16.0215 0312 Number of processors: 2
00:11:16.0215 0312 Page size: 0x1000
00:11:16.0215 0312 Boot type: Normal boot
00:11:16.0215 0312 ============================================================
00:11:17.0369 0312 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:11:17.0432 0312 Drive \Device\Harddisk1\DR6 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:11:17.0556 0312 \Device\Harddisk0\DR0:
00:11:17.0556 0312 MBR used
00:11:17.0556 0312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x94D4000
00:11:17.0556 0312 \Device\Harddisk1\DR6:
00:11:17.0556 0312 MBR used
00:11:17.0556 0312 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xC, StartLBA 0x8C8, BlocksNum 0xEEF738
00:11:17.0681 0312 Initialize success
00:11:17.0681 0312 ============================================================
00:11:24.0639 2184 ============================================================
00:11:24.0639 2184 Scan started
00:11:24.0639 2184 Mode: Manual;
00:11:24.0639 2184 ============================================================
00:11:25.0715 2184 5689 - ok
00:11:27.0010 2184 7903549 - ok
00:11:28.0508 2184 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
00:11:28.0523 2184 ACPI - ok
00:11:30.0099 2184 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:11:30.0130 2184 adp94xx - ok
00:11:31.0581 2184 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:11:31.0596 2184 adpahci - ok
00:11:33.0063 2184 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:11:33.0078 2184 adpu160m - ok
00:11:34.0529 2184 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:11:34.0529 2184 adpu320 - ok
00:11:36.0261 2184 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
00:11:36.0261 2184 agp440 - ok
00:11:37.0634 2184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:11:37.0634 2184 aic78xx - ok
00:11:38.0991 2184 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
00:11:38.0991 2184 aliide - ok
00:11:40.0566 2184 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
00:11:40.0566 2184 amdagp - ok
00:11:42.0236 2184 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
00:11:42.0236 2184 amdide - ok
00:11:43.0671 2184 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:11:43.0671 2184 AmdK7 - ok
00:11:45.0122 2184 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:11:45.0137 2184 AmdK8 - ok
00:11:46.0557 2184 ApfiltrService (587ca72709dd93942422f40a9b046dd8) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:11:46.0557 2184 ApfiltrService - ok
00:11:48.0195 2184 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:11:48.0210 2184 arc - ok
00:11:49.0568 2184 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:11:49.0583 2184 arcsas - ok
00:11:51.0081 2184 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
00:11:51.0081 2184 AsyncMac - ok
00:11:52.0734 2184 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
00:11:52.0734 2184 atapi - ok
00:11:54.0107 2184 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:11:54.0107 2184 b57nd60x - ok
00:11:54.0248 2184 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
00:11:54.0248 2184 BASFND - ok
00:11:55.0605 2184 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
00:11:55.0605 2184 Beep - ok
00:11:57.0071 2184 blbdrive - ok
00:11:58.0756 2184 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
00:11:58.0756 2184 bowser - ok
00:12:00.0144 2184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:12:00.0144 2184 BrFiltLo - ok
00:12:01.0502 2184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:12:01.0502 2184 BrFiltUp - ok
00:12:03.0093 2184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:12:03.0093 2184 Brserid - ok
00:12:04.0450 2184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:12:04.0466 2184 BrSerWdm - ok
00:12:05.0932 2184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:12:05.0932 2184 BrUsbMdm - ok
00:12:07.0352 2184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:12:07.0352 2184 BrUsbSer - ok
00:12:08.0756 2184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:12:08.0756 2184 BTHMODEM - ok
00:12:10.0347 2184 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
00:12:10.0362 2184 cdfs - ok
00:12:11.0751 2184 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
00:12:11.0751 2184 cdrom - ok
00:12:13.0170 2184 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:12:13.0170 2184 circlass - ok
00:12:14.0512 2184 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
00:12:14.0512 2184 CLFS - ok
00:12:15.0932 2184 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:15.0932 2184 CmBatt - ok
00:12:17.0445 2184 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
00:12:17.0460 2184 cmdide - ok
00:12:18.0818 2184 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
00:12:18.0818 2184 Compbatt - ok
00:12:20.0424 2184 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:12:20.0440 2184 crcdisk - ok
00:12:22.0187 2184 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:12:22.0203 2184 Crusoe - ok
00:12:23.0825 2184 CSC (398f8c5e8de793f01139b1fe5746aad1) C:\Windows\system32\drivers\csc.sys
00:12:23.0825 2184 CSC - ok
00:12:25.0229 2184 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
00:12:25.0229 2184 DfsC - ok
00:12:26.0633 2184 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
00:12:26.0633 2184 disk - ok
00:12:28.0100 2184 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
00:12:28.0100 2184 Dot4 - ok
00:12:29.0706 2184 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:12:29.0706 2184 Dot4Print - ok
00:12:31.0126 2184 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
00:12:31.0126 2184 dot4usb - ok
00:12:32.0592 2184 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
00:12:32.0592 2184 drmkaud - ok
00:12:34.0152 2184 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
00:12:34.0168 2184 DXGKrnl - ok
00:12:35.0572 2184 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
00:12:35.0588 2184 e1express - ok
00:12:36.0945 2184 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:12:36.0945 2184 E1G60 - ok
00:12:38.0396 2184 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
00:12:38.0396 2184 Ecache - ok
00:12:40.0533 2184 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:12:40.0548 2184 elxstor - ok
00:12:41.0999 2184 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
00:12:42.0015 2184 fastfat - ok
00:12:43.0653 2184 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:12:43.0653 2184 fdc - ok
00:12:45.0072 2184 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
00:12:45.0072 2184 FileInfo - ok
00:12:46.0461 2184 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
00:12:46.0461 2184 Filetrace - ok
00:12:47.0958 2184 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:47.0958 2184 flpydisk - ok
00:12:49.0378 2184 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
00:12:49.0394 2184 FltMgr - ok
00:12:50.0938 2184 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
00:12:50.0938 2184 Fs_Rec - ok
00:12:52.0311 2184 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:12:52.0358 2184 gagp30kx - ok
00:12:53.0871 2184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:12:53.0886 2184 GEARAspiWDM - ok
00:12:55.0259 2184 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\Windows\system32\Drivers\oz776.sys
00:12:55.0259 2184 guardian2 - ok
00:12:56.0632 2184 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:12:56.0648 2184 HdAudAddService - ok
00:12:58.0036 2184 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:58.0036 2184 HDAudBus - ok
00:12:59.0924 2184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:12:59.0924 2184 HidBth - ok
00:13:01.0328 2184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:13:01.0328 2184 HidIr - ok
00:13:02.0934 2184 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
00:13:02.0934 2184 HidUsb - ok
00:13:04.0697 2184 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:13:04.0697 2184 HpCISSs - ok
00:13:06.0179 2184 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:13:06.0195 2184 HSF_DPV - ok
00:13:07.0708 2184 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:13:07.0708 2184 HSXHWAZL - ok
00:13:09.0284 2184 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
00:13:09.0299 2184 HTTP - ok
00:13:10.0890 2184 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:13:10.0906 2184 i2omp - ok
00:13:12.0326 2184 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
00:13:12.0341 2184 i8042prt - ok
00:13:13.0823 2184 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
00:13:13.0823 2184 iaStor - ok
00:13:15.0336 2184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:13:15.0336 2184 iaStorV - ok
00:13:16.0850 2184 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:13:16.0881 2184 igfx - ok
00:13:18.0300 2184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:13:18.0300 2184 iirsp - ok
00:13:20.0001 2184 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys
00:13:20.0001 2184 intelide - ok
00:13:21.0514 2184 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
00:13:21.0514 2184 intelppm - ok
00:13:23.0090 2184 IpInIp - ok
00:13:24.0556 2184 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:13:24.0556 2184 IPMIDRV - ok
00:13:25.0929 2184 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
00:13:25.0929 2184 IPNAT - ok
00:13:27.0536 2184 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
00:13:27.0536 2184 IRENUM - ok
00:13:28.0955 2184 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
00:13:28.0971 2184 isapnp - ok
00:13:30.0656 2184 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
00:13:30.0656 2184 iScsiPrt - ok
00:13:32.0028 2184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:13:32.0028 2184 iteatapi - ok
00:13:33.0386 2184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:13:33.0386 2184 iteraid - ok
00:13:34.0790 2184 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys
00:13:34.0805 2184 jumi - ok
00:13:36.0240 2184 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
00:13:36.0240 2184 kbdclass - ok
00:13:37.0613 2184 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
00:13:37.0613 2184 kbdhid - ok
00:13:39.0126 2184 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
00:13:39.0142 2184 KSecDD - ok
00:13:41.0014 2184 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
00:13:41.0014 2184 lltdio - ok
00:13:42.0683 2184 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:13:42.0683 2184 LSI_FC - ok
00:13:44.0259 2184 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:13:44.0259 2184 LSI_SAS - ok
00:13:45.0632 2184 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:13:45.0647 2184 LSI_SCSI - ok
00:13:47.0020 2184 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
00:13:47.0020 2184 luafv - ok
00:13:48.0518 2184 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
00:13:48.0533 2184 MBAMSwissArmy - ok
00:13:49.0953 2184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:13:49.0953 2184 mdmxsdk - ok
00:13:51.0326 2184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:13:51.0341 2184 megasas - ok
00:13:52.0886 2184 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
00:13:52.0886 2184 mfeavfk - ok
00:13:54.0274 2184 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
00:13:54.0274 2184 mfebopk - ok
00:13:55.0662 2184 mfehidk (317997eb32fe039e7881704e596a2ed1) C:\Windows\system32\drivers\mfehidk.sys
00:13:55.0662 2184 mfehidk - ok
00:13:57.0113 2184 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
00:13:57.0113 2184 mferkdk - ok
00:13:58.0642 2184 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
00:13:58.0642 2184 mfesmfk - ok
00:14:00.0124 2184 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\Windows\system32\drivers\mfetdik.sys
00:14:00.0140 2184 mfetdik - ok
00:14:01.0497 2184 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
00:14:01.0497 2184 Modem - ok
00:14:02.0854 2184 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
00:14:02.0854 2184 monitor - ok
00:14:04.0211 2184 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
00:14:04.0211 2184 mouclass - ok
00:14:05.0568 2184 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
00:14:05.0568 2184 mouhid - ok
00:14:06.0957 2184 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
00:14:06.0957 2184 MountMgr - ok
00:14:08.0330 2184 MPFP (a2eba4828de5fa9232e6737732f14110) C:\Windows\system32\Drivers\Mpfp.sys
00:14:08.0330 2184 Suspicious file (Forged): C:\Windows\system32\Drivers\Mpfp.sys. Real md5: a2eba4828de5fa9232e6737732f14110, Fake md5: 95675c3398dcc084c8d1dc35cc4e9e01
00:14:08.0345 2184 MPFP ( Virus.Win32.ZAccess.c ) - infected
00:14:08.0345 2184 MPFP - detected Virus.Win32.ZAccess.c (0)
00:14:09.0749 2184 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:14:09.0749 2184 mpio - ok
00:14:11.0106 2184 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
00:14:11.0106 2184 mpsdrv - ok
00:14:12.0479 2184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:14:12.0495 2184 Mraid35x - ok
00:14:13.0914 2184 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
00:14:13.0914 2184 MRxDAV - ok
00:14:15.0318 2184 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:15.0318 2184 mrxsmb - ok
00:14:16.0738 2184 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:16.0754 2184 mrxsmb10 - ok
00:14:18.0204 2184 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:18.0204 2184 mrxsmb20 - ok
00:14:19.0562 2184 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
00:14:19.0562 2184 msahci - ok
00:14:20.0934 2184 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:14:20.0934 2184 msdsm - ok
00:14:22.0307 2184 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
00:14:22.0307 2184 Msfs - ok
00:14:23.0852 2184 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
00:14:23.0867 2184 msisadrv - ok
00:14:25.0271 2184 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
00:14:25.0271 2184 MSKSSRV - ok
00:14:26.0628 2184 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
00:14:26.0644 2184 MSPCLOCK - ok
00:14:28.0001 2184 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
00:14:28.0001 2184 MSPQM - ok
00:14:29.0436 2184 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
00:14:29.0436 2184 MsRPC - ok
00:14:30.0872 2184 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:14:30.0872 2184 mssmbios - ok
00:14:32.0260 2184 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
00:14:32.0260 2184 MSTEE - ok
00:14:33.0804 2184 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
00:14:33.0820 2184 Mup - ok
00:14:35.0177 2184 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
00:14:35.0177 2184 NativeWifiP - ok
00:14:36.0566 2184 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
00:14:36.0566 2184 NDIS - ok
00:14:37.0923 2184 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
00:14:37.0923 2184 NdisTapi - ok
00:14:39.0327 2184 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
00:14:39.0327 2184 Ndisuio - ok
00:14:40.0684 2184 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
00:14:40.0684 2184 NdisWan - ok
00:14:42.0072 2184 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
00:14:42.0072 2184 NDProxy - ok
00:14:43.0461 2184 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
00:14:43.0461 2184 NetBIOS - ok
00:14:44.0834 2184 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
00:14:44.0849 2184 netbt - ok
00:14:46.0378 2184 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
00:14:46.0409 2184 NETw4v32 - ok
00:14:47.0829 2184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:14:47.0829 2184 nfrd960 - ok
00:14:49.0326 2184 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
00:14:49.0326 2184 Npfs - ok
00:14:50.0637 2184 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
00:14:50.0652 2184 nsiproxy - ok
00:14:52.0103 2184 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
00:14:52.0119 2184 Ntfs - ok
00:14:53.0679 2184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:14:53.0679 2184 ntrigdigi - ok
00:14:55.0083 2184 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
00:14:55.0083 2184 Null - ok
00:14:56.0424 2184 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:14:56.0424 2184 nvraid - ok
00:14:57.0782 2184 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:14:57.0782 2184 nvstor - ok
00:14:59.0264 2184 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
00:14:59.0264 2184 nv_agp - ok
00:15:00.0605 2184 NwlnkFlt - ok
00:15:01.0931 2184 NwlnkFwd - ok
00:15:03.0242 2184 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
00:15:03.0257 2184 ohci1394 - ok
00:15:04.0677 2184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:15:04.0677 2184 Parport - ok
00:15:06.0143 2184 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
00:15:06.0143 2184 partmgr - ok
00:15:07.0469 2184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:15:07.0469 2184 Parvdm - ok
00:15:08.0842 2184 PBADRV (e3e6e724d6a82ab6a2afbcb21180ffce) C:\Windows\system32\DRIVERS\PBADRV.sys
00:15:08.0842 2184 PBADRV - ok
00:15:10.0277 2184 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
00:15:10.0277 2184 pci - ok
00:15:11.0681 2184 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
00:15:11.0681 2184 pciide - ok
00:15:13.0070 2184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
00:15:13.0085 2184 pcmcia - ok
00:15:14.0536 2184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:15:14.0552 2184 PEAUTH - ok
00:15:16.0002 2184 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
00:15:16.0002 2184 PptpMiniport - ok
00:15:17.0484 2184 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:15:17.0484 2184 Processor - ok
00:15:18.0842 2184 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
00:15:18.0842 2184 PSched - ok
00:15:20.0199 2184 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:15:20.0261 2184 ql2300 - ok
00:15:21.0712 2184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:15:21.0712 2184 ql40xx - ok
00:15:23.0178 2184 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
00:15:23.0178 2184 QWAVEdrv - ok
00:15:24.0582 2184 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:15:24.0660 2184 R300 - ok
00:15:26.0018 2184 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
00:15:26.0018 2184 RasAcd - ok
00:15:27.0406 2184 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:15:27.0406 2184 Rasl2tp - ok
00:15:28.0779 2184 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
00:15:28.0794 2184 RasPppoe - ok
00:15:30.0198 2184 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
00:15:30.0214 2184 rdbss - ok
00:15:31.0602 2184 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:15:31.0602 2184 RDPCDD - ok
00:15:33.0116 2184 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
00:15:33.0116 2184 rdpdr - ok
00:15:34.0551 2184 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
00:15:34.0566 2184 RDPENCDD - ok
00:15:35.0955 2184 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
00:15:35.0955 2184 RDPWD - ok
00:15:37.0374 2184 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
00:15:37.0374 2184 rspndr - ok
00:15:38.0747 2184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:15:38.0763 2184 sbp2port - ok
00:15:40.0151 2184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:15:40.0151 2184 secdrv - ok
00:15:41.0586 2184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
00:15:41.0586 2184 Serenum - ok
00:15:43.0022 2184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
00:15:43.0022 2184 Serial - ok
00:15:44.0394 2184 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
00:15:44.0394 2184 sermouse - ok
00:15:45.0814 2184 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:15:45.0814 2184 sffdisk - ok
00:15:47.0171 2184 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:15:47.0171 2184 sffp_mmc - ok
00:15:48.0560 2184 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:15:48.0575 2184 sffp_sd - ok
00:15:50.0010 2184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
00:15:50.0010 2184 sfloppy - ok
00:15:51.0461 2184 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
00:15:51.0461 2184 sisagp - ok
00:15:52.0818 2184 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:15:52.0834 2184 SiSRaid2 - ok
00:15:54.0191 2184 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:15:54.0191 2184 SiSRaid4 - ok
00:15:55.0642 2184 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
00:15:55.0642 2184 Smb - ok
00:15:57.0186 2184 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
00:15:57.0186 2184 spldr - ok
00:15:58.0668 2184 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
00:15:58.0668 2184 srv - ok
00:16:00.0260 2184 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
00:16:00.0260 2184 srv2 - ok
00:16:01.0617 2184 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
00:16:01.0617 2184 srvnet - ok
00:16:02.0990 2184 STHDA (3cfea727795243364bb6a7f9a091faa3) C:\Windows\system32\drivers\stwrt.sys
00:16:03.0005 2184 STHDA - ok
00:16:04.0378 2184 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
00:16:04.0378 2184 swenum - ok
00:16:05.0766 2184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:16:05.0782 2184 Symc8xx - ok
00:16:07.0170 2184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:16:07.0170 2184 Sym_hi - ok
00:16:08.0512 2184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:16:08.0512 2184 Sym_u3 - ok
00:16:09.0916 2184 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
00:16:09.0932 2184 Tcpip - ok
00:16:11.0367 2184 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
00:16:11.0382 2184 Tcpip6 - ok
00:16:12.0802 2184 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
00:16:12.0802 2184 tcpipreg - ok
00:16:14.0222 2184 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
00:16:14.0237 2184 TDPIPE - ok
00:16:15.0719 2184 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
00:16:15.0735 2184 TDTCP - ok
00:16:17.0170 2184 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
00:16:17.0170 2184 tdx - ok
00:16:18.0605 2184 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
00:16:18.0605 2184 TermDD - ok
00:16:20.0040 2184 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:16:20.0040 2184 tssecsrv - ok
00:16:21.0616 2184 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
00:16:21.0616 2184 tunmp - ok
00:16:22.0973 2184 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
00:16:22.0989 2184 tunnel - ok
00:16:24.0596 2184 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:16:24.0596 2184 uagp35 - ok
00:16:25.0984 2184 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
00:16:26.0000 2184 udfs - ok
00:16:27.0372 2184 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
00:16:27.0372 2184 uliagpkx - ok
00:16:28.0776 2184 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:16:28.0776 2184 uliahci - ok
00:16:30.0134 2184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:16:30.0134 2184 UlSata - ok
00:16:31.0506 2184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:16:31.0506 2184 ulsata2 - ok
00:16:32.0910 2184 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
00:16:32.0926 2184 umbus - ok
00:16:34.0346 2184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:16:34.0346 2184 USBAAPL - ok
00:16:35.0734 2184 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys
00:16:35.0750 2184 usbccgp - ok
00:16:37.0107 2184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:16:37.0107 2184 usbcir - ok
00:16:38.0526 2184 usbehci (ad99bf6bee66686d68721ffcc6e08cbe) C:\Windows\system32\DRIVERS\usbehci.sys
00:16:38.0526 2184 usbehci - ok
00:16:39.0868 2184 usbhub (275dbb5a31281feaf565378526319d5a) C:\Windows\system32\DRIVERS\usbhub.sys
00:16:39.0884 2184 usbhub - ok
00:16:41.0288 2184 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:16:41.0288 2184 usbohci - ok
00:16:42.0629 2184 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
00:16:42.0629 2184 usbprint - ok
00:16:44.0033 2184 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
00:16:44.0049 2184 usbscan - ok
00:16:45.0422 2184 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:16:45.0422 2184 USBSTOR - ok
00:16:46.0779 2184 usbuhci (9b13bca94168e18ff71fdd500b96643c) C:\Windows\system32\DRIVERS\usbuhci.sys
00:16:46.0779 2184 usbuhci - ok
00:16:48.0152 2184 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:16:48.0152 2184 vga - ok
00:16:49.0509 2184 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
00:16:49.0509 2184 VgaSave - ok
00:16:50.0850 2184 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
00:16:50.0866 2184 viaagp - ok
00:16:52.0239 2184 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:16:52.0239 2184 ViaC7 - ok
00:16:53.0814 2184 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
00:16:53.0814 2184 viaide - ok
00:16:55.0203 2184 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
00:16:55.0203 2184 volmgr - ok
00:16:56.0622 2184 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
00:16:56.0622 2184 volmgrx - ok
00:16:58.0136 2184 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
00:16:58.0151 2184 volsnap - ok
00:16:59.0555 2184 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:16:59.0571 2184 vsmraid - ok
00:17:01.0115 2184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:17:01.0115 2184 WacomPen - ok
00:17:02.0472 2184 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:02.0472 2184 Wanarp - ok
00:17:02.0488 2184 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:02.0488 2184 Wanarpv6 - ok
00:17:03.0814 2184 wanatw - ok
00:17:05.0374 2184 WavxDMgr (993a6220a94f2e531cf0e577dc3cef9a) C:\Windows\system32\DRIVERS\WavxDMgr.sys
00:17:05.0374 2184 WavxDMgr - ok
00:17:06.0731 2184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:17:06.0731 2184 Wd - ok
00:17:08.0151 2184 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
00:17:08.0151 2184 Wdf01000 - ok
00:17:09.0555 2184 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:17:09.0570 2184 winachsf - ok
00:17:10.0990 2184 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:17:10.0990 2184 WmiAcpi - ok
00:17:12.0394 2184 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
00:17:12.0394 2184 WpdUsb - ok
00:17:13.0736 2184 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
00:17:13.0736 2184 ws2ifsl - ok
00:17:15.0171 2184 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:15.0186 2184 WUDFRd - ok
00:17:16.0606 2184 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
00:17:16.0606 2184 XAudio - ok
00:17:16.0668 2184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:17:17.0370 2184 \Device\Harddisk0\DR0 - ok
00:17:17.0386 2184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR6
00:17:24.0125 2184 \Device\Harddisk1\DR6 - ok
00:17:24.0141 2184 Boot (0x1200) (c57fd6d8fa252ff7fc1d4f4c9ac034e8) \Device\Harddisk0\DR0\Partition0
00:17:24.0141 2184 \Device\Harddisk0\DR0\Partition0 - ok
00:17:24.0141 2184 Boot (0x1200) (44405805dd9c9b9ca889ccd3b4597bc6) \Device\Harddisk1\DR6\Partition0
00:17:24.0141 2184 \Device\Harddisk1\DR6\Partition0 - ok
00:17:24.0141 2184 ============================================================
00:17:24.0141 2184 Scan finished
00:17:24.0141 2184 ============================================================
00:17:24.0156 3576 Detected object count: 1
00:17:24.0156 3576 Actual detected object count: 1
00:17:48.0149 3576 C:\Windows\system32\Drivers\Mpfp.sys - copied to quarantine
00:17:48.0539 3576 Backup copy found, using it..
00:17:48.0555 3576 C:\Windows\system32\Drivers\Mpfp.sys - will be cured on reboot
00:20:24.0726 3576 MPFP ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:20:49.0749 4044 Deinitialize success

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 28 February 2012 - 01:05 PM

Greetings taylor354565,

Excellent results! We need to continue cleaning your desktop. Please perform the following for me.

I understand you have issues going on with 2 machines. We will focus solely on the desktop until resolved then address the laptop internet issue.


===================================================


Run Combofix

--------------------

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • How is your machine running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 February 2012 - 04:54 PM

I've run combofix a few times. It keeps detecting rootkit activity and needs to restart. It does not seem to be creating a log

#7 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 February 2012 - 04:55 PM

To clarify, The computer needs to restart each time I run combofix

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 28 February 2012 - 05:43 PM

Greetings taylor354565,

Give this a try.


===================================================


Running Combofix from Run Command

--------------------


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    Go to Posted Image -> Run -> copy/paste in the following single line command into the run box and click OK.


    "%userprofile%\desktop\combofix.exe" /killall



    Posted Image

  • Click OK and this will start ComboFix in a special way.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 February 2012 - 06:11 PM

I ran combofix with the killall, it again told me that after the scan the computer needed to be restarted. My computer seems to be frozen on the logon screen. It says push ctl+alt+delete to log on, but nothing happens when I push the buttons. I tried rebooting in safemode, but it still remains frozen at the pre-log on screen.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 29 February 2012 - 08:34 AM

Greetings taylor354565,


Hang in there, malware often does not want to play nice. You will need to download 2 programs from a clean computer.

Please try this for me.


===================================================


Panda USB Vaccine

--------------------

Please download and use Panda USB Vaccine.

Alternate download link 1
Alternate download link 2

  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your USB flash drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your MBR. For this you will need a USB flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 29 February 2012 - 01:53 PM

I do not see a "repair your computer" option on the advanced boot options.
My choices are:
Safe mode
Safe mode with networking
Safe mode with command prompt

Enable boot logging
Enable low-resolution video (640x480)
Last known good configuration (advanced)
Directory services restore mode
Debugging mode
Disable automatic restart on system failure
Disable driver signature enforcement

Start windows normally


I will try to locate my windows cd, but it might be hard to find.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 29 February 2012 - 02:38 PM

Greetings taylor354565,

You will need the Windows CD. If you can't find it try to locate one from someone you know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 29 February 2012 - 04:33 PM

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 29-02-2012 01
Ran by SYSTEM at 29-02-2012 16:17:08
Running from E:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet004

========================== Registry (Whitelisted) =============

HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [66560 2007-02-15] (Wave Systems Corp.)
HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [112216 2006-11-30] (McAfee, Inc.)
HKLM\...\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [218688 2007-03-08] (Wave Systems Corp.)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133912 2007-04-23] (Intel Corporation)
HKLM\...\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1218008 2009-10-29] (McAfee, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [136768 2006-11-17] (McAfee, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [154392 2007-04-23] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [159744 2007-04-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\adam\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\henrye\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-18] (Google Inc.)
HKU\henrye\...\Run: [JumiController] C:\Program Files\Jumi\jumi.exe [3406336 2011-05-03] (Jumi Technologies)
HKU\henrye\...\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-21] ()
HKU\henrye\...\Policies\system: [DisableChangePassword] 0
HKU\henrye\...\Policies\system: [DisableLockWorkstation] 0
HKU\henrye\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{796A437E-4454-483E-ADE3-5400F0569294}: [NameServer]205.188.146.145
Lsa: [Authentication Packages] msv1_0
wvauth

================================ Services (Whitelisted) ==================

2 aawservice; "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" [565248 2007-06-13] (Lavasoft AB)
2 ASFIPmon; "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [79432 2006-12-19] (Broadcom Corporation)
2 CdaD10BA; C:\Windows\System32\httpfilter.dll [5632 2006-11-02] (Oak Technology Inc.)
2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [135664 2010-01-06] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [135664 2010-01-06] (Google Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [104000 2006-11-17] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [865832 2009-10-29] (McAfee, Inc.)
3 McODS; C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe [365072 2009-10-28] (McAfee, Inc.)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe [144704 2009-11-04] (McAfee, Inc.)
4 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe [606736 2009-11-04] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [54872 2006-11-30] (McAfee, Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [895696 2009-10-27] (McAfee, Inc.)
2 nicconfigsvc; "C:\Program Files\Dell\QuickSet\NicConfigSvc.exe" [387808 2007-02-20] (Dell Inc.)
3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)
2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [488448 2007-02-16] (Wave Systems Corp.)
2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-04-17] (SigmaTel, Inc.)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1466368 2007-02-01] ()
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUv32.dll [x]
2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]
2 NecUsb3; C:\Windows\system32\NCUSBw32.dll [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [147968 2007-04-16] (Alps Electric Co., Ltd.)
2 BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56576 2007-04-16] (O2Micro)
3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [13112 2010-06-03] (Windows ® Win 7 DDK provider)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-02-12] (Malwarebytes Corporation)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-11-04] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-11-04] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385536 2010-01-05] (McAfee, Inc.)
1 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2012-02-27] (McAfee, Inc.)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [2216448 2007-02-25] (Intel Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2006-11-02] ()
3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-04-17] (SigmaTel, Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [121344 2007-02-15] (Wave Systems Corp.)
2 5689; \??\C:\Windows\TEMP\5689.sys [x]
1 AFD; C:\Windows\System32\drivers\afd.sys [x]
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\henrye\AppData\Local\Temp\catchme.sys [x]
1 CSC; C:\Windows\System32\drivers\csc.sys [x]
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 McNASvc; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [x]
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: CdaD10BA

============ One Month Created Files and Folders ==============

2012-02-29 16:17 - 2012-02-29 16:17 - 0000000 ____D C:\FRST
2012-02-28 14:54 - 2008-02-15 00:07 - 0054784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.svs
2012-02-28 14:49 - 2012-02-28 14:54 - 0000000 ___SD C:\ComboFix
2012-02-28 13:51 - 2006-11-02 00:57 - 0068096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.svs
2012-02-28 13:35 - 2006-11-02 00:57 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\smb.svs
2012-02-28 12:53 - 2012-02-28 12:53 - 0140192 ____A C:\Windows\Minidump\Mini022812-01.dmp
2012-02-28 12:02 - 2012-02-12 22:31 - 0319488 ____A C:\Windows\System32\Drivers\csc.svs
2012-02-28 11:55 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-28 11:55 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-28 11:55 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-28 11:55 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-28 11:54 - 2012-02-28 11:52 - 4420957 ____R (Swearware) C:\Users\henrye\Desktop\ComboFix.exe
2012-02-27 21:17 - 2012-02-27 21:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-27 21:11 - 2012-02-27 21:20 - 0075254 ____A C:\TDSSKiller.2.7.15.0_28.02.2012_00.11.16_log.txt
2012-02-12 23:14 - 2012-02-12 23:14 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-02-07 19:30 - 2012-02-07 19:30 - 0140192 ____A C:\Windows\Minidump\Mini020712-02.dmp
2012-02-07 14:26 - 2012-02-07 14:26 - 0140192 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-07 05:14 - 2012-02-07 05:14 - 0179716 ____A C:\Windows\System32\c_7265110.nls
2012-02-06 13:37 - 2012-02-06 13:37 - 0103733 ____A C:\Windows\System32\itusbcore.dat
2012-02-06 13:37 - 2012-02-06 13:37 - 0000196 ____A C:\Windows\System32\itlsvc.dat
2012-02-05 22:22 - 2012-02-05 22:22 - 1597440 ____A C:\Users\henrye\Downloads\1 (8).avi
2012-02-05 22:22 - 2012-02-05 22:22 - 1597440 ____A C:\Users\henrye\Downloads\1 (7).avi
2012-02-05 22:21 - 2012-02-05 22:22 - 0972800 ____A C:\Users\henrye\Downloads\2 (7).avi
2012-02-05 19:52 - 2012-02-07 19:30 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-04 23:09 - 2012-02-04 23:53 - 0790981 ____A C:\Users\henrye\Downloads\photo(1).JPG
2012-02-03 23:35 - 2012-02-03 23:42 - 0030770 ____A C:\Users\henrye\1.jpg
2012-01-31 20:04 - 2012-01-31 20:30 - 297427107 ____A C:\Users\henrye\Downloads\lime_cup_regatta.mp4
2012-01-31 09:49 - 2012-01-31 09:49 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-31 08:31 - 2012-01-31 08:31 - 0000000 ____D C:\Users\henrye\Downloads\Zac Brown You Get What You Give
2012-01-31 08:10 - 2012-01-31 08:14 - 89970458 ____A C:\Users\henrye\Downloads\Zac Brown You Get What You Give.zip

============ 3 Months Modified Files and Folders ===============

2012-02-29 13:06 - 2006-11-02 05:01 - 0032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-29 13:06 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-29 13:06 - 2006-11-02 04:47 - 0003072 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-29 13:06 - 2006-11-02 04:47 - 0003072 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-29 00:46 - 2010-10-17 07:29 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-28 23:27 - 2007-06-25 01:25 - 1848559 ____A C:\Windows\WindowsUpdate.log
2012-02-28 23:14 - 2008-12-08 01:06 - 5385034 ____A C:\Windows\ntbtlog.txt
2012-02-28 15:46 - 2011-09-11 07:36 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc709894376520.job
2012-02-28 15:02 - 2006-11-02 05:00 - 0179514 ____A C:\Windows\PFRO.log
2012-02-28 14:54 - 2012-02-28 14:49 - 0000000 ___SD C:\ComboFix
2012-02-28 14:49 - 2010-12-24 21:17 - 0000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
2012-02-28 13:58 - 2011-05-27 04:43 - 0000000 ____D C:\Users\henrye\AppData\Roaming\Dropbox
2012-02-28 13:58 - 2011-05-12 13:46 - 0000000 ___HD C:\jexepackres
2012-02-28 13:58 - 2007-08-10 10:44 - 0000000 ____A C:\Users\henrye\AppData\Local\WavXMapDrive.bat
2012-02-28 13:52 - 2010-02-11 11:45 - 0006767 ____A C:\Windows\System32\Config.MPF
2012-02-28 12:53 - 2012-02-28 12:53 - 0140192 ____A C:\Windows\Minidump\Mini022812-01.dmp
2012-02-28 12:53 - 2007-06-14 11:15 - 0000000 ____D C:\Windows\Minidump
2012-02-28 12:52 - 2011-09-02 23:16 - 233881754 ____A C:\Windows\MEMORY.DMP
2012-02-28 11:55 - 2011-04-18 22:06 - 0000000 ____D C:\Windows\ERDNT
2012-02-28 11:55 - 2011-04-18 22:05 - 0000000 ____D C:\Qoobox
2012-02-28 11:52 - 2012-02-28 11:54 - 4420957 ____R (Swearware) C:\Users\henrye\Desktop\ComboFix.exe
2012-02-27 21:31 - 2006-11-02 02:33 - 0722910 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-27 21:21 - 2010-02-11 11:29 - 0130424 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\Mpfp.sys
2012-02-27 21:20 - 2012-02-27 21:11 - 0075254 ____A C:\TDSSKiller.2.7.15.0_28.02.2012_00.11.16_log.txt
2012-02-27 21:17 - 2012-02-27 21:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-12 23:14 - 2012-02-12 23:14 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-02-12 22:59 - 2007-10-30 17:04 - 0000000 ____D C:\Config.Msi
2012-02-12 22:31 - 2012-02-28 12:02 - 0319488 ____A C:\Windows\System32\Drivers\csc.svs
2012-02-10 14:53 - 2007-08-10 19:26 - 0057856 ____A C:\Users\henrye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-10 11:22 - 2010-02-14 09:17 - 0000820 ____A C:\Windows\Tasks\Google Software Updater.job
2012-02-08 09:35 - 2006-11-02 03:18 - 0000000 _SHDC C:\Windows\$NtUninstallKB11963$
2012-02-08 09:35 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\system
2012-02-08 09:35 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\ModemLogs
2012-02-08 09:15 - 2011-05-27 04:45 - 0000000 ___RD C:\Users\henrye\Dropbox
2012-02-07 19:30 - 2012-02-07 19:30 - 0140192 ____A C:\Windows\Minidump\Mini020712-02.dmp
2012-02-07 19:30 - 2012-02-05 19:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-07 14:26 - 2012-02-07 14:26 - 0140192 ____A C:\Windows\Minidump\Mini020712-01.dmp
2012-02-07 05:14 - 2012-02-07 05:14 - 0179716 ____A C:\Windows\System32\c_7265110.nls
2012-02-06 13:37 - 2012-02-06 13:37 - 0103733 ____A C:\Windows\System32\itusbcore.dat
2012-02-06 13:37 - 2012-02-06 13:37 - 0000196 ____A C:\Windows\System32\itlsvc.dat
2012-02-05 22:22 - 2012-02-05 22:22 - 1597440 ____A C:\Users\henrye\Downloads\1 (8).avi
2012-02-05 22:22 - 2012-02-05 22:22 - 1597440 ____A C:\Users\henrye\Downloads\1 (7).avi
2012-02-05 22:22 - 2012-02-05 22:21 - 0972800 ____A C:\Users\henrye\Downloads\2 (7).avi
2012-02-05 19:52 - 2011-06-27 07:33 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-04 23:53 - 2012-02-04 23:09 - 0790981 ____A C:\Users\henrye\Downloads\photo(1).JPG
2012-02-03 23:42 - 2012-02-03 23:35 - 0030770 ____A C:\Users\henrye\1.jpg
2012-02-03 23:42 - 2007-08-10 10:44 - 0000000 ____D C:\users\henrye
2012-02-01 23:10 - 2007-12-03 19:46 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-01-31 20:30 - 2012-01-31 20:04 - 297427107 ____A C:\Users\henrye\Downloads\lime_cup_regatta.mp4
2012-01-31 09:49 - 2012-01-31 09:49 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-31 09:49 - 2010-01-12 17:27 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 08:31 - 2012-01-31 08:31 - 0000000 ____D C:\Users\henrye\Downloads\Zac Brown You Get What You Give
2012-01-31 08:14 - 2012-01-31 08:10 - 89970458 ____A C:\Users\henrye\Downloads\Zac Brown You Get What You Give.zip
2012-01-28 15:26 - 2012-01-28 15:26 - 4732928 ____A C:\Users\henrye\Downloads\Kid Rock - All Summer Long.mp3
2012-01-28 15:23 - 2012-01-28 15:23 - 8944116 ____A C:\Users\henrye\Downloads\Trace Adkins - Honky Tonk Badonkadonk.mp3
2012-01-28 15:18 - 2012-01-28 15:18 - 7273255 ____A C:\Users\henrye\Downloads\08-kenny_chesney-when_the_sun_goes_down_(duet_with_uncle_kracker).mp3
2012-01-28 15:17 - 2012-01-28 15:17 - 8216589 ____A C:\Users\henrye\Downloads\blake shelton - some beach.mp3
2012-01-28 14:57 - 2012-01-28 14:57 - 3247169 ____A C:\Users\henrye\Downloads\nitty gritty dirt band - fishing in the dark.mp3
2012-01-28 14:49 - 2012-01-28 14:49 - 3169832 ____A C:\Users\henrye\Downloads\Meet In The Middle - Diamond Rio.mp3
2012-01-28 14:35 - 2012-01-28 14:35 - 4151296 ____A C:\Users\henrye\Downloads\(05) John Michael Montgomery - Be My Baby Tonight.mp3
2012-01-28 14:32 - 2012-01-28 14:32 - 3275190 ____A C:\Users\henrye\Downloads\Tim McGraw - I Like It, I Love It, I Want Some More Of It.mp3
2012-01-28 14:29 - 2012-01-28 14:29 - 3608659 ____A C:\Users\henrye\Downloads\David Lee Murphy - Dust On The Bottle.mp3
2012-01-28 14:25 - 2012-01-28 14:25 - 3123065 ____A C:\Users\henrye\Downloads\Confederate Railroad - I Like My Women On The Trashy Side.mp3
2012-01-28 14:24 - 2012-01-28 14:24 - 2960953 ____A C:\Users\henrye\Downloads\008 - Ricochet - Daddy's Money.mp3
2012-01-28 14:17 - 2012-01-28 14:16 - 8613013 ____A C:\Users\henrye\Downloads\Tim McGraw - Greatest Hits -05- Just to See You Smile.mp3
2012-01-28 14:15 - 2012-01-28 14:15 - 3200441 ____A C:\Users\henrye\Downloads\bye-bye-jo dee messina.mp3
2012-01-28 14:13 - 2012-01-28 14:13 - 3438219 ____A C:\Users\henrye\Downloads\Garth Brooks - Two Pina Coladas.mp3
2012-01-28 12:18 - 2012-01-28 12:18 - 4325852 ____A C:\Users\henrye\Downloads\joe diffie - pick up man.mp3
2012-01-28 12:16 - 2012-01-28 12:16 - 7938048 ____A C:\Users\henrye\Downloads\She's In Love With The Boy.mp3
2012-01-28 12:12 - 2012-01-28 12:11 - 3954032 ____A C:\Users\henrye\Downloads\17. Any Man Of Mine.mp3
2012-01-28 12:09 - 2012-01-28 12:09 - 2610187 ____A C:\Users\henrye\Downloads\Faith Hill - Wild One.mp3
2012-01-28 12:04 - 2012-01-28 12:04 - 2903986 ____A C:\Users\henrye\Downloads\Tracy Byrd - Watermelon Crawl.mp3
2012-01-28 12:00 - 2012-01-28 12:00 - 10591171 ____A C:\Users\henrye\Downloads\03 Whose Bed Have Your Boots Been Under.mp3
2012-01-28 11:58 - 2012-01-28 11:58 - 4361404 ____A C:\Users\henrye\Downloads\044 - joe diffie - john deere green.mp3
2012-01-28 11:55 - 2012-01-28 11:54 - 3628483 ____A C:\Users\henrye\Downloads\Tim McGraw - It's Your Love (Featuring Faith Hill).mp3
2012-01-28 11:51 - 2012-01-28 11:51 - 3172628 ____A C:\Users\henrye\Downloads\Faith Hill - This Kiss.mp3
2012-01-28 11:42 - 2012-01-28 11:42 - 3807550 ____A C:\Users\henrye\Downloads\059 - John Anderson - Seminole Wind.mp3
2012-01-28 11:39 - 2012-01-28 11:38 - 8046132 ____A C:\Users\henrye\Downloads\Kenny Rogers & Dolly Parton - Islands In The Stream Ultrasound Extended Version.mp3
2012-01-28 11:31 - 2012-01-28 11:31 - 7485854 ____A C:\Users\henrye\Downloads\Faith Hill - The Way You Love Me.mp3
2012-01-28 11:29 - 2012-01-28 11:29 - 5147868 ____A C:\Users\henrye\Downloads\reba mcentire - the night the lights went out in georgia.mp3
2012-01-28 11:25 - 2012-01-28 11:25 - 4741120 ____A C:\Users\henrye\Downloads\Reba Macintyre - Fancy.mp3
2012-01-28 11:24 - 2012-01-28 11:24 - 3796992 ____A C:\Users\henrye\Downloads\The Judds - Wynonna Judd - No One Else On Earth.mp3
2012-01-27 09:14 - 2012-01-27 09:14 - 0031245 ____A C:\Users\henrye\Desktop\miguel-cabrera.jpg
2012-01-26 21:21 - 2009-10-02 23:28 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-23 14:15 - 2012-01-23 14:15 - 4165312 ____A C:\Users\henrye\Downloads\Goodbye Horses.mp3
2012-01-23 14:01 - 2012-01-23 13:10 - 3291972 ____A C:\Users\henrye\Downloads\Chris Anderson Dj Robbie - Last Night.mp3
2012-01-23 13:27 - 2012-01-23 13:27 - 0001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-23 13:27 - 2011-10-14 00:52 - 0000000 ____D C:\Program Files\iTunes
2012-01-23 13:24 - 2012-01-23 13:24 - 0000000 ____D C:\Program Files\iPod
2012-01-23 13:24 - 2010-08-09 18:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-01-22 15:30 - 2011-10-02 13:00 - 0000000 ____D C:\Users\henrye\Desktop\New Folder (3)
2012-01-12 00:02 - 2007-06-13 04:21 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 00:02 - 2006-11-02 02:24 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-11 10:55 - 2012-01-11 10:55 - 2004996 ____A C:\Users\henrye\Downloads\clip4 (1).mpg
2012-01-11 10:55 - 2012-01-11 10:55 - 2004996 ____A C:\Users\henrye\Downloads\clip3 (3).mpg
2012-01-11 10:55 - 2012-01-11 10:55 - 2004996 ____A C:\Users\henrye\Downloads\clip2 (2).mpg
2012-01-11 10:55 - 2012-01-11 10:55 - 2004996 ____A C:\Users\henrye\Downloads\clip1 (3).mpg
2012-01-11 10:53 - 2012-01-11 10:53 - 2004996 ____A C:\Users\henrye\Downloads\clip4.mpg
2012-01-11 10:53 - 2012-01-11 10:53 - 2004996 ____A C:\Users\henrye\Downloads\clip3 (2).mpg
2012-01-11 10:53 - 2012-01-11 10:53 - 2004996 ____A C:\Users\henrye\Downloads\clip2 (1).mpg
2012-01-09 09:09 - 2012-01-09 09:09 - 0652476 ____A C:\Users\henrye\Downloads\DetroitLionsCheerleaders.wmv
2012-01-02 17:30 - 2011-08-17 10:44 - 0000000 ____D C:\Users\henrye\Desktop\PocketScout_3_0
2012-01-02 17:29 - 2012-01-02 17:29 - 7200768 ____A C:\Users\henrye\Desktop\OD-LouGossettJrO
2011-12-19 22:58 - 2011-12-19 22:58 - 1337348 ____A C:\Users\henrye\Downloads\clip1 (2).mpg
2011-12-14 12:16 - 2011-04-22 15:05 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-14 00:04 - 2011-05-27 04:45 - 0000922 ____A C:\Users\henrye\Desktop\Dropbox.lnk
2011-12-14 00:04 - 2011-05-27 04:44 - 0000902 ____A C:\Users\henrye\Start Menu\Programs\Startup\Dropbox.lnk
2011-12-14 00:04 - 2011-05-27 04:44 - 0000902 ____A C:\Users\henrye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-12-12 12:15 - 2011-12-12 11:38 - 222119260 ____A C:\Users\henrye\Downloads\BBYC.wmv
2011-12-12 08:50 - 2011-12-12 08:50 - 0001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-12-12 08:50 - 2011-12-12 08:49 - 0000000 ____D C:\Program Files\QuickTime
2011-12-12 08:45 - 2010-09-10 09:00 - 0001854 ____A C:\Users\Public\Desktop\Safari.lnk
2011-12-12 08:45 - 2010-09-10 08:59 - 0000000 ____D C:\Program Files\Safari
2011-12-10 12:24 - 2011-06-04 22:48 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 23:01 - 2011-12-08 23:01 - 0792991 ____A C:\Users\henrye\Downloads\02 (3).wmv
2011-12-08 23:01 - 2011-12-08 23:01 - 0787366 ____A C:\Users\henrye\Downloads\03 (3).wmv
2011-12-08 23:01 - 2011-12-08 23:01 - 0776116 ____A C:\Users\henrye\Downloads\04 (2).wmv
2011-12-08 23:01 - 2011-12-08 23:01 - 0697366 ____A C:\Users\henrye\Downloads\01 (4).wmv
2011-12-08 21:51 - 2011-12-08 21:34 - 317327167 ____A C:\Users\henrye\Downloads\Ransom.Everglades.mp4
2011-12-08 13:08 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Branding
2011-12-08 10:22 - 2010-10-12 15:55 - 0000465 ____A C:\rkill.log
2011-12-08 10:18 - 2011-12-08 10:18 - 0001205 ____A C:\Users\henrye\Desktop\FixNCR.reg
2011-12-08 09:57 - 2011-12-08 09:47 - 0072454 ____A C:\TDSSKiller.2.6.22.0_08.12.2011_12.47.29_log.txt
2011-12-08 09:46 - 2011-12-08 09:46 - 1577776 ____A (Kaspersky Lab ZAO) C:\Users\henrye\Desktop\123.com.exe
2011-12-08 08:45 - 2011-12-08 08:45 - 1008120 ____A C:\Users\henrye\Desktop\rkill.com
2011-12-08 07:55 - 2007-08-10 10:45 - 0006324 ____A C:\Users\henrye\AppData\Local\d3d9caps.dat
2011-12-07 22:54 - 2011-12-07 22:38 - 0012200 __ASH C:\Users\henrye\AppData\Local\065138w3k424e008w067x4kkg6j2
2011-12-07 22:54 - 2011-12-07 22:38 - 0012200 __ASH C:\ProgramData\065138w3k424e008w067x4kkg6j2
2011-12-03 04:46 - 2011-12-03 04:46 - 0912548 ____A C:\Users\henrye\Downloads\4 (1).wmv
2011-12-03 04:25 - 2011-12-03 04:25 - 1972224 ____A C:\Users\henrye\Downloads\sample1.mpg


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6


========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2037.5 MB
Available physical RAM: 1628.45 MB
Total Pagefile: 1826.01 MB
Available Pagefile: 1685.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.41 GB) (Free:17.44 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (VISTA_32_BUSINESS) (CDROM) (Total:2.86 GB) (Free:0 GB) CDFS
3 Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:1.71 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 433 KB
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 118 MB 32 KB
Partition 2 Primary 74 GB 118 MB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 118 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 74 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7647 MB 1124 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Lexar FAT32 Removable 7647 MB Healthy



==========================================================

Last Boot: 2012-02-28 23:31

======================= End Of Log ==========================

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,412 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 PM

Posted 29 February 2012 - 09:28 PM

Greetings taylor354565,

Thank you for your patience. A delay in responding does not mean you are being ignored. These logs can be complicated to work through.

While you are waiting, I appreciate you not making any changes to your computer as this would certainly complicate matters.

I would like you to perform the below. Once we get that information we will be better prepared to provide an actual fix that will most likely allow you to boot up again and delete the malware on your machine.


===================================================


Farbar's Recovery Scan Tool - Search for File

--------------------

  • In Vista or Windows 7: Boot to System Recovery Options and run FRST.
  • Type the following in the edit box after "Search:". Please be certain to type it exactly as it is below.

    serial.sys;afd.sys;i8042prt.sys;tdx.sys;csc.sys;smb.sys

  • Note: The file names should be separated by semicolon (;)
  • It then should look like:

    Search: serial.sys;afd.sys;i8042prt.sys;tdx.sys;csc.sys;smb.sys

  • Click Search button and post the log (Search.txt) it makes to your reply.
===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Search.txt

Edited by farbar, 01 March 2012 - 03:31 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 taylor354565

taylor354565
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 01 March 2012 - 01:12 PM

Farbar Recovery Scan Tool Version: 29-02-2012 01
Ran by SYSTEM at 2012-03-01 12:57:23
Running from E:\

================== Search: "serial.sys;afd.sys;i8042prt.sys;tdx.sys;csc.sys;smb.sys" ===================

C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) BEA9838CD25D36BEBA3F94386A761D60

C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) 1C9EE072BAA3ABB460B91D7EE9152660

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2006-11-02 00:58] - [2012-02-12 22:31] - 0270336 ____N (Microsoft Corporation) 5D24CAF8EFD924A875698FF28384DB8B

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2006-11-02 00:57] - [2006-11-02 00:57] - 0068096 ____A () C46E1BFEAD0A2B4105C9FBC8DA30A930

C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6000.16386_none_9c1186eb5efc3942\csc.sys
[2006-11-02 04:36] - [2012-02-12 22:31] - 0319488 ____A () 7DE7CB3261CA6FB1B79E1B5DB209C216

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6000.16386_none_5d33cf37fb0b3064\smb.sys
[2006-11-02 00:57] - [2006-11-02 00:57] - 0066048 ____A () 3384FFCA1737633DA475E1139B2CA8CF

C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) BEA9838CD25D36BEBA3F94386A761D60

C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) 1C9EE072BAA3ABB460B91D7EE9152660

C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys
[2006-11-02 02:25] - [2006-11-02 00:51] - 0083456 ____A (Microsoft Corporation) C70D69A918B178D3C3B06339B40C2E1B

C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) 1C9EE072BAA3ABB460B91D7EE9152660

C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2006-11-02 02:25] - [2006-11-02 00:51] - 0054784 ____A (Microsoft Corporation) 1060F1377F395A242E27719440ECE602

C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008-02-15 00:07] - [2008-02-15 00:07] - 0054784 ____A (Microsoft Corporation) 1C9EE072BAA3ABB460B91D7EE9152660

C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006-11-02 02:25] - [2006-11-02 00:51] - 0054784 ____A (Microsoft Corporation) 1060F1377F395A242E27719440ECE602

C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006-11-02 02:25] - [2006-11-02 00:51] - 0083456 ____A (Microsoft Corporation) C70D69A918B178D3C3B06339B40C2E1B

C:\Windows\System32\drivers\serial.sys
[2006-11-02 00:51] - [2006-11-02 00:51] - 0083456 ____A () F0A2274F07B4FE1C6A17075D4145FB2A

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2008-09-16 22:15] - [2008-01-18 21:49] - 0083456 ____A (Microsoft Corporation) 6D663022DB3E7058907784AE14B69898

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008-09-16 22:15] - [2008-01-18 21:49] - 0054784 ____A (Microsoft Corporation) 22D56C8184586B7A1F6FA60BE5F5A2BD

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-09-16 22:19] - [2008-01-18 21:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[2008-09-16 22:18] - [2008-01-18 21:55] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6001.18000_none_9e4848e75be74a16\csc.sys
[2008-09-16 22:20] - [2008-01-18 21:28] - 0350720 ____A (Microsoft Corporation) 9A5434125C3DFE42393DE4BBB791BD19

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys
[2008-09-16 22:17] - [2008-01-18 21:55] - 0066560 ____A (Microsoft Corporation) 031E6BCD53C9B2B9ACE111EAFEC347B6

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008-09-16 22:15] - [2008-01-18 21:49] - 0054784 ____A (Microsoft Corporation) 22D56C8184586B7A1F6FA60BE5F5A2BD

C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008-09-16 22:15] - [2008-01-18 21:49] - 0083456 ____A (Microsoft Corporation) 6D663022DB3E7058907784AE14B69898

=== End Of Search ===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users