Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

5400372.exe?


  • This topic is locked This topic is locked
49 replies to this topic

#1 frustratedex

frustratedex

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 20 February 2012 - 11:55 PM

I ran a Kaspersky virus scan and found several entries of this exe file along with files that have tomorrows date and time stamp of 4:59.exe. There were some password protected setup files, which I don't know why they are there. When I went into explorer to find the files Kaspersky said were there they were not found. Everything came back ok according to the scan but I don't know what these files are and am afraid I'm infected with something. Please, please help.

I've attached the file from the Kaspersky scan because it said the message said it was too long when I tried to post.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 26 February 2012 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know the problems you are having with this computer.

#3 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 26 February 2012 - 05:08 PM

I've downloaded both programs to the desktop but when I try to run either of them, the operation freezes. I am going to try to run it in safemode and will post results shortly.

Problems I've had since I posted: I can no longer run administrative tools. They freeze up and never run. Computer running slower than normal. CPU usage extremely high (100% usually).

Oh and I forgot to add earlier that when I can actually get microsoft security essentials to do a scan without freezing, it registers nothing and then the next time I log into my computer it says the last scan done by m.s.e. was 2/5. Also updates will download but when I click to install them, computer just freezes.

Edited by frustratedex, 26 February 2012 - 05:27 PM.


#4 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 26 February 2012 - 05:28 PM

OK. So I was able to run the programs you asked for in Safemode only.


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_29
Run by Mary at 17:14:37 on 2012-02-26
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1555 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://live.sysinternals.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: toshibadirect.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{64BADA19-343B-44FD-94FA-B7E488A08027} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mary\appdata\roaming\mozilla\firefox\profiles\03e3sjzc.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://live.sysinternals.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-25 652360]
S3 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-25 20464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 RIDNJWKU;RIDNJWKU;c:\users\mary\appdata\local\temp\ridnjwku.exe --> c:\users\mary\appdata\local\temp\RIDNJWKU.exe [?]
S4 MSQAK;MSQAK;c:\users\mary\appdata\local\temp\msqak.exe --> c:\users\mary\appdata\local\temp\MSQAK.exe [?]
S4 PNPLCI;PNPLCI;c:\users\mary\appdata\local\temp\pnplci.exe --> c:\users\mary\appdata\local\temp\PNPLCI.exe [?]
S4 XDAO;XDAO;c:\users\mary\appdata\local\temp\xdao.exe --> c:\users\mary\appdata\local\temp\XDAO.exe [?]
.
=============== Created Last 30 ================
.
2012-02-26 03:43:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-26 03:00:32 -------- d-----w- c:\users\mary\appdata\roaming\Malwarebytes
2012-02-26 03:00:18 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 03:00:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 03:00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-25 23:58:58 -------- d-s---w- C:\ComboFix
2012-02-25 23:06:53 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{32ae9a93-57d2-4743-b6bc-05ffb8a8b9fb}\mpengine.dll
2012-02-21 14:02:57 -------- d-----w- c:\program files\iPod
2012-02-21 14:02:55 -------- d-----w- c:\program files\iTunes
2012-02-21 13:56:34 -------- d-----w- c:\program files\Bonjour
2012-02-21 02:52:13 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-17 04:01:20 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-02-17 03:58:58 268800 ----a-w- c:\windows\system32\es.dll
2012-02-16 23:37:43 52616 ---ha-w- c:\windows\system32\drivers\PROCMON20.SYS
2012-02-12 12:05:38 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-02-12 12:05:38 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-02-12 11:32:48 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-12 11:32:46 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-02-12 11:32:46 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-02-12 11:32:46 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-02-12 11:32:46 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-02-12 11:32:45 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-02-12 11:32:45 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-02-12 11:32:42 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-02-12 11:32:42 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-02-12 10:31:40 -------- d-----w- c:\users\mary\appdata\roaming\PeerNetworking
2012-02-12 08:41:11 -------- d-----w- C:\b2ea88b602814c1f6edb44
2012-02-12 08:36:32 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-12 03:44:49 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-02-12 03:44:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-02-12 03:44:49 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-02-12 03:44:49 24064 ----a-w- c:\windows\system32\lpk.dll
2012-02-12 03:44:49 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-02-12 03:44:49 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-02-12 03:39:05 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-02-12 03:39:04 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-02-12 03:39:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-02-12 03:39:04 272896 ----a-w- c:\windows\system32\polstore.dll
2012-02-12 03:36:08 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-02-12 03:36:08 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-02-12 03:31:38 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-02-12 03:31:37 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-02-12 03:31:37 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-02-12 03:28:56 15360 ----a-w- c:\windows\system32\netevent.dll
2012-02-12 03:28:56 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-02-12 03:28:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-02-12 03:28:55 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-02-12 03:28:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-02-12 03:28:55 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-02-12 03:28:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-02-12 03:28:55 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-02-12 03:28:55 10240 ----a-w- c:\windows\system32\finger.exe
2012-02-12 03:26:49 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-02-12 03:26:48 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-02-12 03:26:46 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-02-12 03:26:45 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-12 03:26:45 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2012-02-12 03:26:44 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2012-02-12 03:26:44 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2012-02-12 03:26:41 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-02-12 03:25:20 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-02-12 03:25:20 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-02-12 03:24:02 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-02-12 03:24:00 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-02-12 03:23:59 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-02-12 03:23:59 502784 ----a-w- c:\windows\system32\wlansvc.dll
2012-02-12 03:23:59 299520 ----a-w- c:\windows\system32\wlansec.dll
2012-02-12 03:23:59 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2012-02-12 03:22:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-02-12 03:22:23 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-02-12 03:22:22 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-02-12 03:22:22 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-02-12 03:20:42 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-12 03:19:07 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-02-12 03:19:07 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-02-12 03:19:06 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-12 03:17:22 98816 ----a-w- c:\windows\system32\mfps.dll
2012-02-12 03:17:22 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-02-12 03:17:22 2855424 ----a-w- c:\windows\system32\mf.dll
2012-02-12 03:17:22 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-02-12 03:17:22 2048 ----a-w- c:\windows\system32\mferror.dll
2012-02-12 03:15:42 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-12 03:15:41 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-12 03:11:39 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-02-12 03:10:19 71680 ----a-w- c:\windows\system32\atl.dll
2012-02-12 03:08:59 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-02-12 03:07:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-02-12 03:07:40 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-02-12 02:46:48 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-02-12 02:46:48 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-02-12 02:45:28 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-02-12 02:44:07 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-02-12 02:44:07 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-02-12 02:44:07 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-02-12 02:42:05 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-02-12 02:39:29 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-02-12 02:37:44 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-02-12 02:36:18 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-02-12 02:36:17 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-02-12 02:36:17 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-02-12 02:36:17 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-02-12 02:36:17 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-02-12 02:36:16 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-02-12 02:33:46 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2012-02-12 02:33:45 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-02-12 02:33:44 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2012-02-12 02:33:44 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2012-02-12 02:30:37 1244672 ----a-w- c:\windows\system32\mcmde.dll
2012-02-12 02:30:36 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2012-02-12 02:30:35 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-02-12 02:30:35 428032 ----a-w- c:\windows\system32\EncDec.dll
2012-02-12 02:30:34 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-02-12 02:30:34 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-02-12 02:30:34 292352 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-12 02:30:34 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-12 02:26:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-12 02:25:05 696832 ----a-w- c:\windows\system32\localspl.dll
2012-02-12 02:22:30 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-02-12 02:22:30 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-02-12 02:22:30 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2012-02-12 02:22:30 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2012-02-12 02:22:29 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-02-12 02:22:28 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2012-02-12 02:21:23 2923520 ----a-w- c:\windows\explorer.exe
2012-02-12 02:20:03 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-02-12 02:20:03 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-12 02:20:02 8704 ----a-w- c:\windows\system32\hcrstco.dll
2012-02-12 02:20:02 8704 ----a-w- c:\windows\system32\hccoin.dll
2012-02-12 02:20:02 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-02-12 02:20:02 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-02-12 02:20:02 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-02-12 02:20:01 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-02-12 02:17:47 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-02-12 02:16:27 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-02-12 02:16:27 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-02-12 02:16:26 7680 ----a-w- c:\windows\system32\lsass.exe
2012-02-12 02:16:26 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-12 02:16:26 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-12 02:16:26 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-12 02:16:25 272384 ----a-w- c:\windows\system32\schannel.dll
2012-02-12 02:14:54 24064 ----a-w- c:\windows\system32\netcfg.exe
2012-02-12 02:12:59 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2012-02-12 02:06:36 1585664 ----a-w- c:\windows\system32\setupapi.dll
2012-02-12 02:02:28 549888 ----a-w- c:\windows\system32\rpcss.dll
2012-02-12 02:02:27 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-02-12 02:02:26 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-02-12 02:02:26 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2012-02-12 02:02:26 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2012-02-12 02:02:25 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-02-12 02:02:25 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2012-02-12 02:02:23 97280 ----a-w- c:\windows\system32\iasrecst.dll
2012-02-12 02:02:23 53248 ----a-w- c:\windows\system32\iasads.dll
2012-02-12 02:02:23 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2012-02-12 02:02:23 158720 ----a-w- c:\windows\system32\sdohlp.dll
2012-02-12 02:01:09 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-02-12 02:01:09 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-02-12 01:58:55 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-02-12 01:58:55 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-12 01:58:55 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-02-12 01:58:55 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2012-02-12 01:58:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-02-12 01:58:54 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-12 01:58:54 22016 ----a-w- c:\windows\system32\netiougc.exe
2012-02-12 01:57:00 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-02-12 01:55:59 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2012-02-12 01:55:59 223232 ----a-w- c:\windows\system32\WMASF.DLL
2012-02-12 01:55:59 2048 ----a-w- c:\windows\system32\asferror.dll
2012-02-12 01:54:44 25600 ----a-w- c:\windows\system32\amxread.dll
2012-02-12 01:54:44 14848 ----a-w- c:\windows\system32\apilogen.dll
2012-02-12 01:53:29 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2012-02-12 01:53:29 223232 ----a-w- c:\windows\system32\SLC.dll
2012-02-12 01:53:28 33280 ----a-w- c:\windows\system32\slwmi.dll
2012-02-12 01:53:27 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2012-02-12 01:53:27 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2012-02-12 01:53:27 351232 ----a-w- c:\windows\system32\SLUI.exe
2012-02-12 01:53:27 186368 ----a-w- c:\windows\system32\SLLUA.exe
2012-02-12 01:53:25 39936 ----a-w- c:\windows\system32\slcinst.dll
2012-02-12 01:53:25 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2012-02-12 01:51:38 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-12 01:51:38 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-02-12 01:51:37 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-12 01:41:18 97792 ----a-w- c:\windows\system32\cabview.dll
2012-02-12 01:39:23 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-02-12 01:39:22 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-02-12 01:39:20 1984512 ----a-w- c:\windows\system32\authui.dll
2012-02-12 01:39:20 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-02-12 01:39:20 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-02-12 01:39:17 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-02-12 01:39:15 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-02-12 01:37:20 441856 ----a-w- c:\windows\system32\win32spl.dll
2012-02-12 01:37:20 37376 ----a-w- c:\windows\system32\printcom.dll
2012-02-12 01:36:21 2031104 ----a-w- c:\windows\system32\win32k.sys
2012-02-12 01:35:15 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-02-12 01:35:15 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-02-12 01:34:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-02-12 01:34:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-02-12 01:34:01 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-02-12 01:32:30 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-02-12 01:32:29 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-02-12 01:32:28 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-02-12 01:32:26 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-02-12 01:32:26 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-02-12 01:32:23 472576 ----a-w- c:\windows\system32\secproc.dll
2012-02-12 01:32:22 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-02-12 01:32:18 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-02-12 01:32:17 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-02-12 01:31:06 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2012-02-12 01:31:05 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2012-02-12 01:31:05 11776 ----a-w- c:\windows\system32\sbunattend.exe
2012-02-12 01:29:11 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-02-12 01:29:11 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-02-12 01:22:53 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-02-12 01:22:53 11264 ----a-w- c:\windows\system32\icardres.dll
2012-02-12 01:22:52 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-02-12 01:22:52 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-02-12 01:22:44 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-02-12 01:22:42 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-12 01:22:42 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-12 01:22:41 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-02-12 00:54:24 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-02-12 00:54:23 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-12 00:54:21 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-02-12 00:54:21 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-02-12 00:54:20 83968 ----a-w- c:\windows\system32\mscories.dll
2012-02-12 00:38:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-02-12 00:38:21 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-02-12 00:38:21 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-02-12 00:37:21 94720 ----a-w- c:\windows\system32\logagent.exe
2012-02-12 00:37:20 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-02-12 00:36:43 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-02-12 00:36:29 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-02-12 00:36:29 737792 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-12 00:36:06 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-02-12 00:35:44 1645568 ----a-w- c:\windows\system32\connect.dll
2012-02-12 00:35:17 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2012-02-12 00:34:29 396800 ----a-w- c:\windows\system32\drivers\http.sys
2012-02-12 00:34:29 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-02-12 00:34:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-02-12 00:31:53 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-02-12 00:29:53 274432 ----a-w- c:\windows\system32\raschap.dll
2012-02-12 00:29:53 232960 ----a-w- c:\windows\system32\rastls.dll
2012-02-12 00:29:29 321536 ----a-w- c:\windows\system32\WSDApi.dll
2012-02-12 00:27:32 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-02-12 00:27:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-02-12 00:27:32 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2012-02-12 00:27:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-02-12 00:27:31 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-02-12 00:27:31 1327616 ----a-w- c:\windows\system32\quartz.dll
2012-02-12 00:27:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-02-12 00:27:30 88576 ----a-w- c:\windows\system32\avifil32.dll
2012-02-12 00:27:30 31232 ----a-w- c:\windows\system32\msvidc32.dll
2012-02-12 00:27:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-02-12 00:27:06 750080 ----a-w- c:\windows\system32\qmgr.dll
2012-02-12 00:26:52 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-02-03 23:04:44 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-02-03 22:01:00 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-02-02 12:07:14 -------- d-----w- c:\users\mary\appdata\local\Eastman_Kodak_Company
2012-02-02 12:05:10 -------- d-----w- c:\windows\system32\kodak
2012-02-02 04:51:03 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{db6d58ea-21e6-4ded-95e0-52e30daa6928}\gapaengine.dll
2012-01-29 18:13:55 -------- d-----w- c:\users\mary\{8a410542-3138-4757-be41-a96b57af0240}
2012-01-29 18:12:29 -------- d-----w- c:\program files\Kodak
2012-01-29 18:11:27 -------- d-----w- c:\users\mary\appdata\roaming\Temp
2012-01-29 18:11:26 -------- d-----w- c:\programdata\Kodak
2012-01-29 13:47:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-01-29 13:46:40 -------- d-----w- c:\users\mary\appdata\local\Microsoft Help
2012-01-29 13:01:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-29 12:58:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-28 14:23:12 -------- d-----w- c:\users\mary\appdata\local\Adobe
2012-01-28 05:34:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-28 01:34:10 -------- d-----w- c:\users\mary\appdata\local\Apple Computer
2012-01-28 01:26:25 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-28 01:26:25 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-01-28 01:25:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-01-28 01:25:23 -------- d-----w- c:\users\mary\appdata\local\Apple
2012-01-28 01:09:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-01-28 01:09:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-01-28 01:08:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-01-28 01:08:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-01-28 00:03:35 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2012-01-28 00:03:27 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2012-01-28 00:02:13 -------- d-----w- c:\program files\Synaptics
2012-01-28 00:00:03 737280 ----a-w- c:\windows\system32\athr.sys
2012-01-28 00:00:03 -------- d-----w- c:\program files\Atheros
2012-01-27 23:59:43 -------- d-----w- c:\programdata\Atheros
2012-01-27 23:59:04 269096 ----a-w- c:\windows\RTKVADDA.EXE
2012-01-27 23:57:59 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-01-27 23:57:59 315392 ----a-w- c:\windows\HideWin.exe
2012-01-27 23:53:50 -------- d-----w- c:\program files\ATI Technologies
2012-01-27 23:51:41 -------- d-----w- c:\program files\ATI
2012-01-27 23:51:33 7680 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2012-01-27 23:46:12 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2012-01-27 23:46:12 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-01-27 23:45:20 -------- d-----w- c:\windows\PCHEALTH
2012-01-27 23:39:28 -------- d-----w- C:\WORKSSETUP
2012-01-27 22:51:05 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-01-27 22:26:09 -------- d-----w- c:\users\mary\appdata\roaming\WinBatch
2012-01-27 22:23:39 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2012-02-17 03:58:12 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2012-02-12 03:41:56 72704 ----a-w- c:\windows\system32\admparse.dll
2012-02-12 03:41:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-02-12 03:41:54 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-02-12 03:41:47 389120 ----a-w- c:\windows\system32\html.iec
2012-02-12 03:41:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-02-12 03:41:46 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-12 03:41:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-12 03:41:42 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-12 03:41:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-12 03:41:36 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-02-12 02:13:10 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2012-02-12 02:12:59 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-02-12 02:05:56 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui
2012-02-12 01:54:44 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-02-12 00:38:25 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-02-12 00:38:24 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-02-12 00:38:23 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-02-12 00:38:23 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-02-12 00:38:22 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2012-01-27 22:45:40 319456 ----a-w- c:\windows\DIFxAPI.dll
.
============= FINISH: 17:16:08.47 ===============

#5 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 26 February 2012 - 05:30 PM

Oh and 1 more thing---itunes was installed while I was at work. Computer was off. I did a restore as I have no use for itunes and deleted the setup files.

Results of screen317's Security Check version 0.99.31
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 11.1.102.62
Adobe Reader X (10.1.2)
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#6 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 26 February 2012 - 05:47 PM

When I closed firefox, there were 3 ATIs in my taskbar. It did go down to 1 but I found that strange.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 27 February 2012 - 09:30 AM

Try to run these tools.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#8 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 February 2012 - 09:59 PM

21:52:07.0989 2348 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
21:52:08.0333 2348 ============================================================
21:52:08.0333 2348 Current date / time: 2012/02/27 21:52:08.0333
21:52:08.0333 2348 SystemInfo:
21:52:08.0333 2348
21:52:08.0333 2348 OS Version: 6.0.6000 ServicePack: 0.0
21:52:08.0333 2348 Product type: Workstation
21:52:08.0333 2348 ComputerName: MARY-PC
21:52:08.0333 2348 UserName: Mary
21:52:08.0333 2348 Windows directory: C:\Windows
21:52:08.0333 2348 System windows directory: C:\Windows
21:52:08.0333 2348 Processor architecture: Intel x86
21:52:08.0333 2348 Number of processors: 2
21:52:08.0333 2348 Page size: 0x1000
21:52:08.0333 2348 Boot type: Normal boot
21:52:08.0333 2348 ============================================================
21:52:09.0768 2348 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:09.0783 2348 \Device\Harddisk0\DR0:
21:52:09.0783 2348 MBR used
21:52:09.0783 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
21:52:09.0830 2348 Initialize success
21:52:09.0830 2348 ============================================================
21:52:13.0247 3084 ============================================================
21:52:13.0247 3084 Scan started
21:52:13.0247 3084 Mode: Manual;
21:52:13.0247 3084 ============================================================
21:52:15.0119 3084 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
21:52:15.0119 3084 ACPI - ok
21:52:16.0367 3084 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:52:16.0382 3084 adp94xx - ok
21:52:17.0583 3084 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:52:17.0599 3084 adpahci - ok
21:52:19.0019 3084 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:52:19.0034 3084 adpu160m - ok
21:52:20.0235 3084 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:52:20.0235 3084 adpu320 - ok
21:52:21.0468 3084 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
21:52:21.0483 3084 AFD - ok
21:52:22.0700 3084 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:52:22.0700 3084 agp440 - ok
21:52:23.0948 3084 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:52:23.0948 3084 aic78xx - ok
21:52:25.0165 3084 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:52:25.0165 3084 aliide - ok
21:52:26.0382 3084 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:52:26.0397 3084 amdagp - ok
21:52:27.0630 3084 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:52:27.0630 3084 amdide - ok
21:52:28.0847 3084 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:52:28.0847 3084 AmdK7 - ok
21:52:30.0079 3084 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
21:52:30.0079 3084 AmdK8 - ok
21:52:31.0343 3084 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:52:31.0343 3084 arc - ok
21:52:32.0606 3084 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:52:32.0606 3084 arcsas - ok
21:52:33.0854 3084 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:33.0854 3084 AsyncMac - ok
21:52:35.0087 3084 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
21:52:35.0087 3084 atapi - ok
21:52:36.0366 3084 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
21:52:36.0397 3084 athr - ok
21:52:37.0739 3084 atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys
21:52:37.0754 3084 atikmdag - ok
21:52:38.0987 3084 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:52:38.0987 3084 AtiPcie - ok
21:52:40.0250 3084 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
21:52:40.0250 3084 Beep - ok
21:52:41.0451 3084 blbdrive - ok
21:52:42.0684 3084 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
21:52:42.0684 3084 bowser - ok
21:52:43.0901 3084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:52:43.0901 3084 BrFiltLo - ok
21:52:45.0117 3084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:52:45.0117 3084 BrFiltUp - ok
21:52:46.0350 3084 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:52:46.0350 3084 Brserid - ok
21:52:47.0582 3084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:52:47.0582 3084 BrSerWdm - ok
21:52:48.0861 3084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:52:48.0861 3084 BrUsbMdm - ok
21:52:50.0094 3084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:52:50.0094 3084 BrUsbSer - ok
21:52:51.0326 3084 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:52:51.0326 3084 BTHMODEM - ok
21:52:51.0560 3084 catchme - ok
21:52:52.0808 3084 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
21:52:52.0808 3084 cdfs - ok
21:52:54.0041 3084 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
21:52:54.0041 3084 Cdr4_xp - ok
21:52:55.0273 3084 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
21:52:55.0273 3084 Cdralw2k - ok
21:52:56.0599 3084 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
21:52:56.0599 3084 cdrom - ok
21:52:57.0863 3084 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:52:57.0878 3084 circlass - ok
21:52:58.0986 3084 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
21:52:58.0986 3084 CLFS - ok
21:53:00.0265 3084 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
21:53:00.0265 3084 CmBatt - ok
21:53:01.0482 3084 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:53:01.0482 3084 cmdide - ok
21:53:02.0683 3084 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
21:53:02.0699 3084 Compbatt - ok
21:53:03.0915 3084 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:53:03.0915 3084 crcdisk - ok
21:53:05.0163 3084 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:53:05.0163 3084 Crusoe - ok
21:53:06.0458 3084 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
21:53:06.0458 3084 DfsC - ok
21:53:08.0861 3084 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
21:53:08.0861 3084 disk - ok
21:53:10.0124 3084 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
21:53:10.0124 3084 drmkaud - ok
21:53:11.0341 3084 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
21:53:11.0341 3084 DXGKrnl - ok
21:53:12.0605 3084 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:53:12.0605 3084 E1G60 - ok
21:53:13.0884 3084 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
21:53:13.0884 3084 Ecache - ok
21:53:15.0194 3084 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:53:15.0210 3084 elxstor - ok
21:53:16.0442 3084 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
21:53:16.0442 3084 fastfat - ok
21:53:17.0659 3084 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:53:17.0675 3084 fdc - ok
21:53:18.0923 3084 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
21:53:18.0923 3084 FileInfo - ok
21:53:20.0139 3084 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
21:53:20.0139 3084 Filetrace - ok
21:53:21.0419 3084 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:53:21.0434 3084 flpydisk - ok
21:53:22.0651 3084 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
21:53:22.0651 3084 FltMgr - ok
21:53:23.0915 3084 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:23.0915 3084 Fs_Rec - ok
21:53:25.0163 3084 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:53:25.0163 3084 gagp30kx - ok
21:53:26.0379 3084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:53:26.0379 3084 GEARAspiWDM - ok
21:53:27.0659 3084 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:53:27.0659 3084 HdAudAddService - ok
21:53:28.0922 3084 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:28.0922 3084 HDAudBus - ok
21:53:30.0155 3084 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:53:30.0155 3084 HidBth - ok
21:53:31.0403 3084 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:53:31.0403 3084 HidIr - ok
21:53:32.0604 3084 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:32.0619 3084 HidUsb - ok
21:53:33.0836 3084 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:53:33.0836 3084 HpCISSs - ok
21:53:35.0162 3084 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
21:53:35.0178 3084 HTTP - ok
21:53:36.0473 3084 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:53:36.0488 3084 i2omp - ok
21:53:37.0752 3084 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:37.0752 3084 i8042prt - ok
21:53:38.0984 3084 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:53:38.0984 3084 iaStorV - ok
21:53:40.0217 3084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:53:40.0217 3084 iirsp - ok
21:53:41.0496 3084 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
21:53:41.0543 3084 IntcAzAudAddService - ok
21:53:42.0791 3084 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:53:42.0791 3084 intelide - ok
21:53:44.0007 3084 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:44.0007 3084 intelppm - ok
21:53:45.0255 3084 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:45.0255 3084 IpFilterDriver - ok
21:53:46.0425 3084 IpInIp - ok
21:53:47.0611 3084 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:53:47.0611 3084 IPMIDRV - ok
21:53:48.0828 3084 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
21:53:48.0828 3084 IPNAT - ok
21:53:50.0060 3084 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
21:53:50.0060 3084 IRENUM - ok
21:53:51.0308 3084 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:53:51.0308 3084 isapnp - ok
21:53:52.0572 3084 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
21:53:52.0587 3084 iScsiPrt - ok
21:53:53.0789 3084 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:53:53.0789 3084 iteatapi - ok
21:53:55.0021 3084 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:53:55.0021 3084 iteraid - ok
21:53:56.0269 3084 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:56.0285 3084 kbdclass - ok
21:53:57.0501 3084 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:53:57.0501 3084 kbdhid - ok
21:53:58.0749 3084 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
21:53:58.0749 3084 KR10I - ok
21:53:59.0997 3084 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
21:53:59.0997 3084 KR10N - ok
21:54:01.0292 3084 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
21:54:01.0401 3084 KR3NPXP - ok
21:54:02.0634 3084 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
21:54:02.0649 3084 KSecDD - ok
21:54:03.0882 3084 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
21:54:03.0882 3084 lltdio - ok
21:54:05.0099 3084 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
21:54:05.0099 3084 LPCFilter - ok
21:54:06.0315 3084 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:54:06.0315 3084 LSI_FC - ok
21:54:07.0532 3084 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:54:07.0532 3084 LSI_SAS - ok
21:54:08.0765 3084 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:54:08.0765 3084 LSI_SCSI - ok
21:54:09.0981 3084 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
21:54:09.0981 3084 luafv - ok
21:54:11.0198 3084 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:54:11.0198 3084 MBAMProtector - ok
21:54:12.0415 3084 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:54:12.0415 3084 megasas - ok
21:54:12.0633 3084 MFE_RR - ok
21:54:13.0850 3084 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
21:54:13.0866 3084 Modem - ok
21:54:15.0051 3084 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
21:54:15.0051 3084 monitor - ok
21:54:16.0253 3084 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
21:54:16.0268 3084 mouclass - ok
21:54:17.0501 3084 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
21:54:17.0579 3084 mouhid - ok
21:54:18.0780 3084 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
21:54:18.0780 3084 MountMgr - ok
21:54:19.0997 3084 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:54:19.0997 3084 MpFilter - ok
21:54:21.0213 3084 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:54:21.0213 3084 mpio - ok
21:54:22.0430 3084 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:54:22.0430 3084 MpNWMon - ok
21:54:23.0663 3084 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
21:54:23.0663 3084 mpsdrv - ok
21:54:24.0911 3084 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:54:24.0926 3084 Mraid35x - ok
21:54:26.0159 3084 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
21:54:26.0174 3084 MRxDAV - ok
21:54:27.0407 3084 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:27.0407 3084 mrxsmb - ok
21:54:28.0670 3084 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:28.0670 3084 mrxsmb10 - ok
21:54:29.0887 3084 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:29.0887 3084 mrxsmb20 - ok
21:54:31.0088 3084 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:54:31.0088 3084 msahci - ok
21:54:32.0289 3084 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:54:32.0289 3084 msdsm - ok
21:54:33.0537 3084 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
21:54:33.0537 3084 Msfs - ok
21:54:34.0770 3084 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
21:54:34.0770 3084 msisadrv - ok
21:54:36.0002 3084 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
21:54:36.0002 3084 MSKSSRV - ok
21:54:37.0188 3084 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:37.0188 3084 MSPCLOCK - ok
21:54:38.0405 3084 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
21:54:38.0405 3084 MSPQM - ok
21:54:39.0621 3084 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
21:54:39.0621 3084 MsRPC - ok
21:54:40.0838 3084 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
21:54:40.0838 3084 mssmbios - ok
21:54:42.0039 3084 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
21:54:42.0039 3084 MSTEE - ok
21:54:43.0256 3084 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
21:54:43.0256 3084 Mup - ok
21:54:44.0520 3084 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
21:54:44.0520 3084 NativeWifiP - ok
21:54:45.0783 3084 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
21:54:45.0783 3084 NDIS - ok
21:54:47.0016 3084 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:47.0016 3084 NdisTapi - ok
21:54:48.0217 3084 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:48.0217 3084 Ndisuio - ok
21:54:49.0434 3084 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:49.0434 3084 NdisWan - ok
21:54:50.0666 3084 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
21:54:50.0666 3084 NDProxy - ok
21:54:51.0914 3084 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
21:54:51.0914 3084 NetBIOS - ok
21:54:53.0115 3084 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
21:54:53.0115 3084 netbt - ok
21:54:54.0363 3084 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:54:54.0363 3084 nfrd960 - ok
21:54:55.0596 3084 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
21:54:55.0596 3084 Npfs - ok
21:54:56.0844 3084 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
21:54:56.0844 3084 nsiproxy - ok
21:54:58.0107 3084 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
21:54:58.0123 3084 Ntfs - ok
21:54:59.0340 3084 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:54:59.0355 3084 ntrigdigi - ok
21:55:00.0541 3084 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
21:55:00.0541 3084 Null - ok
21:55:01.0758 3084 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:55:01.0758 3084 nvraid - ok
21:55:02.0959 3084 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:55:02.0959 3084 nvstor - ok
21:55:04.0160 3084 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:55:04.0160 3084 nv_agp - ok
21:55:05.0377 3084 NwlnkFlt - ok
21:55:06.0563 3084 NwlnkFwd - ok
21:55:07.0795 3084 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
21:55:07.0795 3084 ohci1394 - ok
21:55:09.0074 3084 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:55:09.0090 3084 Parport - ok
21:55:10.0307 3084 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
21:55:10.0307 3084 partmgr - ok
21:55:11.0523 3084 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:55:11.0523 3084 Parvdm - ok
21:55:12.0725 3084 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
21:55:12.0725 3084 pci - ok
21:55:13.0988 3084 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
21:55:13.0988 3084 pciide - ok
21:55:15.0189 3084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
21:55:15.0189 3084 pcmcia - ok
21:55:16.0453 3084 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:55:16.0469 3084 PEAUTH - ok
21:55:16.0656 3084 PORTMON - ok
21:55:17.0857 3084 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:17.0857 3084 PptpMiniport - ok
21:55:19.0074 3084 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:55:19.0074 3084 Processor - ok
21:55:20.0291 3084 PROCMON20 (469c7f2271d717e607996a65d704cada) C:\Windows\system32\Drivers\PROCMON20.SYS
21:55:20.0291 3084 PROCMON20 - ok
21:55:21.0539 3084 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
21:55:21.0539 3084 PSched - ok
21:55:22.0771 3084 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
21:55:22.0771 3084 PxHelp20 - ok
21:55:24.0035 3084 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:55:24.0050 3084 ql2300 - ok
21:55:25.0251 3084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:55:25.0251 3084 ql40xx - ok
21:55:26.0484 3084 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
21:55:26.0484 3084 QWAVEdrv - ok
21:55:27.0701 3084 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:27.0701 3084 RasAcd - ok
21:55:28.0917 3084 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:28.0917 3084 Rasl2tp - ok
21:55:30.0119 3084 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:30.0119 3084 RasPppoe - ok
21:55:31.0320 3084 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:31.0335 3084 rdbss - ok
21:55:32.0537 3084 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:32.0537 3084 RDPCDD - ok
21:55:33.0738 3084 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:55:33.0753 3084 rdpdr - ok
21:55:34.0955 3084 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
21:55:34.0955 3084 RDPENCDD - ok
21:55:36.0171 3084 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
21:55:36.0187 3084 RDPWD - ok
21:55:37.0451 3084 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:37.0451 3084 rspndr - ok
21:55:38.0652 3084 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:55:38.0652 3084 RTL8169 - ok
21:55:39.0869 3084 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:55:39.0869 3084 sbp2port - ok
21:55:41.0148 3084 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
21:55:41.0148 3084 sdbus - ok
21:55:42.0349 3084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:55:42.0349 3084 secdrv - ok
21:55:43.0581 3084 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:55:43.0581 3084 Serenum - ok
21:55:44.0783 3084 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:55:44.0783 3084 Serial - ok
21:55:46.0046 3084 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
21:55:46.0046 3084 sermouse - ok
21:55:47.0263 3084 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:55:47.0263 3084 sffdisk - ok
21:55:48.0495 3084 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:48.0495 3084 sffp_mmc - ok
21:55:49.0697 3084 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:55:49.0697 3084 sffp_sd - ok
21:55:50.0913 3084 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:55:50.0929 3084 sfloppy - ok
21:55:52.0161 3084 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:55:52.0161 3084 sisagp - ok
21:55:53.0425 3084 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:55:53.0425 3084 SiSRaid2 - ok
21:55:54.0626 3084 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:55:54.0626 3084 SiSRaid4 - ok
21:55:55.0905 3084 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
21:55:55.0905 3084 Smb - ok
21:55:57.0138 3084 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
21:55:57.0138 3084 spldr - ok
21:55:58.0370 3084 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
21:55:58.0386 3084 srv - ok
21:55:59.0618 3084 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
21:55:59.0634 3084 srv2 - ok
21:56:00.0882 3084 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
21:56:00.0882 3084 srvnet - ok
21:56:02.0145 3084 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
21:56:02.0145 3084 swenum - ok
21:56:03.0378 3084 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:56:03.0378 3084 Symc8xx - ok
21:56:04.0579 3084 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:56:04.0579 3084 Sym_hi - ok
21:56:05.0780 3084 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:56:05.0796 3084 Sym_u3 - ok
21:56:07.0059 3084 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
21:56:07.0059 3084 SynTP - ok
21:56:08.0323 3084 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
21:56:08.0339 3084 Tcpip - ok
21:56:09.0649 3084 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
21:56:09.0649 3084 Tcpip6 - ok
21:56:10.0850 3084 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
21:56:10.0866 3084 tcpipreg - ok
21:56:12.0083 3084 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:56:12.0083 3084 tdcmdpst - ok
21:56:13.0268 3084 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
21:56:13.0268 3084 TDPIPE - ok
21:56:14.0485 3084 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
21:56:14.0485 3084 TDTCP - ok
21:56:15.0702 3084 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
21:56:15.0702 3084 tdx - ok
21:56:16.0903 3084 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
21:56:16.0903 3084 TermDD - ok
21:56:18.0151 3084 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
21:56:18.0167 3084 tifm21 - ok
21:56:19.0430 3084 Tosrfcom - ok
21:56:20.0616 3084 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:56:20.0631 3084 tos_sps32 - ok
21:56:21.0817 3084 TpChoice - ok
21:56:23.0049 3084 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:56:23.0049 3084 tssecsrv - ok
21:56:24.0251 3084 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
21:56:24.0251 3084 tunmp - ok
21:56:25.0499 3084 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
21:56:25.0499 3084 tunnel - ok
21:56:26.0700 3084 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:56:26.0700 3084 TVALZ - ok
21:56:27.0901 3084 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:56:27.0901 3084 uagp35 - ok
21:56:29.0102 3084 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
21:56:29.0118 3084 udfs - ok
21:56:30.0335 3084 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:56:30.0335 3084 uliagpkx - ok
21:56:31.0536 3084 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:56:31.0551 3084 uliahci - ok
21:56:32.0737 3084 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:56:32.0737 3084 UlSata - ok
21:56:34.0001 3084 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:56:34.0001 3084 ulsata2 - ok
21:56:35.0233 3084 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
21:56:35.0233 3084 umbus - ok
21:56:36.0419 3084 USBAAPL - ok
21:56:37.0682 3084 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
21:56:37.0682 3084 usbccgp - ok
21:56:38.0915 3084 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:56:38.0915 3084 usbcir - ok
21:56:40.0116 3084 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
21:56:40.0116 3084 usbehci - ok
21:56:41.0395 3084 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
21:56:41.0395 3084 usbhub - ok
21:56:42.0612 3084 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
21:56:42.0612 3084 usbohci - ok
21:56:43.0813 3084 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
21:56:43.0829 3084 usbprint - ok
21:56:45.0061 3084 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
21:56:45.0061 3084 usbscan - ok
21:56:46.0278 3084 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:56:46.0278 3084 USBSTOR - ok
21:56:47.0495 3084 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:56:47.0495 3084 usbuhci - ok
21:56:48.0727 3084 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:56:48.0743 3084 vga - ok
21:56:49.0975 3084 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
21:56:49.0975 3084 VgaSave - ok
21:56:51.0176 3084 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:56:51.0176 3084 viaagp - ok
21:56:52.0409 3084 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:56:52.0424 3084 ViaC7 - ok
21:56:53.0625 3084 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:56:53.0625 3084 viaide - ok
21:56:54.0827 3084 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
21:56:54.0827 3084 volmgr - ok
21:56:56.0106 3084 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
21:56:56.0121 3084 volmgrx - ok
21:56:57.0401 3084 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
21:56:57.0416 3084 volsnap - ok
21:56:58.0617 3084 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:56:58.0617 3084 vsmraid - ok
21:56:59.0881 3084 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:56:59.0881 3084 WacomPen - ok
21:57:01.0082 3084 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
21:57:01.0082 3084 Wanarp - ok
21:57:01.0113 3084 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
21:57:01.0113 3084 Wanarpv6 - ok
21:57:02.0330 3084 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:57:02.0330 3084 Wd - ok
21:57:03.0578 3084 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:57:03.0594 3084 Wdf01000 - ok
21:57:04.0889 3084 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:57:04.0889 3084 WmiAcpi - ok
21:57:06.0152 3084 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
21:57:06.0168 3084 ws2ifsl - ok
21:57:07.0416 3084 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:57:07.0416 3084 WUDFRd - ok
21:57:07.0478 3084 MBR (0x1B8) (4c54042f5b2569c9ddcf173120d730f9) \Device\Harddisk0\DR0
21:57:07.0509 3084 \Device\Harddisk0\DR0 - ok
21:57:07.0556 3084 Boot (0x1200) (a90a6cd89f8d9a2b81fbe649eea24076) \Device\Harddisk0\DR0\Partition0
21:57:07.0556 3084 \Device\Harddisk0\DR0\Partition0 - ok
21:57:07.0556 3084 ============================================================
21:57:07.0556 3084 Scan finished
21:57:07.0556 3084 ============================================================
21:57:07.0572 1784 Detected object count: 0
21:57:07.0572 1784 Actual detected object count: 0

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 28 February 2012 - 08:50 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#10 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 February 2012 - 10:59 PM

I was unable to run combofix. I tried it in safemode and it got through checkpoint 50 and did not go any further. It never rebooted my computer. I waited for an hour before restarting.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 29 February 2012 - 09:59 AM

Try again to run ComboFix to completion.
If after 30 minutes no log is generated stop the process.

If you are unable to get a report from ComboFix run this tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#12 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 29 February 2012 - 09:19 PM

Combofix wouldn't work again. Again, I had to try it in safemode and it got to the same checkpoint and froze. After 30 minutes, I stopped it and tried OTL. OTL did not complete it's scan. My computer just shut off for no reason. The power cord is plugged into the computer and the outlet. Battery says fully charged. Although with a Toshiba, that doesn't mean anything, hence the reason I do not run it unplugged. :( I also had to run OTL in safemode--that is where it cut off on me.

I noticed that OTL showed itunes again. I told you I had restored to an earlier point when itunes was not on my computer, as I did not install it to begin with and did not need it. What to do?

UGH!!

I thank you for your help, as I seem to have all the crazy issues and appreciate you helping me.

Edited by frustratedex, 29 February 2012 - 09:20 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 01 March 2012 - 09:48 AM

Lets check which operating files may be damaged.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#14 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 02 March 2012 - 08:00 PM

2012-03-02 19:36:20, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:20, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:26, Info CSI 00000009 [SR] Verify complete
2012-03-02 19:36:27, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:27, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:33, Info CSI 0000000d [SR] Verify complete
2012-03-02 19:36:35, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:35, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:37, Info CSI 00000011 [SR] Verify complete
2012-03-02 19:36:39, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:39, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:42, Info CSI 00000015 [SR] Verify complete
2012-03-02 19:36:45, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:45, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:47, Info CSI 00000019 [SR] Verify complete
2012-03-02 19:36:49, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:49, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:50, Info CSI 0000001d [SR] Verify complete
2012-03-02 19:36:53, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:53, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:54, Info CSI 00000021 [SR] Verify complete
2012-03-02 19:36:56, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:56, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-03-02 19:36:58, Info CSI 00000025 [SR] Verify complete
2012-03-02 19:36:59, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:36:59, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:01, Info CSI 00000029 [SR] Verify complete
2012-03-02 19:37:03, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:03, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:04, Info CSI 0000002d [SR] Verify complete
2012-03-02 19:37:06, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:06, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:08, Info CSI 00000031 [SR] Verify complete
2012-03-02 19:37:09, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:09, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:11, Info CSI 00000035 [SR] Verify complete
2012-03-02 19:37:11, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:11, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:16, Info CSI 00000039 [SR] Verify complete
2012-03-02 19:37:16, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:16, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:21, Info CSI 0000003d [SR] Verify complete
2012-03-02 19:37:22, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:22, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:26, Info CSI 00000042 [SR] Verify complete
2012-03-02 19:37:26, Info CSI 00000043 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:26, Info CSI 00000044 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:31, Info CSI 00000047 [SR] Verify complete
2012-03-02 19:37:31, Info CSI 00000048 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:31, Info CSI 00000049 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:37, Info CSI 0000004b [SR] Verify complete
2012-03-02 19:37:37, Info CSI 0000004c [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:37, Info CSI 0000004d [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:45, Info CSI 00000057 [SR] Verify complete
2012-03-02 19:37:46, Info CSI 00000058 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:46, Info CSI 00000059 [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:50, Info CSI 0000005b [SR] Verify complete
2012-03-02 19:37:50, Info CSI 0000005c [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:50, Info CSI 0000005d [SR] Beginning Verify and Repair transaction
2012-03-02 19:37:55, Info CSI 0000005f [SR] Verify complete
2012-03-02 19:37:56, Info CSI 00000060 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:37:56, Info CSI 00000061 [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:00, Info CSI 00000063 [SR] Verify complete
2012-03-02 19:38:01, Info CSI 00000064 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:01, Info CSI 00000065 [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:10, Info CSI 00000067 [SR] Verify complete
2012-03-02 19:38:10, Info CSI 00000068 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:10, Info CSI 00000069 [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:23, Info CSI 0000006d [SR] Verify complete
2012-03-02 19:38:23, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:23, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:38, Info CSI 00000071 [SR] Verify complete
2012-03-02 19:38:38, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:38, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:47, Info CSI 00000075 [SR] Verify complete
2012-03-02 19:38:48, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:48, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:51, Info CSI 00000079 [SR] Verify complete
2012-03-02 19:38:52, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:52, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:53, Info CSI 0000007d [SR] Verify complete
2012-03-02 19:38:53, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:53, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-03-02 19:38:55, Info CSI 00000081 [SR] Verify complete
2012-03-02 19:38:56, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:38:56, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:06, Info CSI 000000a1 [SR] Verify complete
2012-03-02 19:39:07, Info CSI 000000a2 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:07, Info CSI 000000a3 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:08, Info CSI 000000a5 [SR] Verify complete
2012-03-02 19:39:08, Info CSI 000000a6 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:08, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:11, Info CSI 000000a9 [SR] Verify complete
2012-03-02 19:39:12, Info CSI 000000aa [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:12, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:14, Info CSI 000000ad [SR] Verify complete
2012-03-02 19:39:15, Info CSI 000000ae [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:15, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:22, Info CSI 000000b1 [SR] Verify complete
2012-03-02 19:39:22, Info CSI 000000b2 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:22, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:29, Info CSI 000000b5 [SR] Verify complete
2012-03-02 19:39:30, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:30, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:34, Info CSI 000000b9 [SR] Verify complete
2012-03-02 19:39:35, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:35, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:38, Info CSI 000000bd [SR] Verify complete
2012-03-02 19:39:38, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:38, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:43, Info CSI 000000c1 [SR] Verify complete
2012-03-02 19:39:43, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:43, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-03-02 19:39:52, Info CSI 000000c8 [SR] Verify complete
2012-03-02 19:39:53, Info CSI 000000c9 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:39:53, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2012-03-02 19:40:05, Info CSI 000000ec [SR] Verify complete
2012-03-02 19:40:05, Info CSI 000000ed [SR] Verifying 100 (0x00000064) components
2012-03-02 19:40:05, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2012-03-02 19:40:14, Info CSI 000000f0 [SR] Verify complete
2012-03-02 19:40:15, Info CSI 000000f1 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:40:15, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2012-03-02 19:40:39, Info CSI 000000f4 [SR] Verify complete
2012-03-02 19:40:40, Info CSI 000000f5 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:40:40, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2012-03-02 19:40:51, Info CSI 000000f8 [SR] Verify complete
2012-03-02 19:40:51, Info CSI 000000f9 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:40:51, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2012-03-02 19:40:56, Info CSI 000000fc [SR] Verify complete
2012-03-02 19:40:57, Info CSI 000000fd [SR] Verifying 100 (0x00000064) components
2012-03-02 19:40:57, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:01, Info CSI 00000100 [SR] Verify complete
2012-03-02 19:41:02, Info CSI 00000101 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:02, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:06, Info CSI 00000105 [SR] Verify complete
2012-03-02 19:41:07, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:07, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:21, Info CSI 00000109 [SR] Verify complete
2012-03-02 19:41:21, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:21, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:28, Info CSI 0000010d [SR] Verify complete
2012-03-02 19:41:29, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:29, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:37, Info CSI 00000111 [SR] Verify complete
2012-03-02 19:41:37, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:37, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:46, Info CSI 00000115 [SR] Verify complete
2012-03-02 19:41:47, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:47, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:52, Info CSI 00000119 [SR] Verify complete
2012-03-02 19:41:53, Info CSI 0000011a [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:53, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2012-03-02 19:41:56, Info CSI 0000011d [SR] Verify complete
2012-03-02 19:41:56, Info CSI 0000011e [SR] Verifying 100 (0x00000064) components
2012-03-02 19:41:56, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:02, Info CSI 00000122 [SR] Verify complete
2012-03-02 19:42:03, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:03, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:07, Info CSI 00000126 [SR] Verify complete
2012-03-02 19:42:08, Info CSI 00000127 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:08, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:14, Info CSI 0000012a [SR] Verify complete
2012-03-02 19:42:14, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:14, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:22, Info CSI 0000012e [SR] Verify complete
2012-03-02 19:42:22, Info CSI 0000012f [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:22, Info CSI 00000130 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:29, Info CSI 00000132 [SR] Verify complete
2012-03-02 19:42:30, Info CSI 00000133 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:30, Info CSI 00000134 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:37, Info CSI 00000136 [SR] Verify complete
2012-03-02 19:42:37, Info CSI 00000137 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:37, Info CSI 00000138 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:39, Info CSI 0000013a [SR] Verify complete
2012-03-02 19:42:40, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:40, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:47, Info CSI 0000013e [SR] Verify complete
2012-03-02 19:42:48, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:48, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2012-03-02 19:42:54, Info CSI 00000142 [SR] Verify complete
2012-03-02 19:42:55, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:42:55, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:00, Info CSI 00000146 [SR] Verify complete
2012-03-02 19:43:00, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2012-03-02 19:43:00, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:06, Info CSI 0000014a [SR] Verify complete
2012-03-02 19:43:07, Info CSI 0000014b [SR] Verifying 100 (0x00000064) components
2012-03-02 19:43:07, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:09, Info CSI 0000014e [SR] Verify complete
2012-03-02 19:43:10, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2012-03-02 19:43:10, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:16, Info CSI 00000152 [SR] Verify complete
2012-03-02 19:43:17, Info CSI 00000153 [SR] Verifying 51 (0x00000033) components
2012-03-02 19:43:17, Info CSI 00000154 [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:20, Info CSI 00000156 [SR] Verify complete
2012-03-02 19:43:20, Info CSI 00000157 [SR] Repairing 0 components
2012-03-02 19:43:20, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2012-03-02 19:43:20, Info CSI 0000015a [SR] Repair complete

#15 frustratedex

frustratedex
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 02 March 2012 - 08:02 PM

When I ran the command prompt it said there were files that could not be fixed, but as you can see in the log, I didn't find anything logged.

And surprise, surprise..I couldn't run the cmd prompt unless I was in safemode.

Edited by frustratedex, 02 March 2012 - 08:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users