Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST error on boot


  • This topic is locked This topic is locked
31 replies to this topic

#1 gyrene

gyrene

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 15 March 2012 - 09:09 AM

SVCHOST.exe error on boot up multiple problems with Office and wirless connection

Broni, you were helping me on this in the Am I Infected forum. You told me to run some more diagnostics, post the logs and a link back to the original topic. I don't know how to post a link.

I ran Defogger, DDS, and attempted to run GMER. Logs for Defogger and DDs are below. GMER failed with the message
wvk0dj11.exe has encounterd a probem and needs to close.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:37 on 15/03/2012 (Adjutant)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Oscar at 9:40:01 on 2012-03-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1409 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{5C733176-7093-4F33-B22B-9097C13591D8} : DhcpNameServer = 192.168.15.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: WinCheck - {EAD8F454-EC03-4B47-A5B7-6534DA513FA5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\oscar\application data\mozilla\firefox\profiles\7r1uj7oo.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2011-10-18 22312]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-7 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-12 652360]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [2011-11-18 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-12 20464]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-7-2 20480]
S1 MpKsl2f89bb8d;MpKsl2f89bb8d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14d39907-f7c2-4100-8e15-18875e58deda}\mpksl2f89bb8d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14d39907-f7c2-4100-8e15-18875e58deda}\MpKsl2f89bb8d.sys [?]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-18 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-18 136176]
S4 TuneUp360Mon;TuneUp360Mon;c:\program files\tuneup360\TuneUp360Mon.exe [2011-6-19 153920]
.
=============== Created Last 30 ================
.
2012-03-15 03:42:34 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9488b6f-f979-4739-8d9d-268880ef93ac}\mpengine.dll
2012-03-15 03:41:14 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-03-14 15:42:46 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-13 12:55:00 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-12 21:07:00 -------- d-----w- c:\documents and settings\oscar\application data\Malwarebytes
2012-03-12 21:06:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-12 21:06:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 21:06:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-12 20:24:22 -------- d-----w- c:\program files\Ask.com
2012-03-12 20:24:11 -------- d-----w- c:\documents and settings\oscar\local settings\application data\AskToolbar
2012-03-12 13:10:07 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-12 13:06:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-12 06:52:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-12 06:52:57 -------- d-----w- c:\windows\system32\wbem\repository\export
2012-03-12 06:52:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-15 12:43:01 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 12:43:01 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-03-04 10:42:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 9:46:31.96 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 18 March 2012 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 07:58 AM

Hello nasdaq and thank you for your help.

I ran TDSSKiller. It reported "No Threats Found". I pulled up the log file but am unable to copy it. There is no program option I can see to save it or to copy it. I am able to highlight the entire text but don't get a pull-down menu when I right-click.

The program reports a run duration of 2:58 with 231 objects processed.

I am now starting aswMBR.exe

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 19 March 2012 - 09:03 AM

Please post the aswMBR log and include this one as well.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

#5 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 10:55 AM

mbr.dat zip


Added info...I am not able to boot into safe mode. It simply hangs. Don't know it this is worthwhile info or not.

Attached Files

  • Attached File  MBR.zip   578bytes   1 downloads


#6 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 11:11 AM

I just found the TDSS log at C\
Sorry, my error, I did not read your instructions carefully enough.

ComboFix is still running, will post log when it completes.



08:42:57.0687 2984 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:42:59.0000 2984 ============================================================
08:42:59.0015 2984 Current date / time: 2012/03/19 08:42:59.0000
08:42:59.0015 2984 SystemInfo:
08:42:59.0015 2984
08:42:59.0015 2984 OS Version: 5.1.2600 ServicePack: 3.0
08:42:59.0015 2984 Product type: Workstation
08:42:59.0031 2984 ComputerName: GYRENE
08:42:59.0031 2984 UserName: Oscar
08:42:59.0031 2984 Windows directory: C:\WINDOWS
08:42:59.0031 2984 System windows directory: C:\WINDOWS
08:42:59.0046 2984 Processor architecture: Intel x86
08:42:59.0046 2984 Number of processors: 1
08:42:59.0046 2984 Page size: 0x1000
08:42:59.0046 2984 Boot type: Normal boot
08:42:59.0062 2984 ============================================================
08:43:03.0796 2984 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:43:03.0859 2984 \Device\Harddisk0\DR0:
08:43:03.0984 2984 MBR used
08:43:03.0984 2984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8E31301
08:43:04.0437 2984 Initialize success
08:43:04.0437 2984 ============================================================
08:43:18.0000 3012 ============================================================
08:43:18.0000 3012 Scan started
08:43:18.0000 3012 Mode: Manual;
08:43:18.0000 3012 ============================================================
08:43:19.0296 3012 Abiosdsk - ok
08:43:20.0062 3012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:43:20.0078 3012 abp480n5 - ok
08:43:20.0734 3012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:43:20.0812 3012 ACPI - ok
08:43:21.0500 3012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:43:21.0500 3012 ACPIEC - ok
08:43:22.0234 3012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:43:22.0281 3012 adpu160m - ok
08:43:23.0062 3012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:43:23.0125 3012 aec - ok
08:43:23.0859 3012 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
08:43:23.0875 3012 Afc - ok
08:43:24.0671 3012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:43:24.0703 3012 AFD - ok
08:43:25.0406 3012 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:43:25.0484 3012 agp440 - ok
08:43:26.0187 3012 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:43:26.0265 3012 agpCPQ - ok
08:43:27.0000 3012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:43:27.0015 3012 Aha154x - ok
08:43:27.0875 3012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:43:27.0890 3012 aic78u2 - ok
08:43:28.0640 3012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:43:28.0671 3012 aic78xx - ok
08:43:29.0390 3012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:43:29.0390 3012 AliIde - ok
08:43:30.0140 3012 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:43:30.0156 3012 alim1541 - ok
08:43:30.0890 3012 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:43:30.0921 3012 amdagp - ok
08:43:31.0593 3012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
08:43:31.0609 3012 amsint - ok
08:43:32.0328 3012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
08:43:32.0343 3012 asc - ok
08:43:33.0109 3012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:43:33.0125 3012 asc3350p - ok
08:43:33.0796 3012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:43:33.0796 3012 asc3550 - ok
08:43:34.0515 3012 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
08:43:34.0546 3012 ASCTRM - ok
08:43:35.0328 3012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:43:35.0328 3012 AsyncMac - ok
08:43:36.0156 3012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:43:36.0156 3012 atapi - ok
08:43:36.0687 3012 Atdisk - ok
08:43:37.0468 3012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:43:37.0484 3012 Atmarpc - ok
08:43:38.0328 3012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:43:38.0328 3012 audstub - ok
08:43:38.0953 3012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:43:38.0953 3012 Beep - ok
08:43:39.0578 3012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:43:39.0578 3012 cbidf - ok
08:43:40.0140 3012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:43:40.0140 3012 cbidf2k - ok
08:43:40.0828 3012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:43:40.0828 3012 CCDECODE - ok
08:43:41.0515 3012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:43:41.0515 3012 cd20xrnt - ok
08:43:42.0250 3012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:43:42.0265 3012 Cdaudio - ok
08:43:43.0093 3012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:43:43.0109 3012 Cdfs - ok
08:43:43.0921 3012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:43:43.0953 3012 Cdrom - ok
08:43:44.0703 3012 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
08:43:44.0781 3012 cercsr6 - ok
08:43:45.0296 3012 Changer - ok
08:43:46.0062 3012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:43:46.0062 3012 CmdIde - ok
08:43:46.0781 3012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:43:46.0796 3012 Cpqarray - ok
08:43:47.0531 3012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:43:47.0609 3012 dac2w2k - ok
08:43:48.0296 3012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:43:48.0312 3012 dac960nt - ok
08:43:49.0046 3012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:43:49.0062 3012 Disk - ok
08:43:49.0734 3012 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
08:43:49.0750 3012 DLABMFSM - ok
08:43:50.0484 3012 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:43:50.0500 3012 DLABOIOM - ok
08:43:51.0234 3012 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:43:51.0234 3012 DLACDBHM - ok
08:43:51.0921 3012 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
08:43:51.0937 3012 DLADResM - ok
08:43:52.0578 3012 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:43:52.0625 3012 DLAIFS_M - ok
08:43:53.0359 3012 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:43:53.0375 3012 DLAOPIOM - ok
08:43:54.0093 3012 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:43:54.0109 3012 DLAPoolM - ok
08:43:54.0921 3012 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
08:43:54.0937 3012 DLARTL_M - ok
08:43:55.0687 3012 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:43:55.0718 3012 DLAUDFAM - ok
08:43:56.0421 3012 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:43:56.0468 3012 DLAUDF_M - ok
08:43:57.0468 3012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:43:57.0812 3012 dmboot - ok
08:43:58.0593 3012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:43:58.0656 3012 dmio - ok
08:43:59.0187 3012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:43:59.0187 3012 dmload - ok
08:43:59.0796 3012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:43:59.0812 3012 DMusic - ok
08:44:00.0437 3012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:44:00.0453 3012 dpti2o - ok
08:44:01.0015 3012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:44:01.0015 3012 drmkaud - ok
08:44:01.0671 3012 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:44:01.0703 3012 DRVMCDB - ok
08:44:02.0421 3012 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:44:02.0437 3012 DRVNDDM - ok
08:44:02.0843 3012 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
08:44:02.0843 3012 DSproct - ok
08:44:03.0593 3012 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
08:44:03.0609 3012 dsunidrv - ok
08:44:04.0453 3012 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:44:04.0500 3012 E100B - ok
08:44:05.0296 3012 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\rsdrv.sys
08:44:05.0328 3012 ElRawDisk - ok
08:44:06.0125 3012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:44:06.0187 3012 Fastfat - ok
08:44:06.0968 3012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:44:06.0984 3012 Fdc - ok
08:44:07.0843 3012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:44:07.0859 3012 Fips - ok
08:44:08.0656 3012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:44:08.0671 3012 Flpydisk - ok
08:44:09.0500 3012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:44:09.0546 3012 FltMgr - ok
08:44:10.0312 3012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:44:10.0328 3012 Fs_Rec - ok
08:44:11.0109 3012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:44:11.0156 3012 Ftdisk - ok
08:44:11.0921 3012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:44:11.0937 3012 GEARAspiWDM - ok
08:44:12.0750 3012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:44:12.0765 3012 Gpc - ok
08:44:13.0515 3012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:44:13.0593 3012 HidUsb - ok
08:44:14.0140 3012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
08:44:14.0156 3012 hpn - ok
08:44:14.0828 3012 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:44:14.0843 3012 HPZid412 - ok
08:44:15.0656 3012 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:44:15.0656 3012 HPZipr12 - ok
08:44:16.0296 3012 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:44:16.0312 3012 HPZius12 - ok
08:44:16.0890 3012 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:44:16.0968 3012 HSFHWBS2 - ok
08:44:18.0062 3012 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:44:18.0515 3012 HSF_DP - ok
08:44:19.0250 3012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:44:19.0328 3012 HTTP - ok
08:44:19.0937 3012 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:44:19.0937 3012 i2omgmt - ok
08:44:20.0546 3012 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:44:20.0562 3012 i2omp - ok
08:44:21.0187 3012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:44:21.0203 3012 i8042prt - ok
08:44:22.0031 3012 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:44:22.0359 3012 ialm - ok
08:44:22.0937 3012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:44:22.0953 3012 Imapi - ok
08:44:23.0718 3012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:44:23.0734 3012 ini910u - ok
08:44:24.0484 3012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:44:24.0484 3012 IntelIde - ok
08:44:25.0296 3012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:44:25.0312 3012 intelppm - ok
08:44:26.0031 3012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:44:26.0046 3012 Ip6Fw - ok
08:44:26.0796 3012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:44:26.0812 3012 IpFilterDriver - ok
08:44:27.0484 3012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:44:27.0500 3012 IpInIp - ok
08:44:28.0328 3012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:44:28.0375 3012 IpNat - ok
08:44:29.0203 3012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:44:29.0234 3012 IPSec - ok
08:44:29.0968 3012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:44:29.0984 3012 IRENUM - ok
08:44:30.0734 3012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:44:30.0750 3012 isapnp - ok
08:44:31.0546 3012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:44:31.0546 3012 Kbdclass - ok
08:44:32.0343 3012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:44:32.0343 3012 kbdhid - ok
08:44:33.0203 3012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:44:33.0203 3012 kmixer - ok
08:44:33.0937 3012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:44:33.0984 3012 KSecDD - ok
08:44:34.0640 3012 lbrtfdc - ok
08:44:35.0843 3012 Linksys_adapter_H (bcdf72dce41874b3ad9143d537b493b2) C:\WINDOWS\system32\DRIVERS\AE1200xp.sys
08:44:36.0312 3012 Linksys_adapter_H - ok
08:44:36.0937 3012 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
08:44:36.0937 3012 mbamchameleon - ok
08:44:37.0578 3012 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:44:37.0593 3012 MBAMProtector - ok
08:44:38.0390 3012 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:44:38.0390 3012 mdmxsdk - ok
08:44:39.0046 3012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:44:39.0046 3012 mnmdd - ok
08:44:39.0734 3012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:44:39.0750 3012 Modem - ok
08:44:40.0406 3012 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:44:40.0421 3012 MODEMCSA - ok
08:44:40.0953 3012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:44:40.0968 3012 Mouclass - ok
08:44:41.0671 3012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:44:41.0671 3012 mouhid - ok
08:44:42.0421 3012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:44:42.0437 3012 MountMgr - ok
08:44:43.0296 3012 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:44:43.0359 3012 MpFilter - ok
08:44:43.0828 3012 MpKsl12b6d875 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE972BF4-4536-4B81-B647-7352CD9D8618}\MpKsl12b6d875.sys
08:44:43.0828 3012 MpKsl12b6d875 - ok
08:44:44.0546 3012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:44:44.0546 3012 mraid35x - ok
08:44:45.0296 3012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:44:45.0359 3012 MRxDAV - ok
08:44:46.0296 3012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:44:46.0468 3012 MRxSmb - ok
08:44:47.0250 3012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:44:47.0265 3012 Msfs - ok
08:44:48.0000 3012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:44:48.0062 3012 MSKSSRV - ok
08:44:48.0765 3012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:44:48.0828 3012 MSPCLOCK - ok
08:44:49.0484 3012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:44:49.0546 3012 MSPQM - ok
08:44:50.0265 3012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:44:50.0281 3012 mssmbios - ok
08:44:51.0031 3012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:44:51.0031 3012 MSTEE - ok
08:44:51.0781 3012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:44:51.0828 3012 Mup - ok
08:44:52.0593 3012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:44:52.0625 3012 NABTSFEC - ok
08:44:53.0453 3012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:44:53.0515 3012 NDIS - ok
08:44:54.0250 3012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:44:54.0250 3012 NdisIP - ok
08:44:54.0984 3012 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
08:44:55.0031 3012 ndisrd - ok
08:44:55.0687 3012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:44:55.0687 3012 NdisTapi - ok
08:44:56.0421 3012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:44:56.0437 3012 Ndisuio - ok
08:44:57.0328 3012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:44:57.0359 3012 NdisWan - ok
08:44:58.0187 3012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:44:58.0187 3012 NDProxy - ok
08:44:59.0000 3012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:44:59.0015 3012 NetBIOS - ok
08:44:59.0859 3012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:44:59.0921 3012 NetBT - ok
08:45:00.0734 3012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:45:00.0765 3012 Npfs - ok
08:45:01.0781 3012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:45:02.0000 3012 Ntfs - ok
08:45:02.0812 3012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:45:02.0812 3012 Null - ok
08:45:04.0390 3012 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:45:05.0234 3012 nv - ok
08:45:05.0984 3012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:45:05.0984 3012 NwlnkFlt - ok
08:45:06.0671 3012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:45:06.0687 3012 NwlnkFwd - ok
08:45:07.0515 3012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:45:07.0546 3012 Parport - ok
08:45:08.0375 3012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:45:08.0375 3012 PartMgr - ok
08:45:09.0093 3012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:45:09.0109 3012 ParVdm - ok
08:45:09.0875 3012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:45:09.0906 3012 PCI - ok
08:45:10.0531 3012 PCIDump - ok
08:45:11.0296 3012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:45:11.0296 3012 PCIIde - ok
08:45:12.0062 3012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:45:12.0109 3012 Pcmcia - ok
08:45:12.0718 3012 PDCOMP - ok
08:45:13.0296 3012 PDFRAME - ok
08:45:13.0968 3012 PDRELI - ok
08:45:14.0625 3012 PDRFRAME - ok
08:45:15.0468 3012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
08:45:15.0484 3012 perc2 - ok
08:45:16.0171 3012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:45:16.0187 3012 perc2hib - ok
08:45:16.0921 3012 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
08:45:16.0953 3012 pfc - ok
08:45:17.0734 3012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:45:17.0750 3012 PptpMiniport - ok
08:45:18.0609 3012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:45:18.0640 3012 PSched - ok
08:45:19.0421 3012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:45:19.0437 3012 Ptilink - ok
08:45:20.0234 3012 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:45:20.0250 3012 PxHelp20 - ok
08:45:21.0062 3012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:45:21.0078 3012 ql1080 - ok
08:45:21.0875 3012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:45:21.0890 3012 Ql10wnt - ok
08:45:22.0703 3012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:45:22.0718 3012 ql12160 - ok
08:45:23.0500 3012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:45:23.0515 3012 ql1240 - ok
08:45:24.0312 3012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:45:24.0328 3012 ql1280 - ok
08:45:25.0125 3012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:45:25.0125 3012 RasAcd - ok
08:45:25.0953 3012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:45:25.0968 3012 Rasl2tp - ok
08:45:26.0781 3012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:45:26.0796 3012 RasPppoe - ok
08:45:27.0562 3012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:45:27.0578 3012 Raspti - ok
08:45:28.0421 3012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:45:28.0484 3012 Rdbss - ok
08:45:29.0265 3012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:45:29.0265 3012 RDPCDD - ok
08:45:30.0125 3012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:45:30.0203 3012 rdpdr - ok
08:45:31.0031 3012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:45:31.0078 3012 RDPWD - ok
08:45:31.0812 3012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:45:31.0843 3012 redbook - ok
08:45:32.0078 3012 SABProcEnum - ok
08:45:32.0453 3012 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:45:32.0453 3012 SASDIFSV - ok
08:45:32.0796 3012 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
08:45:32.0796 3012 SASENUM - ok
08:45:33.0109 3012 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
08:45:33.0125 3012 SASKUTIL - ok
08:45:33.0906 3012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:45:33.0921 3012 Secdrv - ok
08:45:34.0921 3012 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
08:45:35.0296 3012 senfilt - ok
08:45:36.0093 3012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:45:36.0109 3012 serenum - ok
08:45:36.0937 3012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:45:36.0968 3012 Serial - ok
08:45:37.0640 3012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:45:37.0640 3012 Sfloppy - ok
08:45:38.0109 3012 Simbad - ok
08:45:38.0703 3012 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:45:38.0718 3012 sisagp - ok
08:45:39.0468 3012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:45:39.0468 3012 SLIP - ok
08:45:40.0109 3012 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
08:45:40.0109 3012 smwdm - ok
08:45:40.0718 3012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:45:40.0718 3012 Sparrow - ok
08:45:41.0484 3012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:45:41.0484 3012 splitter - ok
08:45:42.0296 3012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:45:42.0312 3012 sr - ok
08:45:43.0234 3012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:45:43.0468 3012 Srv - ok
08:45:44.0296 3012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:45:44.0296 3012 streamip - ok
08:45:45.0046 3012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:45:45.0062 3012 swenum - ok
08:45:45.0718 3012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:45:45.0718 3012 swmidi - ok
08:45:46.0500 3012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
08:45:46.0515 3012 symc810 - ok
08:45:47.0312 3012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:45:47.0328 3012 symc8xx - ok
08:45:48.0125 3012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:45:48.0140 3012 sym_hi - ok
08:45:48.0953 3012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:45:48.0953 3012 sym_u3 - ok
08:45:49.0765 3012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:45:49.0796 3012 sysaudio - ok
08:45:50.0671 3012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:45:50.0781 3012 Tcpip - ok
08:45:51.0593 3012 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
08:45:51.0656 3012 Tcpip6 - ok
08:45:52.0437 3012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:45:52.0453 3012 TDPIPE - ok
08:45:53.0234 3012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:45:53.0250 3012 TDTCP - ok
08:45:54.0078 3012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:45:54.0093 3012 TermDD - ok
08:45:54.0875 3012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
08:45:54.0875 3012 TosIde - ok
08:45:55.0687 3012 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
08:45:55.0687 3012 tunmp - ok
08:45:56.0421 3012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:45:56.0453 3012 Udfs - ok
08:45:57.0125 3012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
08:45:57.0140 3012 ultra - ok
08:45:58.0031 3012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:45:58.0250 3012 Update - ok
08:45:58.0734 3012 USBAAPL - ok
08:45:59.0312 3012 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:45:59.0343 3012 usbaudio - ok
08:45:59.0828 3012 usbbus - ok
08:46:00.0437 3012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:46:00.0453 3012 usbccgp - ok
08:46:00.0921 3012 UsbDiag - ok
08:46:01.0640 3012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:46:01.0656 3012 usbehci - ok
08:46:02.0218 3012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:46:02.0250 3012 usbhub - ok
08:46:02.0734 3012 USBModem - ok
08:46:03.0546 3012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:46:03.0562 3012 usbprint - ok
08:46:04.0375 3012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:46:04.0390 3012 usbscan - ok
08:46:05.0171 3012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:46:05.0187 3012 USBSTOR - ok
08:46:06.0000 3012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:46:06.0015 3012 usbuhci - ok
08:46:06.0796 3012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:46:06.0812 3012 VgaSave - ok
08:46:07.0562 3012 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:46:07.0578 3012 viaagp - ok
08:46:08.0265 3012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:46:08.0265 3012 ViaIde - ok
08:46:09.0031 3012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:46:09.0078 3012 VolSnap - ok
08:46:09.0875 3012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:46:09.0890 3012 Wanarp - ok
08:46:10.0468 3012 WDICA - ok
08:46:11.0343 3012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:46:11.0375 3012 wdmaud - ok
08:46:12.0375 3012 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:46:12.0640 3012 winachsf - ok
08:46:13.0515 3012 WinDriver6 (6cb18d5c6f952ffefca4c3d904956fe1) C:\WINDOWS\system32\drivers\windrvr6.sys
08:46:13.0765 3012 WinDriver6 - ok
08:46:14.0578 3012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:46:14.0578 3012 WSTCODEC - ok
08:46:15.0296 3012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:46:15.0328 3012 WudfPf - ok
08:46:16.0015 3012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:46:16.0046 3012 WudfRd - ok
08:46:16.0140 3012 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
08:46:16.0218 3012 \Device\Harddisk0\DR0 - ok
08:46:16.0296 3012 Boot (0x1200) (05b5dbdd04cf1c1ff63d5cf40336ec1f) \Device\Harddisk0\DR0\Partition0
08:46:16.0296 3012 \Device\Harddisk0\DR0\Partition0 - ok
08:46:16.0296 3012 ============================================================
08:46:16.0296 3012 Scan finished
08:46:16.0296 3012 ============================================================
08:46:16.0312 3552 Detected object count: 0
08:46:16.0312 3552 Actual detected object count: 0
08:55:49.0359 0212 Deinitialize success

#7 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 12:57 PM

Combofix log file attached.

We do have progress, I can enable the firewall for the first time in weeks. Something good is happening I think.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 19 March 2012 - 01:17 PM

Try this to restore you Safe Mode.

; Save this text in bold as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"


; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

Delete the Fix.reg file when done.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problems persists.

#9 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 03:55 PM

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Professional
TuneUp360
CCleaner
Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 11.1.102.62
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#10 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 19 March 2012 - 09:18 PM

OK, things are even worse than before.

I am still losing my wireless internet connection after about 20 minutes.

I still cannot shut down or restart. The computer hangs at the "Windows is Shutting Down" screen, no matter how long I wait. The only way I can get past it is to power down.

New is that upon bringing the computer back up CHKDSK runs with the message that the Volume is Dirty. This has happened three times in a row.

I don’t know if I can boot to safe mode because CHKDSK grabs control before I have a chance to try.

Once CHKDSK finishes the computer takes almost 10 more minutes to reboot and I still get the SVCHOST.EXE Application Error message, memory could not be read.

I am wondering: You told me to save and run

[-HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

I did that. Is the "-" before HKEY in the first line a typo? If so, might this be part of my current problem?

Thanks for your patience and assistance. I continue to appreciate your advice.

Nope, still cannot boot to safe mode.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 20 March 2012 - 01:34 PM

I am wondering: You told me to save and run

[-HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

I did that. Is the "-" before HKEY in the first line a typo? If so, might this be part of my current problem?


The fix is correct. The first line removes the key and the next one creates what is the default.
===

Open the dos box and
Run CHKDSK /r a space is required after chkdsk (space) /r

It may take sometimes to complete.
===

Delete these old versions on Java using the Add/Remove Programs list.
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java 2 Runtime Environment, SE v1.4.2_03


We will deal with the rest when the computer is more stable.
===

Close all running programs, windows before shutting down. An application may be the cause of this issue.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#12 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 21 March 2012 - 12:23 PM

OK, done. Chkdsk /r ran almost 9 hours. After it finished I deleted the JAVA versions and am about to reboot. At this point reboot is taking about 20 minutes (before the "activity" light goes off, and then the logon is taking another 10-15. But on the plus side I am not getting the SVCHOST error message or WIN32 error message at logon...hope that holds.

Thank you for your help I am about to reboot, last time I did it was almost 30 minutes from the Windows is Shutting Down screen until it finally started the boot process. Once the reboot completed (activity light went off) it was another 10 minutes "loading your personal settings"

Thanks for the explaination on the registry entry.

Gyrene

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 22 March 2012 - 07:54 AM

Download ATF Cleaner by Atribune from here hereand save it to your Desktop.
Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

* The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.
===

Time to get the latest version of Java.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26


===

Keep me posted.

#14 gyrene

gyrene
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 22 March 2012 - 12:44 PM

Status:

Nothing much has changed. I followed and did everything. The original problems are still there.

A question, MS Searchindexer etc….How the heck do I kill this, it seems to be a hog, I don’t want it, but I can’t seem to prevent it from starting. Once I do kill it in Task Manager my system begins to respond, but while it is running I have almost no control at all.

I am still having the original problems:

1- rebooting the system takes about half an hour sitting at the Windows is Shutting Down display.

2- upon rebooting I get SVCHST.EXE application error or Generic Host process for WIN32 Services encountered a problem. Sometimes both. Either way, 3 out of 4 times I lose my internet wireless connection within 20 minutes of logging on.

3- If I do not wait half an hour for windows to shut down, decide to power off the computer, most of the time I end up having to sit through CHKDSK on the reboot. I did run CHKDSK /r. That was nice, it took 9 hours to complete but the next time I rebooted it came up in only a couple minutes.

And sometimes it boots up fine, no error message, everything is stable, applications load without hanging. This is a Dell computer. I have run all the Dell diagnostics on hardware, all came back showing no problems.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 23 March 2012 - 07:52 AM

A question, MS Searchindexer etc….How the heck do I kill this, it seems to be a hog, I don’t want it, but I can’t seem to prevent it from starting. Once I do kill it in Task Manager my system begins to respond, but while it is running I have almost no control at all.


The issue is covered here.

http://www.howtogeek.com/howto/28450/what-is-searchindexer.exe-and-why-is-it-running/

Try some of the suggestion.
Maybe indexing only the things you used on a daily basis

As a last resort you may have to remove it after considering that it's nor recommended.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users